Navigate to content

U.S. to Host the Information security, cybersecurity and privacy protection Plenary and Synchronized Working Group Meetings of ISO/IEC JTC 1/SC 27

After three years of meeting online only, the 37th Plenary and Working Group Meeting of ISO/IEC JTC 1/SC 27 will be hosted by the U.S. and held on the Microsoft Campus in Redmond, Washington. Approved national body experts and liaison representatives will participate in working group meetings to be held from April 17-21, 2023, followed by the SC 27 plenary on April 24-25, 2023.

The INCITS Technical Committee on Cybersecurity and Privacy serves as the U.S. Technical Advisory Group to ISO/IEC JTC 1/SC 27, which focuses on the development of international standards in information security, cybersecurity, and privacy protection, and can collaborate with other INCITS Technical Committees to ensure that security and privacy are adequately addressed in U.S. standards that do not have information security, cybersecurity, and privacy protection as a primary focus.

The program of work is ambitious, encompassing over 300 projects with areas of emphasis being:

  • Management of cybersecurity; in particular, information security management system (ISMS) standards. Significant standards in this area include ISO/IEC 27001, Information security, cybersecurity and privacy protection - Information security management systems - Requirements, the world’s best-known standard for information security management systems (ISMS) and their requirements; and ISO/IEC 27002, Information security, cybersecurity and privacy protection - Information security controls.

  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity, and confidentiality of information. New work includes ISO/IEC 18033-8, Information security - Encryption algorithms - Part 8: Fully Homomorphic Encryption.

  • Security processes, security controls and services. Example standards include ISO/IEC 27017, Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services, with a second edition of this standard currently under development; ISO/IEC 27402, Cybersecurity - IoT security and privacy - Device baseline requirements; and ISO/IEC 27090, Cybersecurity - Artificial Intelligence - Guidance for addressing security threats and failures in artificial intelligence systems.

  • Security aspects of identity management, biometrics, and privacy. The ISO/IEC 27701, Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines, standard is a great example with a second edition of this standard under development.

  • Security evaluation criteria and methodology and security requirements for cryptographic modules. The ISO/IEC 15408, Information security, cybersecurity and privacy protection - Evaluation criteria for IT security, standard has five parts that provide requirements for framework, structure, functional components, and security assurance for users.

To get involved in these Cybersecurity and Privacy standardization activities and more, join the INCITS Technical Committee on Cybersecurity and Privacy. For more information on membership, visit https://www.incits.org/participation/membership-info.

About INCITS: the InterNational Committee for Information Technology Standards (INCITS) – is the central U.S. forum dedicated to creating technology standards for the next generation of innovation.  INCITS members combine their expertise to create the building blocks for globally transformative technologies. From cloud computing to communications, from transportation to health care technologies, INCITS is the place where innovation begins. INCITS is accredited by the American National Standards Institute (ANSI) and is affiliated with ITI. Visit www.incits.org to learn more.