ISO/IEC 29146 has just been released. Titled “Information technology – Security techniques – A framework for access management,” it’s another in the on-going JTC 1 (Joint Technical Committee 1) publications on information technology (IT) security. It’s used along with identity management to protect your organization from unauthorized access to your information resources.
You’re well versed in the IT security risk-based approach to managing security concerns. You’ll use several security techniques in order to enforce the rules and policies you rely on to mitigate these challenges. Right at the top of the list is access management. How do you correctly identify both humans and machines that have the right to access you information resources? After all, your information set may be distributed over a number of networks — both internal to your organization and external via internet access. How can your protocols be standardized in this widespread environment?
ISO/IEC 29146 addresses the access management side of this problem. ISO/IEC 24760 addresses the identity management component. Together you’ll use them to define and establish your framework for the secure management of the use of your information assets.
The new standard provides you with an overview of the concepts you’ll want to be familiar with prior to setting up your system. It then reviews the reference architecture used. This includes the various components of an access management system — authentication endpoint, policy decision point, policy information point, and so on. Additional requirements and concerns are also covered. This includes various models and policy issues you may face, as well as regulatory requirements.
Clause 8 of the standard is titled “Practice.” This section covers the actual processes involved in authorization and setting up privileges. Treats are considered, as well as possible control objectives. Methodologies for validation are included. An informative Annex A provides you with a review of current access models. A 17-item bibliography completes the 42 page publication.
ISO/IEC 29146 can offer your organization a framework for your access control system. It describes the concepts, actors, components, reference architecture, functional requirements and practices you’ll need to understand and implement. It is one of many security standards that we provide here at Document Center Inc.
To get a copy head to the Document Center webstore at www.document-center.com. Here you can search for and order standards from our collection of over 1,000,000 unique publications. Here’s a direct link to the order page for ISO/IEC 29146 for your convenience. And if you have further questions or would prefer to order in person, just contact our staff by phone (650-591-7600) or email (info@document-center.com). We’re your Standards Experts!
