ISO

ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is applicable to all types and sizes of organization (e.g. commercial enterprises, government agencies, not-for-profit organizations).
The terms and definitions provided in this document
- cover commonly used terms and definitions in the ISMS family of standards;
- do not cover all terms and definitions applied within the ISMS family of standards; and
- do not limit the ISMS family of standards in defining new terms for use.

This document specifies the big data reference architecture (BDRA). The reference architecture includes concepts and architectural views.
The reference architecture specified in this document defines two architectural viewpoints:
- a user view defining roles/sub-roles, their relationships, and types of activities within a big data ecosystem;
- a functional view defining the architectural layers and the classes of functional components within those layers that implement the activities of the roles/sub-roles within the user view.
The BDRA is intended to:
- provide a common language for the various stakeholders;
- encourage adherence to common standards, specifications, and patterns;
- provide consistency of implementation of technology to solve similar problem sets;
- facilitate the understanding of the operational intricacies in big data;
- illustrate and understand the various big data components, processes, and systems, in the context of an overall big data conceptual model;
- provide a technical reference for government departments, agencies and other consumers to understand, discuss, categorize and compare big data solutions; and
- facilitate the analysis of candidate standards for interoperability, portability, reusability, and extendibility.

This document provides a set of terms and definitions needed to promote improved communication and understanding of this area. It provides a terminological foundation for big data-related standards.
This document provides a conceptual overview of the field of big data, its relationship to other technical areas and standards efforts, and the concepts ascribed to big data that are not new to big data.

ISO/IEC 19790:2012 specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. ISO/IEC 19790:2012 defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). ISO/IEC 19790:2012 specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level.

ISO/IEC 19790:2012 specifies security requirements specified intended to maintain the security provided by a cryptographic module and compliance to this ISO/IEC 19790:2012 is not sufficient to ensure that a particular module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.

This document defines requirements, guidelines, formats and approaches for use when producing a mapping document that defines how industry practices map to/from the ISO/IEC 19770 series.
This edition is focused solely on mappings to/from both the second edition of ISO/IEC 19770-1 that was published in 2012, or the third edition of ISO/IEC 19770-1 that was published in 2017. However, the title of this document is deliberately more general as it is expected that future editions of this document also include mapping frameworks related to other parts of the ISO/IEC 19770 series.
In this document where reference is made to ISO/IEC 19770-1 without the specification of an edition number or a publication year, then the text applies to all editions of ISO/IEC 19770-1.

ISO/IEC 19770-5:2015 provides
a) an overview of the ISO/IEC 19770 family of standards,
b) an introduction to IT asset management (ITAM) and software asset management (SAM),
c) a brief description of the foundation principles and approaches on which SAM is based, and
d) consistent terms and definitions for use throughout the ISO/IEC 19770 family of standards.
ISO/IEC 19770-5:2015 is applicable to all types of organization (e.g. commercial enterprises, government agencies, and non-profit organizations).

ISO/IEC 19770-4:2017 establishes specifications for an information structure to contain Resource Utilization Measurement information to facilitate IT asset management (ITAM).
This document is applicable to all types of organization (for example, commercial enterprises, government agencies, and non-profit organizations).

ISO/IEC 19770-3:2016 establishes a set of terms and definitions which may be used when discussing software entitlements (an important part of software licenses). It also provides specifications for a transport format which enables the digital encapsulation of software entitlements, including associated metrics and their management.
This common set of terms and associated transport format is intended to facilitate the management of software entitlements. The intended benefits of the better management of entitlements include easier demonstration of proof of ownership, cost optimization of the use of entitlements and easier license compliance management.

Furthermore, one of the benefits of having a standard for entitlement structure is that it may encourage the normalization by industry of names for and the details of, different types of entitlements. A common lexicon is critical to standardization and shared understanding. The terms in this part of ISO/IEC 19770 should form a part of that lexicon over time.

It should be noted that within this text, attributes of an XML entity will be denoted with angle brackets, . XML elements are noted with quotes, "Element".

ISO/IEC 19770-3:2016 deals only with software entitlements, which are defined as the subset of software licenses that are concerned with usage rights. It is expected that the original documentation of licensing terms and conditions will be definitive for legal purposes, and will always take precedence over the Ent encapsulation.

ISO/IEC 19770-3:2016 does not detail ITAM processes required for discovery and management of software (which is provided for in ISO/IEC 19770‑1) or software identification tags (as defined by ISO/IEC 19770‑2).

ISO/IEC 19770-3:2016 does not consider identifying mechanisms for product activation.

ISO/IEC 19770-3:2016 is not intended to conflict with any organization's policies, procedures and standards, or with any national laws and regulations. Any such conflict should be resolved before using this part of ISO/IEC 19770. In case the conflict cannot be resolved, the specification shall not be implemented.

ISO/IEC 19770-2:2015 establishes specifications for tagging software to optimize its identification and management.
This part of ISO/IEC 19770 applies to the following.

a) Tag producers: these organizations and/or tools create software identification (SWID) tags for use by others in the market. A tag producer may be part of the software creator organization, the software licensor organization, or be a third-party organization. These organizations and/or tools can broadly be broken down into the following categories.

Platform providers: entities responsible for the computer or hardware device and/or associated operating system, virtual environment, or application platform, on which software may be installed or run. Platform providers which support this part of ISO/IEC 19770 may additionally provide tag management capabilities at the level of the platform or operating system.
Software providers: entities that create, license, or distribute software. For example, software creators, independent software developers, consultants, and repackagers of previously manufactured software. Software creators may also be in-house software developers.
Tag tool providers: entities that provide tools to create software identification tags. For example, tools within development environments that generate software identification tags, or installation tools that may create tags on behalf of the installation process, and/or desktop management tools that may create tags for installed software that did not originally have a software identification tag.
b) Tag consumers: these tools and/or organizations utilize information from SWID tags and are typically broken down into the following two major categories:

software consumers: entities that purchase, install, and/or otherwise consume software;
IT discovery and processing tool providers: entities that provide tools to collect, store, and process software identification tags. These tools may be targeted at a variety of different market segments, including software security, compliance, and logistics.
ISO/IEC 19770-2:2015 does not prescribe Information Technology Asset Management (ITAM) or other IT-related processes required for reconciliation of software entitlements with software identification tags or other IT requirements.

ISO/IEC 19770-2:2015 is not intended to conflict either with any organization's policies, procedures or standards or with any national or international laws and regulations.

ISO/IEC 19770-1:2017 specifies requirements for an IT asset management system within the context of the organization.
ISO/IEC 19770-1:2017 can be applied to all types of IT assets and by all types and sizes of organizations.
NOTE 1 This document is intended to be used for managing IT assets in particular, but it can also be applied to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware, however its use for these purposes has not been determined. It is not intended for managing information assets per se, i.e. it is not intended for managing information as an asset independent of hardware and software assets. Certain types of data and information are covered, such as data and information about IT assets in scope, and depending on how the scope is defined, it can cover digital information content assets. See the Introduction for an explanation about IT assets.
NOTE 2 This document does not specify financial, accounting, or technical requirements for managing specific IT asset types.
NOTE 3 For the purposes of this document, the term "IT asset management system" is used to refer to a management system for IT asset management.
ISO/IEC 19770-1:2017 is a discipline-specific extension of ISO 55001:2014, with changes, and is not a sector-specific application of that International Standard. ISO 55001:2014 is intended to be used for managing physical assets in particular, but it can also be applied to other asset types. This document specifies requirements for the management of IT assets which are additional to those specified in ISO 55001:2014. Conformance to this document does not imply conformance to ISO 55001:2014.
ISO/IEC 19770-1:2017 can be used by internal and external parties to assess the organization's ability to meet the organization's own IT asset management requirements.