The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:
- Security requirements capture methodology
- Management of information and ICT security; in particular information security management systems, security processes, and security controls and services
- Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information
- Security management support documentation including terminology, guidelines as well as procedures for the registration of security components
- Security aspects of identity management, biometrics and privacy
- Conformance assessment, accreditation and auditing requirements in the area of information security management systems
- Security evaluation criteria and methodology.