ISO/IEC 27099 — Information technology — Security techniques — Public key infrastructure — Practices and policy framework [draft]
The standard will identify requirements to manage information security for PKI Trust Service Providers (essentially, Certification Authorities) through Certificate Policies, Certificate Practice Statements and (if applicable) ISMSs, according to the information risks.
Scope of the standard
The standard will support the full lifecycle of public key certificates used for digital signatures, authentication and encryption.
It will not address authentication methods, non-repudiation or key management protocols, not attribute certificates.
It will distinguish PKI systems used in closed, open and contractual environments.
Content of the standard
Status: the standards project started in June 2018. It is unlikely to be published before 2021.
< Previous standard ^ Up a level ^ Next standard >