European and international standards for Cybersecurity

European and International standards are being developed in the field of Cybersecurity. Some of these standards may support the implementation of the EU Cybersecurity Act even if, for the time being, there is no explicit relation or citation in the EU Official Journal for these standards.

Follow up the ISO/IEC standards and CEN/CENELEC EN standards for cybersecurity at Genorma.com (https://genorma.com/en/topic/show/135)

The following standards can be identified

Requirements for the competence of IT security testing and evaluation laboratories:https://genorma.com/en/topic/show/135/related-standards/1

EN ISO/IEC 17025:2017 General requirements for the competence of testing and calibration laboratories (ISO/IEC 17025:2017)

EN ISO/IEC 17065:2012 Conformity assessment - Requirements for bodies certifying products, processes and services (ISO/IEC 17065:2012)

ISO/IEC TS 23532-1:2021 Information security, cybersecurity and privacy protection — Requirements for the competence of IT security testing and evaluation laboratories — Part 1: Evaluation for ISO/IEC 15408

ISO/IEC TS 23532-2:2021 Information security, cybersecurity and privacy protection — Requirements for the competence of IT security testing and evaluation laboratories — Part 2: Testing for ISO/IEC 19790

Evaluation criteria for IT security:https://genorma.com/en/topic/show/135/related-standards/4

EN ISO/IEC 18045:2023 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Methodology for IT security evaluation (ISO/IEC 18045:2022)

EN ISO/IEC 15408-1:2023 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2022)

EN ISO/IEC 15408-2:2023 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components (ISO/IEC 15408-2:2022)

EN ISO/IEC 15408-3:2023 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC 15408-3:2022)

EN ISO/IEC 15408-4:2023 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 4: Framework for the specification of evaluation methods and activities (ISO/IEC 15408-4:2022)

EN ISO/IEC 15408-5:2023 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 5: Pre-defined packages of security requirements (ISO/IEC 15408-5:2022)

ISO/IEC TS 9569:2023 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Patch Management Extension for the ISO/IEC 15408 series and ISO/IEC 18045

ISO/IEC TR 27103:2018 Information technology — Security techniques — Cybersecurity and ISO and IEC Standards

ISO/IEC TR 22216:2022 Information security, cybersecurity and privacy protection — New concepts and changes in ISO/IEC 15408:2022 and ISO/IEC 18045:2022

ISO/IEC TR 24485:2022 Information security, cybersecurity and privacy protection — Security techniques — Security properties and best practices for test and evaluation of white box cryptography

ISO/IEC 29128-1:2023 Information security, cybersecurity and privacy protection — Verification of cryptographic protocols — Part 1: Framework

EN 17640:2022 Fixed-time cybersecurity evaluation methodology for ICT products

EN 17927:2023 Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.

Supporting management systems and other:

EN ISO/IEC 27001:2023 Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)

EN ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection - Information security controls (ISO/IEC 27002:2022)

EN ISO/IEC 27007:2022 Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)

ISO/IEC TS 27100:2020 Information technology — Cybersecurity — Overview and concepts

ISO/IEC TS 27110:2021 Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines

ISO/IEC 27013:2021 Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

ISO/IEC 27014:2020 Information security, cybersecurity and privacy protection — Governance of information security

ISO/IEC TR 5895:2022 Cybersecurity — Multi-party coordinated vulnerability disclosure and handling

ISO/IEC TR 6114:2023 Cybersecurity — Security considerations throughout the product life cycle

Privacy:

ISO/IEC 27551:2021 Information security, cybersecurity and privacy protection — Requirements for attribute-based unlinkable entity authentication

ISO/IEC 27553-1:2022 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices — Part 1: Local modes

ISO/IEC 27555:2021 Information security, cybersecurity and privacy protection — Guidelines on personally identifiable information deletion

ISO/IEC 27556:2022 Information security, cybersecurity and privacy protection — User-centric privacy preferences management framework

ISO/IEC 27557:2022 Information security, cybersecurity and privacy protection — Application of ISO 31000:2018 for organizational privacy risk management

ISO/IEC 27559:2022 Information security, cybersecurity and privacy protection – Privacy enhancing data de-identification framework

IoT security and privacy:

EN 17927:2023 Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.

ISO/IEC 27032:2023 Cybersecurity — Guidelines for Internet security

ISO/IEC 27400:2022 Cybersecurity — IoT security and privacy — Guidelines

ISO/IEC 27402:2023 Cybersecurity — IoT security and privacy — Device baseline requirements

ISO/IEC 27071:2023 Cybersecurity — Security recommendations for establishing trusted connections between devices and services

ISO/IEC 27400:2022 Cybersecurity — IoT security and privacy — Guidelines

ISO/IEC 27402:2023 Cybersecurity — IoT security and privacy — Device baseline requirements

Supplier relationship:

ISO/IEC 27036-1:2021 Cybersecurity — Supplier relationships — Part 1: Overview and concepts

ISO/IEC 27036-2:2022 Cybersecurity — Supplier relationships — Part 2: Requirements

ISO/IEC 27036-3:2023 Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security

SECTOR SPECIFIC APPLICATIONS

Health informatics cybersecurity:

EN ISO/IEEE 11073-40101:2022 Health informatics - Device interoperability - Part 40101: Foundational - Cybersecurity - Processes for vulnerability assessment (ISO/IEEE 11073-40101:2022)

EN ISO/IEEE 11073-40102:2022 Health informatics - Device interoperability - Part 40102: Foundational - Cybersecurity - Capabilities for mitigation (ISO/IEEE 11073-40102:2022)

Road vehicles:

ISO/PAS 5112:2022 Road vehicles — Guidelines for auditing cybersecurity engineering

ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering

ISO/TR 4804:2020 Road vehicles — Safety and cybersecurity for automated driving systems — Design, verification and validation

Railway applications:

CLC/TS 50701:2023 Railway applications - Cybersecurity

Maritime navigation and radiocommunication equipment:

EN IEC 63154:2021 Maritime navigation and radiocommunication equipment and systems - Cybersecurity - General requirements, methods of testing and required test results

Nuclear applications:

EN IEC 62645:2020 Nuclear power plants - Instrumentation, control and electrical power systems - Cybersecurity requirements

EN IEC 62859:2020 Nuclear power plants - Instrumentation and control systems - Requirements for coordinating safety and cybersecurity

IEC 62859:2016/AMD1:2019 ED1 Amendment 1 - Nuclear power plants - Instrumentation and control systems - Requirements for coordinating safety and cybersecurity

Follow up the ISO/IEC standards and CEN/CENELEC EN standards for cybersecurity at Genorma.com (https://genorma.com/en/topic/show/135)

More information following specific links below:

Related standards or drafts

• Cybersecurity
• Requirements for the competence of it security testing and evaluation laboratories
• Information security, cybersecurity and privacy protection
• Evaluation criteria for it security
• Security techniques
• Iot security and privacy
• Information security management systems
• New concepts and changes in iso/iec 15408:2022 and iso/iec 18045:2022
• Guidelines for information security management systems auditing
• Verification of cryptographic protocols
• Fixed-time cybersecurity evaluation methodology for ict products
• Security evaluation standard for iot platforms
• Supplier relationships
• Health informatics - device interoperability
• Road vehicles — guidelines for auditing cybersecurity engineering
• Road vehicles — cybersecurity engineering
• Road vehicles — safety and cybersecurity for automated driving systems
• Railway applications - cybersecurity
• Maritime navigation and radiocommunication equipment and systems - cybersecurity
• Nuclear power plants - instrumentation, control and electrical power systems - cybersecurity requirements
• Nuclear power plants - instrumentation and control systems - requirements for coordinating safety and cybersecurity