|Title:||ISO/IEC 15816:2002 - Information technology -- Security techniques -- Security information objects for access control|
(Note: this is a reference to the ISO page where the standard can be acquired. However, the standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted).
|Topic:||Security management – Access control|
|Direct / indirect relevance||Indirect. The text is a basic resource which can be used in access control issues, but contains no RM/RA obligations/methodologies as such.|
|Scope:||Not publicly available ISO standard, which can be voluntarily applied.|
|Legal force:||Nonbinding ISO standard.|
|Affected sectors:||Generic. The standard can be applied by security professionals in any sector confronted by access control difficulties.|
|Relevant provision(s):||The standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted.
Generically, it is described as containing:
a) the definition of guidelines for specifying the abstract syntax of generic and specific Security Information Objects (SIOs) for Access Control;
b) the specification of generic SIOs for Access Control;
c) the specification of specific SIOs for Access Control. The scope of this Recommendation | International Standard covers only the "statics" of SIOs through syntactic definitions in terms of ASN.1 descriptions and additional semantic explanations. It does not cover the "dynamics" of SIOs, for example rules relating to their creation and deletion. The dynamics of SIOs are a local implementation issue.
|Relevance to RM/RA:||The standard allows security professionals to rely on a specific set of syntactic definitions and explanations with regard to SIOs, thus avoiding duplication or divergence in other standardisation efforts.|