Deutsches Institut fur Normung e. V.

Electronic fee collection - Security framework (ISO/TS 19299:2015)
 N CEN ISO/TS 19299

Annotation

The overall scope of this Technical Specification is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them, based on the system architecture defined in ISO 17573. The security framework describes a set of requirements and associated security measures for stakeholders to implement and thus ensure a secure operation of their part of an EFC system as required for a trustworthy environment according to its security policy.

The scope of this Technical Specification comprises the following:

— definition of a trust model (Clause 5); Basic assumptions and principles for establishing trust between the stakeholders.

— security requirements (Clause 6);

— security measures

— countermeasures (Clause 7); Security requirements to support actual EFC system implementations.

— security specifications for interface implementation (Clause 8); These specifications represent an add-on for security to the corresponding standards. Figure 5 above shows the relevant interfaces and the corresponding relevant interface standards, as illustrated in Figure 6.

— key management (Clause 9); Covering the (initial) setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.

— security profiles (Annex A);

— implementation conformance statement (Annex B) provides a checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to this Technical Specification;