GSO ISO/IEC 27099:2024

Gulf Standard   Current Edition
· Approved on 31 January 2024 ·

Information technology — Public key infrastructure — Practices and policy framework

Information Sector
IT Security
Including encryption

GSO ISO/IEC 27099:2024 Files

Continue Shopping  

GSO ISO/IEC 27099:2024 Scope

This document sets out a framework of requirements to manage information security for Public key infrastructure (PKI) trust service providers through certificate policies, certificate practice statements, and, where applicable, their internal underpinning by an information security management system (ISMS). The framework of requirements includes the assessment and treatment of information security risks, tailored to meet the agreed service requirements of its users as specified through the certificate policy. This document is also intended to help trust service providers to support multiple certificate policies.

This document addresses the life cycle of public key certificates that are used for digital signatures, authentication, or key establishment for data encryption. It does not address authentication methods, non-repudiation requirements, or key management protocols based on the use of public key certificates. For the purposes of this document, the term “certificate” refers to public key certificates. This document is not applicable to attribute certificates.

This document uses concepts and requirements of an ISMS as defined in the ISO/IEC 27000 family of standards. It uses the code of practice for information security controls as defined in ISO/IEC 27002. Specific PKI requirements (e.g. certificate content, identity proofing, certificate revocation handling) are not addressed directly by an ISMS such as defined by ISO/IEC 27001 [26].

The use of an ISMS or equivalent is adapted to the application of PKI service requirements specified in the certificate policy as described in this document.

A PKI trust service provider is a special class of trust service for the use of public key certificates.

This document draws a distinction between PKI systems used in closed, open and contractual environments. This document is intended to facilitate the implementation of operational, baseline controls and practices in a contractual environment. While the focus of this document is on the contractual environment, application of this document to open or closed environments is not specifically precluded.

Best Sellers From Information Sector

GSO ISO/TR 18492:2017
ISO/TR 18492:2005 
Gulf Standard
Long-term preservation of electronic document-based information
  Quick View
More Details 
GSO ISO 16175-2:2013
ISO 16175-2:2011 
Gulf Standard
Information and documentation -- Principles and functional requirements for records in electronic office environments -- Part 2: Guidelines and functional requirements for digital records management systems
  Quick View
More Details 
GSO ISO/TR 13028:2013
ISO/TR 13028:2010 
Gulf Standard
Information and documentation - Implementation guidelines for digitization of records
  Quick View
More Details 
GSO ISO 18513:2016
ISO 18513:2003 
Gulf Standard
Tourism services -- Hotels and other types of tourism accommodation -- Terminology
  Quick View
More Details 
View All  

Recently Published from Information Sector

GSO ISO/IEC 23053:2024
ISO/IEC 23053:2022 
Gulf Standard
Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML)
  Quick View
More Details 
GSO ISO/TS 23635:2024
ISO/TS 23635:2022 
Gulf Standard
Blockchain and distributed ledger technologies — Guidelines for governance
  Quick View
More Details 
GSO ISO/IEC 30169:2024
ISO/IEC 30169:2022 
Gulf Standard
Internet of Things (IoT) — IoT applications for electronic label system (ELS)
  Quick View
More Details 
GSO ISO/IEC TR 24372:2024
ISO/IEC TR 24372:2021 
Gulf Standard
Information technology — Artificial intelligence (AI) — Overview of computational approaches for AI systems
  Quick View
More Details 
View All