Overview[]
CS1 is the Cyber Security technical committee of INCITS. CS1 develops United States, national, ANSI-accredited standards in the area of cybersecurity. Its scope encompasses:
- Management of information security and systems;
- Management of third-party information security service providers;
- Intrusion detection;
- Network security;
- Cloud computing security;
- Supply-chain risk management;
- Incident handling;
- IT security evaluation and assurance;
- Security assessment of operational systems;
- Security requirements for cryptographic modules;
- Protection profiles;
- Role-based access control;
- Security checklists;
- Security metrics;
- Cryptographic and non-cryptographic techniques and mechanisms, including confidentiality, entity authentication, non-repudiation, key management, data integrity, message authentication, hash functions, and digital signatures;
- Future service and applications standards supporting the implementation of control objectives and controls as defined in ISO 27001, in the areas of business continuity, and outsourcing;
- Identity management, including an identity management framework, role-based access control, and single sign-on; and
- Privacy technologies, including a privacy framework, privacy reference architecture, privacy infrastructure, anonymity and credentials, and specific privacy-enhancing technologies.
All input from CS1 is processed through INCITS to ANSI, then to SC 27. It is also a conduit for getting U.S.-based new work item proposals and U.S.-developed national standards into the international SC 27 standards development process. In its international efforts, CS1 responded to all calls for U.S. contributions and/or voting positions on all international security standards projects in ISO/IEC JTC 1 SC 27 in a consistent, efficient, and timely manner.