BS ISO/IEC 29115:2013 Information technology. Security techniques. Entity authentication assurance framework, Data processing, Computers, Management, Data security, Data storage protection, Anti-burglar measures, Computer technology, Computer networks

BS ISO/IEC 29115:2013

Information technology. Security techniques. Entity authentication assurance framework

Status : Current, Project Underway   Published : April 2013



What is this standard about?

Many electronic transactions within ICT systems have security requirements which depend on an understood or specified level of confidence in the identities of the entities involved. Such requirements may include the protection of assets and resources against unauthorized access.

This usually involves an access control mechanism which might be used to enforce accountability through the maintenance of audit logs of relevant events, as well as for accounting and charging purposes.

This standard provides a framework for entity authentication assurance. Assurance within this International standard refers to the confidence placed in all of the processes, management activities, and technologies used to establish and effectively manage the identity of an entity for use in authentication transactions.

Who is this standard for?

Principally it’s for credential service providers (CSPs) and others having an interest in their services e.g. relying parties, assessors and auditors of those services.

Why should you use this standard? 

It offers crucial guidance for managing entity authentication assurance in a given context.In particular, it focuses on the:

  • Four levels of entity authentication assurance (LoAs)
  • Criteria and guidelines for achieving each of the four levels of entity authentication assurance
  • Guidance for mapping other authentication assurance schemes to the four LoAs
  • Guidance for exchanging the results of authentication that are based on the four LoAs
  • Guidance concerning controls that should be used to mitigate authentication threats

Using four specified Levels of Assurance (LoAs), the document presents direction concerning control technologies, processes and management activities, as well as assurance criteria that should be used to mitigate authentication threats in order to implement the four LoAs.

Standard NumberBS ISO/IEC 29115:2013
TitleInformation technology. Security techniques. Entity authentication assurance framework
StatusCurrent, Project Underway
Publication Date30 April 2013
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)ITU-T Recommendation Y.2702:2010, NIST Special Pub 800-36:2003, ISO/IEC 19790: 2012, ISO/IEC 29101, ITU-T Recommendation Y.2721:2010, NIST Special Pub 800-63:2006, ITU-T Recommendation X.1252:2010, ISO/IEC 29100:2011, ITU-T Recommendation Y.2720:2010, OMB M-04-04, ITU-T Recommendation Y.2722:2010, ISO/IEC 19792:2009, ISO/IEC 24760-1:2011, ISO/IEC 9798:2010, ISO/IEC 27001:2005
International RelationshipsISO/IEC 29115:2013
Draft Superseded By12/30168696 DC
DescriptorsComputer technology, Data security, Management, Data processing, Computers, Data storage protection, Computer networks, Information exchange, Anti-burglar measures
Title in FrenchTechnologies de l'information. Techniques de sécurité. Cadre d'assurance de l'authentification d'entité
ISBN978 0 580 59544 8
File Size1.134 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Access, view and download standards with multiple user access, across multiple sites with BSOL

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version