CAN/CSA-ISO/IEC ISP 10608-7-01 (R2005)

This National Standard of Canada is equivalent to International Standard ISO/IEC ISP 10608-7:1998. 1 Scope 1.1 General ISO/IEC 10608 is applicable to End Systems concerned with operating in the Open Systems Interconnection (OSI) environment. It specifies a combination of OSI standards which collectively provide the connection-mode Transport Service using the connectionless-mode Network Service. This part of ISO/IEC 10608 specifies the profile requirements for the provision of security services using cryptographic techniques with the Network Layer Security Protocol connectionless-mode. This part of ISO/IEC 10608 specifies profile requirements that are applicable to any type of subnetwork. 1.2 Position within the Taxonomy The taxonomy of profiles is specified in ISO/IEC TR 10000-2. This part of ISO/IEC ISP 10608 supports security services for any TA profile specified in ISO/IEC ISP 10608 (Connection-mode transport over Connectionless-mode Network Service). Note: ISO/IEC TR 10000 currently does not identify security sub- profiles. Profiles based on this part of ISO/IEC ISP 10608 may be referred to as TAnnnS1, or TAnnnS1C if confidentiality is selected. 1.4 Security Services The following security services are within the scope of this part of ISO/IEC ISP 10608: a) Data origin authentication b) Connectionless integrity Note: It is strongly recommended that some form of access control is supported. However, this may be achieved using local access control lists which are outside the scope of this ISO/IEC ISP 10608. c) Access control using security labels (optional) d) Connectionless confidentiality (optional) e) Traffic flow confidentiality (optional) 1.5 Security Mechanisms This part of ISP 10608 provides no assurance as to the strength of the security mechanisms employed. This part of ISO/IEC ISP 10608 does not specify the cryptographic algorithms to be employed.