ISO27k-aligned security awareness service
ISO/IEC 27099
Creative security awareness materials

Creative security awareness materials for your ISMS

Copyright © 2018 IsecT Ltd.

ISO/IEC 27099 — Information technology — Security techniques — Public key infrastructure Practices and policy framework [draft] June


The standard will identify requirements to manage information security for PKI Trust Service Providers (essentially, Certification Authorities) through Certificate Policies, Certificate Practice Statements and (if applicable) ISMSs, according to the information risks.

Scope of the standard

The standard will support the full lifecycle of public key certificates used for digital signatures, authentication and encryption.

It will not address authentication methods, non-repudiation or key management protocols, not attribute certificates. 

It will distinguish PKI systems used in closed, open and contractual environments.

Content of the standard



June update Status: the standards project started in June 2018.  It is unlikely to be published before 2021.


Personal notes



< Previous standard      ^ Up a level ^      Next standard >