Rec Date Temp Title E.106

Rec Date Temp Title
E.106 (2003-10) E.ieps International Emergency

Preference Scheme (IEPS) for
disaster relief operations
E.107 (2007-02) E.ETS Emergency

Telecommunications Service
(ETS) and interconnection
framework for national
implementations of ETS
E.408 (2004-05) Telecommunication networks

security requirements
E.409 (2004-05) Incident Organization and

Security Incident Handling:
Guidelines for
Telecommunications
Organizations
F.400/ (1999-06) Message Handling System and

X.400 Service overview
F.440 (1992-08) Message Handling Services:
The Voice Messaging (VM-)
Service.
F.744 (2009-12) F.USN-MW (Audiovisual services) Service

description and requirements
for ubiquitous sensor network
middleware
F.771 (2008-08) Service description and

requirements for multimedia
information access triggered by
tag-based identification
F.851 (1995-02) Universal Personal
Telecommunication (UPT) -
Service description (service
set 1)
G.780/ (2010-07) Terms and definitions for

Y.1351 synchronous digital hierarchy
(SDH) networks
G.808.1 (2010-02) G.gps.1 Generic protection switching –

Linear trail and subnetwork
protection
G.827 (2003-09) I.35x Availability performance

parameters and objectives for
end-to-end international
constant bit-rate digital paths
G.841 (1998-10) G.SHR-1 Types and characteristics of
SDH network protection
architectures
G.842 (1997-04) G.SHR-2 Interworking of SDH network

protection architectures
G.870/ (2012-02) G.termOTN, Terms and definitions for

Y.1352 G.vocotn optical transport networks
(OTN)
G.873.1 (2011-07) G.otnprot.1 Optical Transport Network

(OTN) – Linear protection
G.873.2 (2012-04) G.otnprot.2 ODUk Shared Ring Protection

(SRP)
G.911 (1997-04) Parameters and calculation

methodologies for reliability
and availability of fiber optic
systems
G.8001/ (2012-06) G.vcoeth Terms and definitions for

Y.1354 Ethernet frames over transport
G.8031/ (2011-06) Y.17ethps Ethernet linear protection

Y.1342 switching
G.8032/ (2012-02) Ethernet ring protection

Y.1344 switching
G.8081/ (2012-02) G.termASON Terms and definitions for

Y.1353 automatically switched optical
networks
G.8101/ (2010-07) Terms and definitions for MPLS

Y.1355 transport profile
G.8131/ (2007-02) Linear protection switching for
Y.1382 transport MPLS (T-MPLS)
networks
G.Sup51 (2012-05) Passive optical network (PON)

protection considerations
H.225.0 (2009-12) Call signalling protocols and

media stream packetization for
packet-based multimedia
communication systems
H.233 (2002-11) Confidentiality system for

audiovisual services
H.234 (2002-11) Encryption key management

and authentication system for
audiovisual services
H.235.0 (2005-09) H.323 security: Framework for
security in H-series (H.323 and
other H.245-based) multimedia
systems
H.235.1 (2005-09) H.323 security: Baseline

security profile
H.235.2 (2005-09) H.323 security: Signature

security profile
H.235.3 (2005-09) H.323 security: Hybrid security
profile
H.235.4 (2005-09) H.323 security: Direct and

selective routed call security
H.235.5 (2005-09) H.323 security: Framework for

secure authentication in RAS
using weak shared secrets
H.235.6 (2009-03) H.323 security: Voice
encryption profile with native
H.235/H.245 key management
H.235.7 (2005-09) H.323 security: Usage of the

MIKEY key management
protocol for the Secure Real
Time Transport Protocol
(SRTP) within H.235
H.235.8 (2005-09) H.323 security: Key exchange

for SRTP using secure
signalling channels
H.235.9 (2005-09) H.323 security: security
gateway support for H.323
H.245 (2011-05) Control protocol for multimedia

communication
H.248.77 (2010-09) H.248.SRTP Gateway control protocol:

Secure real-time transport
protocol (SRTP) package and
procedures
H.248.81 (2011-05) H.248.ETS Gateway Control Protocol:

Guidelines on the use of the
International Emergency
Preference Scheme (IEPS)
Call Indicator and Priority
Indicator in H.248 Profiles
H.320 (2004-03) Narrow-band visual telephone
systems and terminal
equipment
H.323 (2009-12) Packet-based multimedia

communications system
H.350 (2011-05) Directory services architecture

for multimedia conferencing
H.350.1 (2011-05) Directory services architecture

for H.323
for H.235
for H.320
for SÍP

for non-standard protocols

for call forwarding and
preferences

for XMPP
H.460.17 (2005-09) Using H.225.0 call signalling
connection as transport for
H.323 RAS messages
H.460.18 (2005-09) Traversal of H.323 signalling

across network address
translators and firewalls
H.460.19 (2005-09) Traversal of H.323 media

across network address
translators and firewalls
H.460.22 (2007-01) Negotiation of security
protocols to protect H.225.0
Call Signalling Messages
H.510 (2002-03) Mobility for H.323 multimedia

systems and services
H.530 (2002-03) H.235 Annex G Symmetric security procedures

for H.323 mobility in H.510
H.621 (2008-08) Architecture of a system for

multimedia information access
triggered by tag-based
identification
H.Imp235 (2005-08) Implementors Guide for H.235
V3: Security and encryption for
H-series (H.323 and other
H.245-based) multimedia
terminals
H.Sup 9 (2008-05) Gateway control protocol:

Operation of H.248 with H.225,
SIP, and ISUP in support of
emergency
telecommunications service
(ETS)/international emergency
preference scheme (IEPS)
J.89 (1999-09) J.mpp Transport Mechanism for

component-coded digital
television signals using MPEG-
2 4:2:2 P@ML including all
service elements for
contribution and primary
distribution
J.91 (1994-08) Technical methods for ensuring

privacy in long-distance
international television
transmission
J.93 (1998-03) J.ca Requirements for conditional

access in the secondary
delivery of digital television or
cable television systems
J.95 (1999-09) J.cp Copy protection of intellectual
property for content delivered
on cable television systems
J.96 (2002-07) J.encryp Technical Method for Ensuring

Privacy in Long-Distance
International MPEG-2
Television Transmission
Conforming to Rec. J.89
J.112 (1998-03) J.isc Transmission systems for
interactive cable television
services
J.125 (2007-12) J.bpi Link privacy for cable modem

implementations
J.160 (2005-11) J.arch Architectural framework for the

delivery of time-critical services
over cable television networks
using cable modems
J.170 (2005-11) J.sec IPCablecom security

specification
J.190 (2007-07) J.hna Architecture of MediaHomeNet

that supports cable-based
services
J.191 (2004-03) IP feature package to enhance
cable modems
J.197 (2005-11) J.drm High level requirements for a

Digital Rights Management
(DRM) bridge from a cable
access network to a home
network
J.222.3 (2007-11) J.ss Third-generation transmission
systems for interactive cable
television services - IP cable
modems Security services
J.360 (2006-11) IPCablecom2 architecture
framework
J.366.7 (2010-08) J.ims.7 IPCablecom2 Access Security

for IP-based Services
J.366.8 (2006-11) J.ims.8 IPCablecom2 IP Multimedia

Subsystem (IMS): Network
domain security specification
J.366.9 (2006-11) J.ims.9 IPCablecom2 IP Multimedia
Subsystem (IMS): Generic
authentication architecture
specification (3GPP TS
33.220)
J.1001 (2012-01) J.rcas-req Requirements for conditional
access client software remote
renewable security system
K.87 (2011-11) K.sec Guide for the application of

electromagnetic security
requirements - Basic
Recommendation
L.20 (1996-10) L.fsc Creation of a fire security code

for telecommunication facilities
M.3010 (2000-02) Principles for a

telecommunications
management network
M.3016.0 (2005-05) Security for the management

plane: Overview
plane: Security requirements
plane: Security services

plane: Security mechanisms

plane: Profile proforma
M.3020 (2011-07) Management interface

specification methodology
M.3208.2 (1999-03) TMN management services for

dedicated and reconfigurable
circuits network: Connection
management of pre-
provisioned service link
connections to form a leased
circuit service
M.3210.1 (2001-01) TMN management services for

IMT-2000 security
management (M.IMTSEC)
M.3320 (1997-04) Management requirements

framework for the TMN X
interface
M.3350 (2004-05) M.ets TMN service management

requirements for information
interchange across the TMN X-
interface to support
provisioning of Emergency
Telecommunication Service
(ETS)
M.3400 (2000-02) TMN management functions
M.3410 (2008-08) Guidelines and Requirements

for Security Management
Systems to Support
Telecommunications
Management
Q.293 (1988-11) Intervals at which security

measures are to be invoked
Q.761 (1999-12) Signalling System No. 7 –
ISDN User Part functional
description with Amendments
on the Support for the
Preference Scheme

ISDN User Part general
functions of messages and
signals with Amendments on
the Support for the
Preference Scheme

ISDN User Part formats and
codes with Amendments on
the Support for the
Preference Scheme

ISDN User Part signalling
procedures with Amendments
Preference Scheme
Q.767 (1991-02) Application of the ISDN User
Part of signalling system No. 7
for international ISDN
interconnections --
Amendments on the Support
for the International
Emergency Preference
Scheme
Q.813 (1998-06) Security transformations

application service element for
remote operations service
element (STASE-ROSE)
Q.814 (2000-02) Specification of an electronic

data interchange interactive.
Q.815 (2000-02) Specification of a security

module for whole message
protection
Q.816 (2001-01) CORBA-based TMN services
Q.816.1 (2001-08) CORBA-based TMN services:

Extensions to support coarse-
grained interfaces
Q.816.2 (2007-03) CORBA-based TMN services:

Extensions to support service-
oriented interfaces
Q.817 (2001-01) TMN PKI − Digital certificates
and certificate revocation lists
profiles
Q.834.3 (2001-11) A UML description for

management interface
requirements for broadband
Passive Optical Networks
Q.834.4 (2003-07) A CORBA interface

specification for Broadband
Passive Optical Networks
based on UML interface
requirements
Q.1531 (2000-06) UPT security requirements for
service Set 1
Q.1701 (1999-03) Q.FIN Framework for IMT-2000

networks
Q.1702 (2002-06) Q.LTVN Long-term vision of network

aspects for systems beyond
IMT-2000
Q.1703 (2004-05) Q.snfb Service and network
capabilities framework of
network aspects for systems
beyond IMT-2000
Q.1706/ (2006-11) Rec.mmr Mobility management

Y.2801 requirements for NGN
Q.1741.1 (2002-04) Q.REF-1 IMT-2000 references to release

1999 of GSM evolved UMTS
core network with UTRAN
access network
Q.1741.2 (2002-12) IMT-2000 references to release

4 of GSM evolved UMTS core
network with UTRAN access
network

network

network
Q.1741.5 (2008-10) IMT-2000 references to
Release 7 of GSM-evolved
UMTS core network
Q.1741.6 (2009-10) IMT‑2000 references to

UMTS core network
Q.1741.7 (2011-11) IMT-2000 references to

UMTS core network
Q.1742.1 (2002-12) Q.REF-2 IMT-2000 references to ANSI-

41 evolved core network with
cdma2000 access network
Q.1742.2 (2003-07) IMT-2000 references

(approved as of 11 July 2002)
to ANSI-41 evolved core
network with cdma2000 access
network
Q.1742.3 (2004-01) IMT-2000 references
(approved as of 30 June 2003)
network
Q.1742.4 (2005-04) IMT-2000 references

network
Q.1742.5 (2006-09) IMT-2000 references

(approved as of 31 December
2005) to ANSI-41 evolved core
network
Q.1742.6 (2007-08) IMT-2000 references

(approved as of 31 December
2006) to ANSI-41 evolved core
network
Q.1742.7 (2008-10) IMT 2000 References
to ANSI-41 evolved Core
Network with cdma2000
Access Network
Q.1742.8 (2010-06) IMT‑2000 references

(approved as of 31 January
2010) to ANSI-41 evolved
core network with cdma2000
access network
Q.1742.9 (2011-11) IMT‑2000 references

(approved as of
31 December 2010) to ANSI-
41 evolved core network with
cdma2000 access network
Q.1902.1 (2001-07) Bearer Independent Call

Control protocol (Capability Set
2): Functional description with
Scheme

2) and Signalling System No.7
ISDN User Part: General
functions of messages and
parameters with Amendments
Preference Scheme
2) and Signalling System No.7
ISDN User Part: Formats and
codes with Amendments on
the Support for the
Preference Scheme

2): Basic call procedures with
Scheme
Q.1950 (2002-12) Q.CBC Bearer independent call bearer

control protocol
Q.2630.3 (2003-10) AAL type 2 signalling protocol
– Capability Set 3
Q.2761 (1999-12) Functional description of the B-

ISDN user part (B-ISUP) of
signalling system No. 7 with
Scheme
Q.2762 (1999-12) General functions of messages

and signals of the B-ISDN User
Part (B-ISUP) of Signalling
System No. 7 with
Scheme
Q.2763 (1999-12) Signalling System No. 7 B-

ISDN User Part (B-ISUP) –
Formats and codes with
Scheme
Q.2764 (1999-12) Signalling System No. 7 B-

ISDN User Part (B-ISUP) –
Basic call procedures with
Scheme
Q.2931 (1995-02) Digital Subscriber Signalling
System No. 2 – User-Network
Interface (UNI) layer 3
specification for basic
call/connection control
Q.3201 (2007-10) Q.NGN-nacf.sec EAP-based security signalling
protocol architecture for
network attachments
Q.3202.1 (2008-05) Q.nacf.auth1 Authentication protocols based

on EAP-AKA for interworking
among 3GPP, WiMax, and
WLAN in NGN
Q.Sup47 (2003-11) Emergency services for IMT-

2000 networks - Requirements
for harmonization and
convergence
Q.Sup52 (2004-12) NNI mobility management

requirements for systems
beyond IMT-2000
Q.Sup53 (2005-09) Signalling requirements to
support the International
Scheme (IEPS)
Q.Sup56 (2007-04) Organization of NGN service

user data
Q.Sup57 (2008-01) Signalling requirements to

support the emergency
telecommunications service
(ETS) in IP networks
Q.Sup58 (2008-01) Organization of NGN transport
user data
T.4 (2003-07) Standardization of Group 3

facsimile terminals for
document transmission
T.30 (2005-09) Procedures for document

facsimile transmission in the
GSTN
T.36 (1997-07) Security capabilities for use
with Group 3 facsimile
terminals
T.37 (1998-06) T.Ifax1 Procedures for the transfer of
facsimile data via store-and-
forward on the Internet
T.38 (2010-09) T.Ifax2 Procedures for real-time Group

3 facsimile communication
over IP networks
T.123 AxB (2007-01) Extended Transport

Connections
T.180 (1998-06) Homogeneous access

mechanism to communication
services
T.411 (1993-03) Information technology – Open
Document Architecture (ODA)
and interchange format:
Introduction and general
principles
T.503 (2000-02) A document application profile

for the interchange of Group 4
facsimile documents
T.563 (1996-10) Terminal Characteristics for

Group 4 facsimile apparatus
T.611 (1994-11) Programming Communication
Interface (PCI) APPLI/COM for
Facsimile Group 3, Facsimile
Group 4, Teletex, Telex, E-mail
and file transfer services
T.807 (2006-05) Information technology - JPEG

2000 image coding system:
Secure JPEG 2000
X.217 (1995-04) Information technology - Open

Systems Interconnection -
Service definition for the
Association Control Service
Element
Connection-oriented protocol
for the Association Control
Service Element: Protocol
specification.

Connectionless protocol for the
ACSE: Protocol specification

Connectionless protocol for the
ACSE: PICS proforma
X.272 (2000-03) Data compression and privacy

over frame relay networks

Network layer security protocol
X.274 (1994-07) Information technology -

Telecommunications and
information exchange between
systems – Transport layer
security protocol
X.400/ (1999-06) Message handling system and
F.400 service overview
Message Handling Systems
(MHS): Overall architecture
(MHS): MHS Routing – Guide
for messaging system
managers
X.408 (1988-11) Message handling systems:
Encoded information type
conversion rules

(MHS): Message transfer
system – Abstract service
definition and procedures

Message Handling System
(MHS) – MHS Routing

(MHS): Message Store –
Abstract service definition
(MHS): Protocol specifications
(MHS): Interpersonal
messaging system
COMFAX use of MHS

(MHS): Electronic data
interchange messaging system

Voice messaging system
Systems Interconnection - The
Directory: Overview of
concepts, models and services

Directory: Models

Directory: Authentication
framework (1993 edition – the
second edition/version, 1997
edition – the third
edition/version) Public-key and
attribute certificate frameworks
(2000 edition – the fourth
edition/version, 2005 edition –
the fifth edition/version, 2008
edition -- the sixth
edition/version)

Directory: Abstract service
definition
Directory: Procedures for
distributed operation
Directory: Protocol
specifications
Directory: Selected attribute
types
Directory: Selected object
classes
Directory: Replication
Directory: Use of systems
management for administration
of the Directory
X.680 (2008-11) Information technology - OSI

networking and system
aspects – Abstract Syntaxn
Notation One (ASN.1):
Specification of basic notation
X.681 (2008-11) Information technology - OSI

networking and system
aspects – Abstract Syntaxn
Notation One (ASN.1):
Information object specification

Abstract Syntax Notation One
(ASN.1): Constraint
specification
Abstract Syntax Notation One
(ASN.1): Parameterization of
ASN.1 specifications
X.690 (2008-11) Information technology - ASN.1

encoding rules: Specification of
Basic Encoding Rules (BER),
Canonical Encoding Rules
(CER) and Distinguished
Encoding Rules (DER)

Packed Encoding Rules (PER)

Encoding Control Notation
(ECN)

ASN.1 encoding rules: XML
encoding rules
Systems Management: Alarm
reporting function

Systems Management: Log
control function

Common management
information protocol:
Specification

Systems Management: Alarm
reporting function
X.734 (1992-09) - Information technology -

Open Systems Interconnection
- Systems Management: Event
report management function

Systems Management: Log
control function

Systems Management:
Security alarm reporting
function
Systems Management:
Confidence and diagnostic test
categories

Systems management:
Summarization function

Systems Management: Metric
objects and attributes

Systems Management:
Security audit trail function

Systems Management:
Objects and attributes for
access control
Systems management: Usage
metering function for
accounting purposes

Systems Management: Time
Management Function

Systems Management:
Software management function
X.780 (2001-01) TMN guidelines for defining

CORBA managed objects
X.780.1 (2001-08) TMN guidelines for defining

coarse grained CORBA
managed object interfaces
X.780.2 (2007-03) TMN guidelines for defining
service-oriented CORBA
managed objects and façade
objects
X.781 (2001-08) Requirements and guidelines

for Implementation
Conformance Statements
proformas associated with
CORBA-based systems
X.790 (1995-11) Trouble management function
for ITU-T applications
X.800 (1991-03) Security architecture for Open

Systems Interconnection for
CCITT applications
X.802 (1995-04) Information technology - Lower

layers security model

Upper layers security model
X.805 (2003-10) Security architecture for
systems providing end-to-end
communications

Security frameworks for open
systems: Overview
systems: Authentication
framework
systems: Access control
framework
systems: Non-repudiation
framework
systems: Confidentiality
framework
systems: Integrity framework
systems: Security Audit and
Alarms framework
X.830 (1995-04) IInformation technology - Open
Generic upper layers security
(GULS): Overview, models
and notation

GULS: Security Exchange
Service Element (SESE)
service definition
Service Element (SESE)
protocol specification
GULS: Protecting transfer
syntax specification
Service Element (SESE) PICS
proforma
GULS: Protecting transfer
syntax PICS proforma
X.841 (2000-10) X.sio Information technology -

Security techniques – Security
Information Objects for access
control
X.842 (2000-10) X.ttp1 Information technology -

Security techniques –
Guidelines for the use and
management of Trusted Third
Party services
X.843 (2000-10) X.ttp2 Information technology -
Specification of TTP services
to support the application of
digital signatures
X.893 (2007-05) Fast infoset security

distributed processing –
Reference Model: Overview
Reference Model:
Foundations.

Reference Model: Architecture.

Reference Model: Architectural
semantics.
X.910 (1998-09) X.905 Information technology – Open
Distributed Processing –
Naming framework
X.1031 (2008-03) X.805+ Roles of end users and

telecommunications networks
within security architecture
X.1032 (2010-12) X.interfaces Architecture of external

interrelations for a
telecommunication network
security system
X.1034 (2011-02) X.akm Guideline on Extensible

revised Authentication Protocol based
Authentication and Key
Management in a Data
Communication Network
X.1035 (2007-02) X.pak Password authenticated key
exchange protocol (PAK)
X.1036 (2007-11) X.spn Framework for creation,

storage, distribution and
enforcement of policies for
network security
X.1051 (2008-02) X.ism Information technology –
Information security
management guidelines for
telecommunications
organizations based on
ISO/IEC 27002
X.1052 (2011-05) X.ismf Information security

management framework
X.1055 (2008-11) X.rmg Risk management and risk

profile guidelines for
telecommunication
organizations
X.1056 (2009-01) X.sim Security incident management
guidelines for
telecommunications
organizations
X.1057 (2011-05) X.amg Asset management guidelines

in telecommunication
organizations
X.1080.1 (2011-10) X.th1 e-Health and world-wide

telemedicines - Generic
telecommunication protocol
X.1081 (2011-10) X.tb The telebiometric multimodal

model (TMM) – A framework
for the specification of security
and safety aspects of
telebiometrics
X.1082 (2007-11) X.physiol Telebiometrics related to

human physiology
X.1083 (2007-11) X.bip Information technology –

Biometrics – BioAPI
interworking protocol
X.1084 (2008-05) X.tsm-1 Telebiometrics system
mechanism - Part 1: General
biometric authentication
protocol and system model
profiles for telecommunications
systems
X.1086 (2008-11) X.tpp-1 Telebiometrics Protection

Procedures - Part 1: A
Guideline to Technical and
Managerial Countermeasures
for Biometric Data Security
X.1088 (2008-05) X.tdk Telebiometrics Digital Key

Framework (TDK) - A
Framework for Biometric
Digital Key Generation and
Protection
X.1089 (2008-05) X.tai Telebiometrics Authentication
Infrastructure (TAI)
X.1090 (2011-05) X.ott Authentication framework with

one-time telebiometric
template
X.1091 (2012-04) X.gep A guideline for evaluating

telebiometric template
protection techniques
X.1101 (2010-05) X.mcsec-1 Security requirements and

framework for multicast
communication
X.1111 (2007-02) X.homesec-1 Framework of security

technologies for home network
X.1112 (2007-11) X.homesec-2 Device certificate profile for the
home network
X.1113 (2007-11) X.homesec-3 Guideline on user

authentication mechanism for
home network services
X.1114 (2008-11) X.homesec-4 Authorization framework for

home networks
X.1121 (2004-04) X.msec-1 Framework of security

technologies for mobile end-to-
end data communications
X.1122 (2004-04) X.msec-2 Guideline for implementing

secure mobile systems based
on PKI
X.1123 (2007-11) X.msec-3 Differentiated security service

for secure mobile end-to-end
data communication
X.1124 (2007-11) X.msec-4 Authentication architecture for
mobile end-to-end
communication
X.1125 (2008-01) X.crs Correlative Reacting System in

Mobile Data Communication
X.1141 (2006-06) X.websec-1 Security Assertion Markup

Language (SAML 2.0)
X.1142 (2006-06) X.websec-2 eXtensible Access Control

Markup Language (XACML)
X.1143 (2007-11) X.websec-3 Security Architecture for

message security in mobile
web services
X.1151 (2007-11) X.sap-1 Guideline on secure password-
based authentication protocol
with key exchange
X.1152 (2008-05) X.sap-2 Secure end-to-end data

communication techniques
using TTP services
X.1153 (2011-02) X.sap-3 A management framework of

the one time password-based
authentication service
X.1161 (2008-05) X.p2p-1 Framework for secure peer-to-

peer communications
X.1162 (2008-05) X.p2p-2 Security architecture and

operations for peer-to-peer
network
X.1171 (2009-02) X.nidsec-1 Threats and requirements for
protection of personally
identifiable information in
applications using tag-based
identification
X.1191 (2009-02) X.iptvsec-1 Functional requirements and

architecture for IPTV security
aspects
X.1192 (2011-05) X.iptvsec-2 Functional requirements and

mechanisms for the secure
transcodable scheme of IPTV
X.1193 (2011-10) X.iptvsec-3 Key management framework
for secure internet protocol
television (IPTV) services
X.1195 (2011-02) X.iptvsec-5 (Secure applications and

services – IPTV security)
Service and content protection
(SCP) interoperability scheme
X.1197 (2012-04) X.iptvsec-7 Guidelines on criteria for
selecting cyptographic
algorthms for IPTV service and
content protection
X.1205 (2008-04) X.cso Overview of Cybersecurity
X.1206 (2008-04) X.vds A vendor-neutral framework for

automatic notification of
security related information
and dissemination of updates
X.1207 (2008-04) X.sds Guidelines for
telecommunication service
providers for addressing the
risk of spyware and potentially
unwanted software
X.1209 (2010-12) x.sisfreq Capabilities and their context
scenarios for cybersecurity
information sharing and
exchange
X.1231 (2008-04) X.csreq Technical strategies on

countering spam
X.1240 (2008-04) X.gcs Technologies involved in

countering e-mail
spam
X.1241 (2008-04) X.fcs Technical framework for

countering email spam
X.1242 (2009-02) X.ssf Short message service (SMS)

spam filtering system based on
user-specified rules
X.1243 (2010-12) X.tcs-1 (Cyberspace security –
Countering spam) Interactive
gateway system for countering
spam
X.1244 (2008-09) X.ocsip Overall aspects of countering

spam in IP-based multimedia
applications
X.1245 (2010-12) x.fcsip Framework for countering IP-

based multimedia spam
X.1250 (2009-09) X.idmreq Baseline capabilities for
enhanced global identity
management and
interoperability
X.1251 (2009-09) X.idif A framework for user control of

digital identity
X.1252 (2010-04) X.idmdef Baseline identity management

terms and definitions
X.1253 (2011-09) X.idmsg Security guidelines for identity

management systems
X.1275 (2010-12) X.rfpg Guidelines on protection of PII

in the application of RFID
technology
X.1303 (2007-09) X.cap Common alerting protocol

X.1311 (2011-02) X.usnsec-1 (Secure applications and
services – Ubiquitous sensor
network security) Security
framework for ubiquitous
sensor network
X.1312 (2011-02) X.usnsec-2 (Secure applications and

services – Ubiquitous sensor
network security) Ubiquitous
sensor network (USN)
middleware security guidelines
X.1500 (2011-04) X.cybex Overview of cybersecurity

information exchange (CYBEX)
X.1500.1 (2012-03) X.cybex.1 Procedures for the registration

of arcs under the object
identifier (OID) arc for
cybersecurity information
exchange
X.1520 (2011-04) X.cve Common vulnerabilities and

exposures
X.1521 (2011-04) X.cvss Common vulnerability scoring

system
X.1524 (2012-03) X.cwe Common weakness
enumeration (CWE)
X.1570 (2011-09) X.cybex-disc Discovery mechanisms in the

exchange of cybersecurity
information
X.Sup2 (2007-09) Supplement to X.800-X.849

series: on security baseline for
network operators
X.Sup3 (2008-04) Supplement to X.800-X.849

series: on guidelines for
implementing system and
network security
X.Sup6 (2009-09) Supplement to X.1240 series:

on countering spam and
associated threats
X.Sup7 (2009-02) Supplement to X.1250 series:

on overview of identity
management in the context of
cybersecurity
X.Sup8 (2010-12) Supplement to X.1205: on best
practices against botnet
threats
X.Sup9 (2011-09) Guidelines for reducing

malware in ICT networks
X.Sup10 (2011-09) X.1211; X.tb-ucc Usability of network traceback
X.Sup11 (2011-09) X.1246; X.tcs-2 Framework based on real-time

blocking lists for countering
VoIP spam
X.Sup12 (2012-03) X.oacms Supplement to X.1240-series –

Overall aspects of countering
mobile messaging spam
Y.140.1 (2004-03) Y.140.x Guideline for attributes and

requirements for
interconnection between public
telecommunication network
operators and service
providers involved in provision
of telecommunication services
Y.1271 (2004-10) Y.roec Framework(s) on network
requirements and capabilities
to support emergency
telecommunications over
evolving circuit-switched and
packet-switched networks
Y.1342/ (2006-06) Y.17ethps Ethernet linear protection

G.8031 switching
Y.1344/ (2008-06) Ethernet ring protection
G.1344 switching
Y.1351/ (2010-07) Terms and definitions for
G.780 synchronous digital hierarchy
(SDH) networks
Y.1352/ (2012-02) G.termOTN, Terms and definitions for

G.870 G.vocotn optical transport networks
(OTN)
Y.1353/ (2012-02) G.termASON Terms and definitions for

G.8081 automatically switched optical
networks
Y.1354/ (2012-06) G.vcoeth Terms and definitions for

G.8001 Ethernet frames over transport
Y.1355/ (2012-02) G.termASON Terms and definitions for

G.8101 automatically switched optical
networks
Y.1382/ (2007-02) Linear protection switching for

G.8131 transport MPLS(T-MPLS)
networks
Y.1720 (2006-12) Protection switching for MPLS
networks
Y.1901 (2009-01) Y.iptv-req (Internet protocol aspects -

IPTV over NGN)
Requirements for the support
of IPTV services
Y.1910 (2008-09) Y.iptvarch (Internet protocol aspects –
IPTV over NGN --) IPTV
functional architecture
Y.2001 (2004-12) General overview of NGN
Y.2012 (2010-04) Y.NGN-FRA Next Generation Networks

--Frameworks and functional
architecture models --
Functional requirements and
architecture of next generation
networks
Y.2014 (2010-03) Y.NACF R1 Network attachment control

functions in next generation
networks
Y.2016 (2009-08) Y.idserv-arch Functional requirements and

architecture of the NGN for
applications and services using
tag-based identification
Y.2018 (2009-09) Y.MMCF Mobility management and
control framework and
architecture within the NGN
transport stratum
Y.2020 (2011-05) Y.OSE-arch Open service environment

functional architecture for NGN
Y.2091 (2011-03) Y.term (Next Generation Networks -
Frameworks and functional
architecture models) Terms
and definitions for Next
Generation Networks
Y.2171 (2006-09) Y.CACPriority Admission control priority

levels in Next Generation
Networks
Y.2172 (2007-06) Y.RestPriority Service restoration priority

levels in Next Generation
Networks
Y.2201 (2009-09) Y.NGN-R1- NGN release 1 requirements

Reqts
Y.2205 (2011-05) Y.NGN-ET-Tech Next Generation Networks -

revised Emergency
telecommunications - Technical
considerations
Y.2213 (2008-09) Y.idserv-reqts NGN service requirements and

capabilities for network aspects
of applications and services
using tag-based identification
Y.2221 (2010-01) Y.USN-reqts Requirements for support of
ubiquitous sensor network
(USN) applications and
services in the NGN
environment
Y.2701 (2007-04) Y.NGN Security Security requirements for NGN

release 1
Y.2702 (2008-09) Y.NGN Authentication and

Authentication authorization requirements for
NGN release 1
Y.2703 (2009-01) Y.NGN AAA The application of AAA service

in NGN
Y.2704 (2010-01) Y.secMechanis Security mechanisms and
m procedures for NGN
Y.2720 (2009-01) Y.NGNIdMframe NGN identity management

work framework
Y.2721 (2010-09) Y.ngnIdMreq NGN identity management

requirements and use cases
Y.2722 (2011-01) Y.NGN IDM (Next Generation Networks –

Mechanisms Security) NGN identity
management mechanisms
Y.2740 (2011-01) Y.NGN mobile Security Requirements for
financial Mobile Remote Financial
requirments Transations in the Next
Generation Networks (NGN)
Y.2741 (2011-01) Y.NGN mobile Architecture of Secure Mobile
financial Financial Transactions in the
architecture Next Generation Networks
(NGN)
Y.2760 (2011-05) Y.mobSec Mobility security framework in

NGN
Y.2801/ (2006-11) Rec.mmr Mobility management

Q.1706 requirements for NGN
Y.3001 (2011-05) Y.FNvision Future Networks: Objectives

and Design goals
Main purpose and security aspects
Describes an international preference scheme for the use of public telecommunications by national
authorities for emergency and disaster relief operations. The International Emergency Preference
Scheme for Disaster Relief Operations (IEPS) is needed when there is a crisis situation causing an
increased demand for telecommunications when use of the International Telephone Service may be
restricted due to damage, reduced capacity, congestion or faults. In crisis situations there is a
requirement for IEPS users of public telecommunications to have preferential treatment.
Countries have, or are developing Emergency Telecommunications Services (ETS). Implementation of

ETS by definition is a national matter. However, disasters/emergencies can transcend geographic
boundaries, and thus there is a potential that countries/administrations may enter into bilateral and/or
multilateral agreements to link their respective ETS systems. This Rec. provides guidance that will
enable telecommunications between one ETS national implementation (ENI) and another ENI, in
addition to providing a description of ETS.
Provides an overview of security requirements and a framework that identifies security threats to
telecommunication networks in general (both fixed and mobile; both voice and data) and gives guidance
for planning countermeasures that can be taken to mitigate the risks arising from the threats.
Analyses, structures and suggests a method for establishing an incident management organization
within a telecommunications organization involved in the provision of international telecommunications,
where the flow and structure of an incident are focused. The flow and the handling are useful in
determining whether an event is to be classified as an event, an incident, a security incident or a crisis.
The flow also covers the critical first decisions that have to be made. To be able to succeed in incident
handling and incident reporting one must have an understanding of how incidents are detected, handled
and resolved. By establishing a general structure for incidents (i.e. physical, administrative or
organizational, and logical incidents) it is possible to obtain a general picture of the structure and flow of
an incident. A uniform terminology is the base for a common understanding of words and terms.
Rec. ITU-T F.400/X.400 | ISO/IEC 10021-1 provides an overview to define the overall system and
service of an MHS and serves as a general overview of MHS. This Overview is one of a set of Recs.,
which describe the system model and elements of service of the Message Handling System (MHS) and
services. This Rec. overviews the capabilities of an MHS that are used by Service providers for the
provision of public Message Handling (MH) services to enable users to exchange messages on a store-
and-forward basis. The message handling system is designed in accordance with the principles of the
Reference Model of Open Systems Interconnection (OSI Reference Model) for ITU-T applications (Rec.
ITU-T X.200) and uses the presentation layer services and services offered by other, more general,
application service elements. An MHS can be constructed using any network fitting in the scope of OSI.
The message transfer service provided by the MTS is application independent. Examples of
standardized applications are the IPM service (Rec. ITU-T F.420 +Rec. ITU-T X.420), the EDI Messaging
service (Rec. ITU-T F.435 + Rec. ITU-T X.435) and the Voice Messaging Service (Rec. ITU-T F.440 +
Rec. ITU-T X.440). End systems can use the Message Transfer (MT) service for specific applications
Specifies the general, operational and quality of service aspects of the public international Voice
Messaging (VM-) service, a specific type of Message Handling (MH) service, that is an international
telecommunication service offered by Administrations, enabling subscribers to send a message to one or
more recipients and to receive messages via telecommunication networks using a combination of store
and forward, and store and retrieve techniques. The VM-service enables subscribers to request a variety
of features to be performed during the handling and exchange of voice encoded messages. Some
features are inherent in the basic VM-service. Other non-basic features may be selected by the
subscriber, either on a per-message basis or for an agreed contractual period of time, if they are
provided by Administrations. Intercommunication with the Interpersonal Messaging (IPM) service may be
provided as an option in the VM-service. Basic features have to be made available internationally by
Administrations. Non-basic features, visible to the subscriber, are classified as either essential or
additional. Essential optional features must be made available internationally by Administrations.
Additional optional features may be made available by some Administrations for national use and
internationally on the basis of bilateral agreement. Non-basic features are called optional user facilities.
VM-service may be provided using any communications network. VM-service may be offered separately
or in combination with various telematic or data communication services. Technical specifications and
protocols, to be used in the VM-service are defined in the X.400-Series Recs. Annex G: Secure voice
messaging elements of service. Annex H, Voice Messaging security overview
Describe ubiquitous sensor network (USN) services and requirements for USN middleware. To provide
various USN services easily and effectively, it is desirable to define an intermediate entity such as USN
middleware for providing functions commonly required by various USN services. This Rec. covers USN
service description, USN middleware description, use cases of USN services using USN middleware, the
functional model for USN middleware and requirements for USN middleware to support functions
commonly required by USN services.
Specifies a high-level functional model, a service description and requirements for multimedia
information access triggered by tag-based identification. The scope of this rec. is limited to those
applications and services that have both multimedia and tag-based characteristics.
Provides the service description and operational provisions for Universal Personal Telecommunication
(UPT). This Rec. provides the general service description from the point of view of the individual UPT
subscriber or UPT user. UPT also allows the UPT user to participate in a user-defined set of subscribed
services, from amongst which the user defines personal requirements, to form a UPT service profile. The
UPT user may use the UPT service with minimal risk of violated privacy or erroneous charging due to
fraudulent use. In principle, any basic telecommunications service can be used with the UPT service.
The services provided to the UPT user are only limited by the networks and terminals used. Among
essential user features the first is the "UPT user identity authentication", and as optional user feature
there is the UPT service provider authentication. Section 4.4 details security requirements.
Provides terms, definitions, and abbreviations used in synchronous digital hierarchy (SDH) Recs.
Physical layer terminology, synchronization-related terminology, and terms applicable to multiple
technologies in addition to SDH are not included (however protection swithing is included). The goal of
this Rec is to be a single normative source for terms in this subject area.
Provides an overview of linear protection switching. It covers Optical Transport Networks (OTN),
Synchronous Digital Hierarchy (SDH) networks and Asynchronous Transfer Mode (ATM) networks based
protection schemes. Overviews of ring protection and dual node sub ‑network (e.g. ring) interconnect
schemes are provided in other Recs.
Defines network performance parameters and objectives for the path elements and end-to-end
availability of international constant bit-rate digital paths. These parameters are independent of the type
of physical network supporting the end-to-end path, e.g., optical fibre, radio relay or satellite. Guidance is
included on methods for improving availability and calculating the end-to-end availability of a
combination of network elements.
Describes the various protection mechanisms for Synchronous Digital Hierarchy (SDH) networks, their
objectives and their applications. Protection schemes are classified as SDH trail protection (at the
section or path layer) and as SDH sub-network connection protection (with inherent monitoring, non-
intrusive monitoring, and sub-layer monitoring).
Describes mechanisms for interworking between network protection architectures. Interworking is
described for single and dual node interconnection for exchanging traffic between rings. Each ring may
be configured for MS-shared protection or for SNCP protection.
Provides terms, definitions and abbreviations used in optical transport network (OTN) Recs. It contains a
list of the definitions and abbreviations introduced in Recs associated with optical transport networks,
and can be considered a companion Rec to Rec. ITU-T G.780/Y.1351 and Rec. ITU-T G.8081/Y.1353.
This Rec does not include terms specific to the physical layer or synchronization. The goal of this Recis
to be a single normative source for terms in this subject area.
Defines the APS protocol and protection switching operation for the linear protection schemes for the
Optical Transport Network at the Optical Channel Data Unit (ODU) level. Protection schemes considered
in this Rec. are ODUk trail protection; ODUk sub-network connection protection with inherent monitoring;
ODUk sub-network connection protection with non-intrusive monitoring; and ODUk sub-network
connection protection with sub-layer monitoring.
Provides the first set of necessary equipment-level specifications to implement shared ring protection
architectures in Optical Transport Network (OTN) networks. In this version of the Recommendation
shared ring protection on base of wrapping method is specified.
Identifies a minimum set of parameters necessary to characterize the reliability and availability of fibre
optic systems. Different parameters are given for system reliability and maintenance, for active optic
device reliability, for passive optical device reliability, and for optical fibre and cable reliability. It also
provides guidelines and methods for calculating the predicted reliability of devices, units and systems.
Examples are included.
Provides definitions and abbreviations used in Ethernet frames over Transport (EoT).
Rec. ITU-T G.8031/Y.1342 defines the automated protection swithing (APS) protocol and linear
protection switching mechanisms for point-to-point VLAN based ETH SNC in Ethernet transport
networks. All other protection schemes including point-to-multipoint and multipoint-to-multipoint are for
further study. Linear 1+1 and 1:1 protection switching architectures with unidirectional and bidirectional
switching are defined in this version of Rec. The APS protocol and protection switching operation for all
other Ethernet network architectures (for example ring, mesh, etc.) are for further study.
Rec. ITU-T G.8032/Y.1344 defines the automated protection swithing (APS) protocol and protection
switching mechanisms for ETH layer Ethernet ring topologies. The protection protocol defined in this
Rec. enables protected point-to-point, point-to-multipoint and multipoint-to-multipoint connectivity within
the ring or interconnected rings, called “multi-ring/ladder network” topology. The ETH layer ring maps to
physical layer ring structure. Protection schemes for the other layers, including ETY layer, are out of
scope of this Rec.
Provides terms, definitions, and abbreviations used in Automatically Switched Optical Network (ASON)
Recommendations. It contains a list of the definitions and abbreviations introduced in Recommendations
associated with Automatically Switched Optical Networks, and can be considered a companion
document to Recommendations ITU‑T G.780/Y.1351 and ITU ‑T G.870/Y.1352. The goal of this
Recommendation is to be a single normative source for terms in this subject area.
Is a compilation of terms and abbreviations used in MPLS transport profile Recommendations.

Rec. ITU-T G.8131/Y.1382 - specifies linear protection switching mechanisms to be applied to T-MPLS
layer networks as described in Rec. ITU-T G.8110.1/Y.1370.1. Protection switching is a fully allocated
protection mechanism that can be used on any topology. It is fully allocated in the sense that the route
and bandwidth of the protection connection is reserved for a selected working connection. To be
effective under all possible failures of the working connection, however, the protection connection must
be known to have complete physical diversity over all common-failure modes. This may not always be
possible. Also, this might require the working connection not to follow its shortest path. The T-MPLS
linear protection switching architecture can be trail protection and SNC/S protection as defined in Rec.
ITU-T G.808.1..
Passive optical networks can generally be considered point to multipoint networks, much like wireless
networks such as Wi-Fi, 2G-4G or the hybrid fibre coax (HFC) networks used by Multiple System
Operators. Redundancy is generally not fundamental in these networks as contrasted with ring based
topologies. Nonetheless there are services such as business services, mobile backhaul, and high
density residential which may justify the addition of PON redundancy and protection switching. The ITU-
T G.984.1 specification outlines several topologies for achieving redundancy; these have been named
Type A, Type B, Type C and Type D. Since the publication of that document, many other studies of
different aspects of PON availability, redundancy and switching have been made available. Supplement
51 to ITU-T G-series Recommendations collects this information, and guided by input from the operators
distils it into use cases and methods that are recommended for adding redundancy and increasing the
reliability (and security) of PON networks.
Describes the means by which audio, video, data, and control are associated, coded, and packetized for
transport between Rec. ITU-T H.323 equipment on a packet-based network. This includes the use of an
Rec. ITU-T H.323 gateway, which in turn may be connected to Rec. ITU-T H.320, Rec. ITU-T H.324, or
Rec. ITU-T H.310/H.321 terminals on N-ISDN, GSTN, or B-ISDN respectively. The equipment
descriptions and procedures are described in ITU-T Rec. H.323 while this Rec. covers protocols and
message formats. Communication via an Rec. ITU-T H.323 gateway to an Rec. ITU-T H.322 gateway for
guaranteed Quality of Service (QoS) LANs and thus to Rec. ITU-T H.322 endpoints is also possible.
Rec. ITU-T H.225.0 is intended to operate over a variety of different packet-based networks, including
IEEE 802.3, Token Ring, etc. Thus, this Rec. is defined as being above the Transport layer such as
TCP/IP/UDP, SPX/IPX, etc. Specific profiles for particular transport protocol suites are included in
Appendix IV. Thus, the scope of Rec. ITU-T H.225.0 communication is between Rec. ITU-T H.323
entities on the same packet-based network, using the same transport protocol.
A privacy system consists of two parts, the confidentiality mechanism or encryption process for the data,
and a key management subsystem. This Rec. describes the confidentiality part of a privacy system
suitable for use in narrow-band audiovisual services. Although an encryption algorithm is required for
such a privacy system, the specification of such an algorithm is not included here: the system caters for
more than one specific algorithm. The confidentiality system is applicable to point-to-point links between
terminals or between a terminal and a Multipoint Control Unit (MCU); it may be extended to multipoint
working in which there is no decryption at the MCU.
A privacy system consists of two parts, the confidentiality mechanism or encryption process for the data,
and a key management subsystem. This Rec. describes authentication and key management methods
for a privacy system suitable for use in narrow-band audiovisual services. Privacy is achieved by the use
of secret keys. The keys are loaded into the confidentiality part of the privacy system and control the way
in which the transmitted data is encrypted and decrypted. If a third party gains access to the keys being
used, then the privacy system is no longer secure. The maintenance of keys by users is thus an
important part of any privacy system. Three alternative practical methods of key management are
specified in this Rec..
Describes enhancements within the framework of the H.3xx-series Rec.s to incorporate security services
such as Authentication and Privacy (data encryption). The proposed scheme is applicable to both simple
point-to-point and multipoint conferences for any terminals which utilize ITU-T Rec. H.245 as a control
protocol; also to Rec. ITU-T H.323 systems that use the H.225.0 RAS and/or Call Signalling Protocol.
For example, Rec. ITU-T H.323 systems operate over packet-based networks which do not provide a
guaranteed quality of service and does not provide a secure service. Secure real-time communication
over insecure networks generally involves two major areas of concern – authentication and privacy.This
Rec. describes the security infrastructure and specific privacy techniques to be employed by the H.3xx-
series of multimedia systems. These areas include, but are not strictly limited to, authentication and
privacy of all real-time media streams that are exchanged in a conference. This Rec. provides the
protocol and algorithms needed between the Rec. ITU-T H.323 entities. This Rec. utilizes the general
facilities supported in ITU-T Rec. H.245 and as such, any standard which operates in conjunction with
this control protocol may use this security framework. It is expected that, wherever possible, other H-
series terminals may interoperate and directly utilize the methods described in this Rec. This Rec. will
not initially provide for complete implementation in all areas, and will specifically highlight endpoint
authentication and media privacy.This Rec. includes the ability to negotiate services and functionality in
a generic manner, and to be selective concerning cryptographic techniques and capabilities utilized. The
specific manner in which they are used relates to systems capabilities, application requirements and
specific security policy constraints. This Rec. supports varied cryptographic algorithms, with varied
options appropriate for different purposes; e.g., key lengths. Certain cryptographic algorithms may be
allocated to specific security services (e.g., one for fast media stream encryption and another for
signalling encryption).
Provides authentication and integrity protection, or authentication-only for Rec. ITU-T H.225.0 RAS and
call signalling, Rec. ITU-T H.225.0, and tunnelled Rec. ITU-T H.245 using password-based
HMAC‑SHA1-96 hash protection of Rec. ITU-T H.225.0 RAS and Call Signalling messages by using
secure password-based cryptographic techniques. The security profile is applicable to Rec. ITU-T H.323
terminal‑to‑gatekeeper, gatekeeper-to-gatekeeper, Rec. ITU-T H.323 gateway-to-gatekeeper and to
other Rec. ITU-T H.323 entities in administered environments with symmetric assigned keys/passwords.
Describes an optional security profile for deploying digital signatures to secure the H.225.0 signalling.
Describes an efficient and scalable, PKI-based hybrid security profile for version 2 or higher of Rec. ITU-
T H.235.0. The hybrid security profile contained herein takes advantage of the security profiles in Rec.
ITU-T H.235.1 and Rec. ITU-T H.235.2 by deploying digital signatures from Rec. ITU-T H.235.2 and
deploying the baseline security profile from Rec. ITU-T H.235.1. Enables deploying IETF’s Secure Real
Time Transport Protocol (SRTP) media security where the MIKEY key management supplies the
necessary keys and security parameters among the involved endpoints end-to-end, and can be
deployed within a Rec. ITU-T H.323 domain among enabled Rec. ITU-T H.323 systems, and defines the
security protocol extensions to Rec. ITU-T H.225.0 RAS and Call Signaling as well as Rec. ITU-T H.245,
provides the capabilities to support interworking with IETF SIP entities that have implemented the MIKEY
key management and SRTP.
Provides Rec.s of security procedures for using direct ‑routed call signalling in conjunction with Rec. ITU-
T H.235.1 and Rec. ITU-T H.235.3 security profiles. This security profile is offered as an option and may
complement the security profiles in Rec. ITU-T H.235.1 and Rec. ITU-T H.235.3. It also provides
implementation details for clause 8.4/H.235.0 using symmetric key management techniques.
Provides the framework for mutual party authentication during Rec. ITU-T H.225.0 RAS exchanges. The
"proof-of-possession" methods described permit secure use of shared secrets such as passwords which,
if used by themselves, would not provide sufficient security.Extensions to the framework to permit
simultaneous negotiation of Transport Layer Security parameters for protection of a subsequent call
signalling channel are also described.
Provides the framework for mutual party authentication during Rec. ITU-T H.225.0 RAS exchanges. The
"proof-of-possession" methods described permit secure use of shared secrets such as passwords which,
if used by themselves, would not provide sufficient security.Extensions to the framework to permit
simultaneous negotiation of Transport Layer Security parameters for protection of a subsequent call
signalling channel are also described.
Describes security procedures for Rec. ITU-T H.323/H.235-based systems for using the MIKEY key
management protocol in conjunction with the IETFSecure Real Time Transport Protocol. Describes an
efficient and scaleable, PKI-based hybrid security profile deploying digital signatures and deploying the
baseline security profile from Rec. ITU-T H.235 series. It is suggested as an option. Rec. ITU-T H.323
security entities (terminals, gatekeepers, gateways, MCUs, etc.) may implement this hybrid security
profile for improved security or whenever required. The notion of “hybrid” in this text shall mean that
security procedures from the signature profile in Rec. ITU-T H.235 series are actually applied in a
lightweight sense; the digital signatures still conform to the RSA procedures. However, digital signatures
are deployed only where absolutely necessary while high efficient symmetric security techniques from
the baseline security profile in Rec. ITU-T H.235 series are used otherwise. The hybrid security profile is
applicable for scaleable “global” IP telephony. This security profile overcomes the limitations of the
simple, baseline security profile of Rec. ITU-T H.235 series and certain drawbacks such, that users can
choose their VoIP provider much easier. This security profile supports a certain kind of user mobility as
Describes security procedures for key exchange for SRTP using secure signalling channels over Rec.
ITU-T H.323/H.235 networks.
Defines a method for the discovery of Security Gateways in the signalling path between communicating
Rec. ITU-T H.323 entities, and for sharing of security information between a gatekeeper and the SGs in
order to preserve signalling integrity and privacy.
Specifies syntax and semantics of terminal information messages as well as procedures to use them for
in-band negotiation at the start of or during communication. The messages cover receiving and
transmitting capabilities as well as mode preference from the receiving end, logical channel signalling,
and Control & Indication. Acknowledged signalling procedures are specified to ensure reliable
audiovisual and data communication. Products claiming compliance with Version 14 of Rec. ITU-T H.245
shall comply with all of the mandatory requirements of this Rec. Version 14 products can be identified by
Rec. ITU-T H.245 TerminalCapabilitySet messages containing a protocolIdentifier value of {itu-t (0)
recommendation (0) h (8) 245 version (0) 14}.
The secure real-time transport protocol (SRTP) is an RTP profile that provides confidentiality, message
authentication and replay protection to RTP and RTCP sessions. The secure RTP package allows a
MGC to control the use of SRTP by a MG. By itself, the secure RTP package is incomplete, as it does
not provide procedures for key management. Instead, it is designed to rely on existing key-management
schemes and provides procedures for the use of one such key-management scheme: SDP security
descriptions. The most significant reasons why this Rec. is required, in addition to the existing (usually
SDP-based) SRTP key-management schemes are: a) Most existing SDP key-management schemes
rely on the SDP offer/answer model [IETF RFC 3264], however, the offer/answer model is not used in
Rec. ITU-T H.248 as it does not fit the nature of the connection between an Rec. ITU-T H.248 MGC and
a MG. b) Existing SDP key-management schemes do not contain procedures relating to parameter
overspecification and wildcarding, which are unique to Rec. ITU-T H.248. c) The limited lifetime of
SRTP master keys calls for mechanisms for handling master key expiry. The existing mechanisms
cannot be used in Rec. ITU-T H.248. d) The SRTP package allows explicit control over the key-
management scheme employed, allowing easy interoperability with, and migration to future schemes.
e) The
Rec. SRTP
ITU-T package
H.248.1 allowsthe
defines anInternational
MGC to audit the SRTP Preference
Emergency capabilities Scheme
of an MG(IEPS)
through
callthe use of the
indicator and
packages descriptor and the properties of the new package. f) The SRTP package allows
priority indicator in support of priority services, e.g. Emergency Telecommunications Service (ETS) an MGC to
and
collect statistics regarding the number of security violations encountered by the MG, and the volume
Multimedia Priority Service (MPS). Use of the IEPS call indicator and Priority indicator, as defined in Rec. of
SRTP traffic it processed.
ITU-T H.248.1, satisfy the ETS requirements of indicating an ETS Context and carrying the priority level.
Any prioritization of Rec. ITU-T H.248 procedures in the MGC and the transport of Rec. ITU-T H.248
control signalling towards the Media Gateway (MG) are based on the identification of ETS. The IEPS call
indicator, identifying an ETS call/session, indicates to the MG that the Context is an ETS Context and
enables prioritization of Rec. ITU-T H.248 control signalling once received. In addition, it enables
prioritized resource allocation in the MG for an ETS Context. The Priority indicator, carrying the priority
level, provides the MG with a means to distinguish different priority handling of resources on the MG
when ETS is used. This Rec. provides guidelines on the use of the IEPS call indicator and Priority
indicator in Rec. ITU-T H.248 profiles for Rec. ITU-T H.323 and NGN systems. These guidelines may be
used by other Standards Developing Organization (SDOs) when defining their Rec. ITU-T H.248.1
Specifies technical requirements for narrow-band visual telephone systems and terminal equipment,
typically for videoconferencing and videophone services. It describes a generic system configuration
consisting of a number of elements which are specified by respective ITU-T Rec., definition of
communication modes and terminal types, call control arrangements, terminal aspects and interworking
requirements. This revised version of H.320 introduces a number of enhancements and clarifications to
the previous version, primarily the description on the usage of ITU-T Recs G.722.1, Rec. ITU-T H.239,
Rec. ITU-T H.241, Rec. ITU-T H.264, and ISO/IEC 14496-3 in Rec. ITU-T H.320 systems.
Describes terminals and other entities providing real-time audio, video, data and/or multimedia
communications services over Packet Based Networks (PBN), which may not provide a guaranteed
Quality of Service. Support for audio is mandatory, data and video are optional, but if supported, the
ability to use a common mode of operation is mandatory, so that all terminals supporting that media type
can interwork. The packet based network may include Local Area Networks, Enterprise Area Networks,
Metropolitan Area Networks, Intra-Networks, and Inter-Networks (including the Internet), point-to-point
connections, a single network segment, or an internetwork having multiple segments with complex
topologies, therefore entities can use point-to-point, multipoint, or broadcast configurations. Such entities
may interwork with terminals on B-ISDN, N-ISDN, Guaranteed Quality of Service LANs, GSTN and/or
wireless networks, and entities may be integrated into personal computers or implemented in stand-
alone devices such as videotelephones. Annex J, Security for Simple endpoint types
Describes a directory services architecture for multimedia conferencing using LDAP. Standardized
directory services can support association of persons with endpoints, searchable white pages, and
clickable dialling. Directory services can also assist in the configuration of endpoints, and user
authentication based on authoritative data sources. This Rec. describes a standardized LDAP schema
to represent endpoints on the network and associate those endpoints with users. It discusses design
and implementation considerations for the inter-relation of video and voice-specific directories, enterprise
directories, call servers and endpoints.
Describes an LDAP schema to represent Rec. ITU-T H.323 endpoints. It is an auxiliary class related to
Rec. ITU-T H.350 and derives much of its functionality from that architecture.
Describes an LDAP schema to represent Rec. ITU-T H.235 elements. It is an auxiliary class related to
Describes an LDAP schema to represent Rec. ITU-T H.320 endpoints. It is an auxiliary class related to
Describes an LDAP directory services architecture for multimedia conferencing using SIP, defines an
LDAP schema to represent SIP User Agents (UAs) on the network and associate those endpoints with
users, and is intended to supplement the CommObject directory architecture discussed in Rec. ITU-T
H.350, and not intended to be used as a stand-alone architecture. The implementation of this LDAP
schema, together with the use of the Rec. ITU-T H.350 CommObject architecture, facilitates the
integration of SIP User Agents and conferencing devices into existing Enterprise Directories, thus
allowing the user to perform white page lookups and access clickable dialling supported by SIP devices.
Describes an LDAP schema to represent non-standard multimedia communications endpoints, and

provide a very basic framework for representing these elements in a directory. It is an auxiliary class
related to Rec. ITU-T H.350 and derives much of its functionality from that architecture.
Describes simple LDAP and Rec. ITU-T X.500 schemas to represent call forwarding and call preference
information in an Rec. ITU-T H.350 directory, and is intended to represent addresses to which calls
should be forwarded in the case that an endpoint does not answer a call. It can direct calls to simple
Rec. ITU-T H.320, Rec. ITU-T H.323 or SIP addresses, or complex forwarding schemes such as time of
day preferences, web pages, electronic mail or other applications.
Describes an Extensible Messaging and Presence Protocol (XMPP), the IETF standard protocol for
exchanging information between network endpoints using Extensible Markup Language (XML), to
enable instant messaging and presence applications and is growing in popularity. This includes XMPP in
the suite of protocols that is supported in Rec. ITU-T H.350, so that an organization can directory-enable
and manage XMPP resources in the same way that other multimedia protocols (e.g., Rec. ITU-T H.320,
Rec. ITU-T H.323, SIP) are managed in Rec. ITU-T H.350.
Defines the mechanism of encapsulating RAS messages inside Rec. ITU-TH.225.0 messages and the
method for discovering the ability of a peer Rec. ITU-T H.323 entity to support features defined in this
Rec.The current version of Rec. ITU-T H.323 requires two completely independent transports: one for
RAS and another for Rec. ITU-T H.225.0 call signalling. For several reasons, one of them is FW/NAT
traversal; it would be advantageous to be able to use the same transport for both protocols.
Extends Rec. ITU-T H.323 to enable H.323 devices to successfully exchange signalling and establish
calls, even when they are placed inside a private network behind NAT/FW devices. These extensions,
when used together with the facilities of Rec. ITU-T H.460.19, enable H.323 endpoints to traverse
NAT/FW installations with no additional equipment on the customer premises. Alternatively, the Rec.
ITU-T H.460.18 extensions may be implemented by a proxy server to support unmodified Rec. ITU-T
H.323 endpoints.
Extends Rec. ITU-T H.323 by defining the NAT/FW traversal mechanism for media. Together with an
appropriate mechanism for signalling traversal, such as Rec. ITU-T H.460.18, it may be used as a
solution for the NAT/FW traversal problem by Rec. ITU-T H.323.
Specifies the security negotiation mechanism for Rec. ITU-TH.225.0 call signalling message exchanges.
The main goals include: 1) Secure selection of the security mechanism. Otherwise, the procedure of
negotiation is vulnerable to certain attacks such as malicious manipulation or bidding-down attacks. The
entire RAS message shall be protected during the negotiation procedure. 2) Involved Rec. ITU-T H.323
entities shall determine mutually agreed security protocols without requiring additional round trips. 3)
Entities involved in the negotiation procedure shall be aware of the result of the negotiation, such as
success or failure. 4) The negotiation procedure should not cause any additional burden to the involved
entities. The negotiated security mechanism between two entities is to be applied for Rec. ITU-T H.225.0
call signalling messages before initiating a call establishment procedure. Detailed negotiation
procedures, which provide the necessary security interoperability among Rec. ITU-T H.323 systems, are
specified in this Rec. The syntax of the security capability parameters in call signalling messages is also
specified.
Deals with mobility aspects for Rec. ITU-T H.323 systems above the transport layer and defines services
and procedures for the support of mobility in Rec. ITU-T H.323 multimedia systems.The main focus is on
the support of terminal mobility, although support of user mobility in the context of Rec. ITU-T H.323 is
covered as well. This version of this Rec. does not cover handover procedures where active calls can be
maintained during location changes.
Provides security procedures in Rec. ITU-T H.323 mobility environments such as under scope of Rec.
ITU-T H.510 that describes mobility for Rec. ITU-T H.323 multimedia systems and services. This Rec.
provides the details about the security procedures for Rec. ITU-T H.510. So far, the signaling capabilities
of Rec. ITU-T H.235 in version 1 and 2 are designed to handle security in mostly static Rec. ITU-T H.323
environments. Those environments and multimedia systems can achieve some limited mobility within
gatekeeper zones; Rec. ITU-T H.323 in general and Rec. ITU-T H.235 specifically provide only very little
support for secure roaming of mobile users and terminals across different domains with many involved
entities in a mobility, distributed environment for example. The Rec. ITU-T H.323 mobility scenarios
depicted in Rec. ITU-T H.510 regarding terminal mobility pose a new situation with their flexible and
dynamic character also from a security point of view. Roaming Rec. ITU-TH.323 users and mobile
terminals have to be authenticated by a foreign, visited domain. Likewise, the mobile user would like to
obtain evidence about the true identity of the visited domain. In addition to that, it may be also useful to
obtain evidence about the identity of the terminals complementing user authentication. Thus, these
Defines the system architecture for the multimedia information access triggered by tag-based
identification on the basis of Rec. ITU-T F.771, and serves as a technical introduction to subsequent
definition of detailed system components and protocols. The services treated by this Rec. provide the
users with a new method to refer to the multimedia content without typing its address on a keyboard or
inputting the name of objects about which relevant information is to be retrieved. This is one of the major
communication services using identification (ID) tags such as radio frequency identifications (RFIDs),
smart cards and barcodes. International standardization of these services will give a big impact to
international multimedia information services using ID tags. It contains the functional model, its
constituent components as well as its workflow.
Compilation of reported defects identified in Version 3 of Rec. ITU-T H.235, which comprises: Rec. ITU-T
H.235 (2003-08), Rec. ITU-T H.235 Corrigendum 1 (2005-01), Rec. ITU-T H.235 Amendment 1 (2004-
04) and Rec. ITU-T H.235 Amendment 2 (2005-01). It must be read in conjunction with the Rec.s to
serve as an additional authoritative source of information for implementers. It should be noted that Rec.
ITU-T H.235 V3 has been superseded by Rec. ITU-T H.235 V4, and this Implementors’ Guide is
provided solely as assistance to implementors of Rec. ITU-T H.235 V3. The changes, clarifications and
corrections defined herein have been included in Rec. ITU-T H.235 V4. In particular, this Implementors’
Guide addresses errors found in Rec. ITU-T H.235 (2003) Annex D, in Rec. ITU-T H.235 (2004)
Amendment 1 Annex H and in Annex I. This Implementors’ Guide contains all updates submitted upto
and including those at SG 16 meeting, July/August 2005, in Geneva (TD 147/PLEN), and was approved
on 5 August 2005.
Defines the operation of Rec. ITU-T H.248.1, version 3, with Rec. ITU-T H.225, session initiation protocol
(SIP) and integrated services digital network user part (ISUP) in support of emergency
telecommunications service (ETS)/international emergency preference scheme (IEPS) priority
information.
Contains a common standard for a conditional access system for long distance international
transmission of digital television conforming to the MPEG-2 Professional Profile (4:2:2). The Basic
Interoperable Scrambling System (BISS) based on the DVB-CSA specification using fixed clear keys
called Session Words is described. Another backward compatible mode introduces an additional
mechanism to insert Encrypted Session Words, while at the same time conserves interoperability
Constitutes a common standard for a conditional access system for long-distance international
transmission of digital television according to Rec. ITU-T J.811. It first gives an overview of any
conditional access system, describing the categories of conditional access messages which need to be
transmitted. It specifies a transport protocol based on HDLC frames for the conditional access messages
sent in channel CA1 of Rec. ITU-T J.81.Furthermore, an architecture of the whole transmission system,
including the conditional access features, is described. This architecture differs from the traditional pay-
TV systems architecture in the way that it stresses the need for an access control authority which is not
co-sited with the transmitters.
Defines the data privacy and access requirements protecting MPEG digital television signals passed on
cable television networks between the cable headend and the ultimate subscriber. The exact
cryptographic algorithms used in theis process are not in Rec. ITU-T J.93 as they are regionally and/or
industry determined.
Describes both the cryptographic techniques to protect access to clear-text MPEG digital television
signals, and a process, known as "watermarking" which indelibly marks the intellectual property as to its
owner and that owner’s requirements regarding copying. A successful copy protection system supports
the legal privilege of the owner of the IPR to control the distribution of the protected product. The illegal
recording and duplicating of television intellectual property has resulted in a very large illegal business
worldwide, and has cost the owners of the intellectual property significant funds in lost revenue. With the
change to digital MPEG television, the problem is exacerbated because digital recordings can be
duplicated in their original quality over many generations, whereas analogue recordings are reduced in
fidelity with each successive generation, and become unusable at some point. In systems where the
MPEG digital signal is received and rendered into an analogue equivalent for viewing on an analogue-
only television receiver, the quality of that analogue signal causes it to be a target for pirating also, and
thus must be protected. To assist in these goals, approaches have been developed for hiding digital
markings in digital television intellectual property in a manner that is both undetectable and incorruptible.
Contains a common standard for a conditional access system for long distance international
transmission of digital television conforming to the MPEG-2 Professional Profile (4:2:2). The Basic
Interoperable Scrambling System (BISS) based on the DVB-CSA specification using fixed clear keys
called Session Words is described. Another backward compatible mode introduces an additional
mechanism to insert Encrypted Session Words, while at the same time conserves interoperability.
Digital television services have been established in many countries and the benefits of extending these
to provide interactive services are widely recognized. Cable television distribution systems are
particularly suited for the implementation of bidirectional data services and this Rec. complements and
extends the scope of Rec. ITU-T J.83 "Digital multi-programme systems for television, sound and data
services for cable distribution" to make provision for bidirectional data over coaxial and hybrid fibre-coax
cables for interactive services. It also contains several annexes in recognition of different existing media
environments. It is recommended that for the introduction of fast Internet access and/or interactive cable
television services, the systems be used to achieve the benefits of economies of scale and facilitate
interoperability. Security requirements are established, the use of SP-DOCSS Data Over Cable Security
System (DOCSS) Specification; SP-RSM Removable Security Module Specification and SP-BDS
Baseline Data-Over-Cable Security Specification is recommended.
Provides MAC layer privacy (encryption and authentication) services for DOCSIS CMTS-CM
communications. This Rec. often referred to as Baseline Privacy Interface Plus or BPI+, has the
following two goals: a) provide cable modem users with data privacy across the cable network; and b)
provide cable operators with service protection; i.e., prevent unauthorized users from gaining access to
the network's RF MAC services. BPI+ provides a level of data privacy across the shared medium cable
network equal to or better than that provided by dedicated line network access services (analog modems
or digital subscriber lines).
Provides the architectural framework that will enable cable television operators to provide time-critical
services over their networks that have been enhanced to support cable modems. The security services
available through IPCablecom's core service layer are authentication, access control, integrity,
confidentiality and non-repudiation. An IPCablecom protocol interface may employ zero, one or more of
these services to address its particular security requirements. IPCablecom security addresses the
security requirements of each constituent protocol interface by: a) identifying the threat model specific to
each constituent protocol interface; b) identifying the security services (authentication, authorization,
confidentiality, integrity, and non-repudiation) required to address the identified threats; c) specifying the
particular security mechanism providing the required security services. The security mechanisms
include both the security protocol (e.g. IPsec, RTP-layer security, and SNMPv3 security) and the
supporting key management protocol (e.g. IKE, PKINIT/Kerberos).
Defines the Security Architecture, protocols, algorithms, associated functional requirements and any
technological requirements that can provide for the security of the system for the IPCablecom network.
Authentication, access control, message and bearer content integrity, confidentiality and non-repudiation
security services must be provided as defined herein for each of the network element interfaces.
Establishes a flexible and forward-looking home-networking framework that provides a unifying theme
for developing a coherent set of home-network interface specifications, while at the same time lending
itself to future enhancement. The MediaHomeNet infrastructure is designed to be complementary to
those of Recs ITU-T J.112, J.122, J.160 (IPCablecom), and of cable broadcast networks, but distinct and
operational in the absence of IPCablecom deployment. This Rec. identifies a set of fundamental
architectural elements that can be flexibly combined in a set of configurations, allowing for the
consideration of a wide variety of home‑networking solutions. This Rec. describes Security Functions
and Security Requirements for a) Residential Gateway device authentication; b) Secure Residential
Gateway management messages; c) Secure download of configuration and software files; d) Secure
QoS on the HFC link; e) Remote Residential Gateway firewall management.
Provides a set of IP-based features that may be added to a cable modem that will enable cable
operators to provide an additional set of enhanced services to their customers including support for
IPCablecom Quality of Service (QoS), enhanced security, additional management and provisioning
features, and improved addressing and packet handling. These IP-based features reside in the logical
element Portal Service (PS or just Portal). A Cable Modem that contains these enhanced features is an
IP-enhanced Cable Modem (IPCM), and is an implementation of a Rec. ITU-T J.190 HA device class. As
described in Rec. ITU-T J.190, the HA device class includes both Cable Modem functionality as well as
Portal Services functionality. Chapter 11 security: defines the security interfaces, protocols and functional
requirements needed to reliably deliver cable-based IP services in a secure environment to the PS. The
purpose of any security technology is to protect value, whether a revenue stream, or a purchasable
information asset of some type. Threats to this revenue stream exist when a user of the network
perceives the value, expends effort and money, and invents a technique to get around making the
necessary payments. Annex C: Security threats and preventative measures.
Defines the requirements of a Digital Rights Management bridge from a cable access network to a home
network, to which many types of content (e.g., video, audio, etc.) may be transferred by the network
operator with assurance that the content is not used in a manner that is a violation of any service
agreements or legal requirements.
Defines the security requirements for the cable modem in the third generation of high-speed data-over-
cable systems (DOCSIS 3.0). For an overview of the third generation cable modem Recs see Rec ITU-T
J.phy
Provides the architectural framework, technical background and project organization for the second
release of the IPCablecom family of Rec.s providing for the extension into the multimedia domain.The
initial release of IPCablecom [Rec. ITU-T J.160-J.178] provides for telephony. IPCablecom multimedia
[Rec. ITU-T J.179] creates a bridge that allows for the expansion of IPCablecom into a full range of
multimedia services. IPCablecom2 is a cable industry effort designed to support the convergence of
voice, video, data and mobility technologies. There are tens of millions of cable broadband customers,
and the capability of the network to provide innovative services beyond high-speed Internet access is
ever increasing. In particular, real-time communication services based on the IP protocols, such as Voice
over Internet Protocol (VoIP), are rapidly evolving and consumers are embracing a wide range of client
devices and media types. It is expected that new technologies, such as Video over IP communications
and the ability to display voice and video mail message notifications on a TV-set, will change the way
communication and entertainment services are offered. These cutting edge technologies will present
exciting new opportunities for cable operators to offer high-value services to consumers in a cost-
effective manner.
Specifies the security features and mechanisms for secure access to the IM subsystem (IMS) for the 3G
mobile telecommunication system as modified for use in cable networks. The Third Generation
Partnership Project (3GPP) has developed the specification in a form optimized for the wireless
environment. This Rec. references the ETSI version of the 3GPP specification and specifies only the
modifications necessary to optimize it for the cable environment. It is an important objective of this work
that interoperability between IPCablecom 2.0 and 3GPP IMS is provided. IPCablecom 2.0 is based
upon 3GPP IMS, but includes additional functionality necessary to meet the requirements of cable
operators. Recognizing developing converged solutions for wireless, wireline, and cable, it is expected
that further development of IPCablecom 2.0 will continue to monitor and contribute to IMS developments
in 3GPP, with the aim of alignment of 3GPP IMS and IPCablecom 2.0. Because this ITU-T Rec. indicates
modifications from the ETSI specification ETSI TS 133 202 V6.90 (2005-12), the structure of the
Recommendation does not follow normal ITU-T practice so as to ease the task of the reader to correlate
the two documents. The modifications to ETSI TS 133.202 V6.90 (2005-12) Access security for IP-
based services Specification are listed.
Introduces a new IPCablecom2 Rec. to define the security architecture for the UMTS network domain
IP‑based control plane. The scope of the UMTS network domain control plane security is to cover the
control signalling on selected interfaces between UMTS network elements.The Third Generation
Partnership Project (3GPP) has developed the specification in a form optimized for the wireless
environment. This Rec. references the ETSI version of the 3GPP specification and specifies only the
modifications necessary to optimize it for the cable environment.
Describes the security features and a mechanism to bootstrap authentication and key agreement for
application security.
Specifies functional and security requirements that should be considered for remotely renewing the
conditional access client software in a conditional access system in cable networks. Since there are no
permanent secure conditional access systems in the real world, almost all conditional access systems
provide a way to renew conditional access client software (CACS) by replacing the conditional access
module (CAM), which is a cryptographic functional module located in set-top box. The CACS remote
renewable security system (CRS) is a new paradigm technology for renewing CACS by securely
downloading a new CACS through the digital cable two-way environment. As a result there is no
additional budget required for issuing a new security hardware module when the Multiple System
Operator (MSO) wants to upgrade the old CACS in CAM to a new one. This Rec. focuses on the
architectural, functional, and security requirements that should be considered for remotely renewing the
CACS within a conditional access system, which is supposed to be provided by a single vendor in cable
networks. This Rec. defines three major functional requirements, which are "Authentication and secure
download of CACS", "CAM and descrambler pairing", and "CAM cloning-attack countermeasure", for
Outlines electromagnetic security risks of telecommunication equipments and guides how to assess and
prevent those risks, in order to manage an information security management system (ISMS) in
accordance with Rec. ITU-T X.1051. General guidelines of information security management for
telecommunications organizations are presented in Rec. ITU-T X.1051, which is based on ISO/IEC
27001 and 27002. In an ISMS based on Rec. ITU-T X.1051, physical security is a key issue. When the
security is managed, one should evaluate the threat and mitigate equipment or site. The threat is related
to “Vulnerability” and “Confidentiality” in ISMS. Major electromagnetic security risks taken up in this Rec.
are as follows: (a) Natural EM threats (e.g. lightning); (b) Unintentional interference (i.e. Electromagnetic
Interference (EMI)); (c) Intentional interference [Intentional Electromagnetic Interference (IEMI)]; (d)
Deliberate EM attack via High Altitude Electromagnetic Pulse (HEMP); (e) Deliberate EM attack via High
Power Electromagnetic (HPEM); (f) Information leakage from EM emanation [Electromagnetic security
(EMSEC)]. This Rec. represents an overview of electromagnetic security, classifications of environment
where devices and equipments to be protected are installed, classifications of predicted threat and
In most countries, there are both national and provincial as well as other fire regulation codes related to
buildings for the prevention of the spread of fire. Some companies operating in countries where the fire
regulation codes may or may not apply do not have a specific code for their internal use in order to unify,
optimize and adjust their needs to provide adequate fire protection measures. This situation will increase
the work of the management project group since it will be necessary to compile and evaluate national
and international fire regulation codes for the design and conditioning of buildings destined to house
telecommunication equipment and facilities and for the training of personnel. The adoption of adequate
fire prevention measures can lessen the risk to life and reduce the chances of a serious disruption to the
telecommunication network. The fire department of a civil administration needs information on any
telecommunication building concerning access, local fire fighting facilities, emergency power supplies,
water supplies in tall buildings, where to disconnect the public power supplies, the presence of
hazardous materials and the importance of minimizing water damage to telecommunication equipment.
Defines concepts of Telecommunications Management Network (TMN) architectures (TMN functional
architecture, TMN information architecture, and TMN physical architectures) and their fundamental
elements and describes the relationship among the three architectures and provides a framework to
derive the requirements for the specification of TMN physical architectures from the TMN functional and
information architectures. A logical reference model for partitioning of management functionality, the
Logical Layered Architecture (LLA), is provided. This Rec. also defines how to demonstrate TMN
conformance and compliance for the purpose of achieving interoperability. The requirements of the TMN
involve the ability to ensure secure access to management information by authorized management
information users. TMN includes functional blocks for which security functionality is performed by
security techniques to protect the TMN environment in order to assure the safety of the information
exchanged over the interfaces and residing in the management application. Security principles and
mechanisms are also related to the control of access rights of the TMN users to information associated
with TMN applications.
Provides an overview and framework that identifies security threats to a TMN and outlines how available
security services can be applied within the context of the TMN functional architecture
Identifies the security requirements for the management plane in Telecommunication management. It
focuses specifically on the security aspect of the management plane for network elements (NE) and
management systems (MS), which are part of the Telecommunication infrastructure.
Identifies the security services for the management plane in Telecommunication management. It focuses
specifically on the security aspect of the management plane for network elements (NE) and
management systems (MS), which are part of the Telecommunication infrastructure.
Identifies the security mechanisms for the management plane in the Telecommunication management
network. This document focuses specifically on the security aspect of the management plane for
network elements (NE) and management systems (MS), which are part of the Telecommunication
infrastructure.
Defines the Conformance Profile proforma for organizations using Rec. ITU-T M.3016.1-3 for specifying
the telecommunications management plane requirements. By completing the proforma in this Rec.
different profiles are specified
Describes the management interface specification methodology (MISM), and describes the process to
derive interface specifications based on user requirements, analysis and design (RAD). Guidelines are
given on RAD using unified modelling language (UML) notation; however, other interface specification
techniques are not precluded. The guidelines for using UML are described at a high level in this Rec.
Provides, as one of the series of Rec. ITU-T M.3200 TMN management service Rec.s a profile of Rec.
ITU-T M.3208.1 for customer administration of leased circuit services using pre provisioned resources
(link connections). This is done by using existing function sets, functions and parameters from Rec. ITU-
T M.3208.1 and adding additional semantics and restrictions.
Is one of the series of TMN Management Service Recs. that provide description of management
services, goals and context for management aspects of IMT-2000 networks. This Rec. describes a
subset of Security Management services to provide Requirements and Analysis of the Security
management and a profile for fraud management in an IMT-2000 mobile network. The emphasis is on
the X interface between two service providers and the management services needed between the two to
detect and prevent fraud by operating the Fraud Information Gathering System (FIGS) as means to
monitor a defined set of subscriber activities to limit their financial exposure to large unpaid bills
produced on subscriber accounts whilst the subscriber is roaming. This Rec. builds on the function sets
identified in Rec. ITU T M.3400 by defining new function sets, functions and parameters and adding
additional semantics and restrictions.
is part of a series dealing with the transfer of information for the management of telecommunication
networks and services , and only some parts address security aspects. The purpose of this Rec. is to
define a requirements framework for all functional, service and network-level requirements for the TMN
exchange of information between Administrations.. This Rec. also provides for the general framework of
using the TMN X-interface for the exchange of information between Administrations, Recognized
Operating Agencies, other Network Operators, Service Providers, Customers and other entities.This
Rec. includes specifications of the security requirements of the TMN X interface.
During catastrophic events, such as earthquakes, severe storms, floods, and civil unrest, governmental
and other essential users of public telecommunications need a preferential telecommunication capability
to support emergency and disaster relief operations. Telecommunication resources are often restricted
during these serious events due to damage, congestion, and failures. Therefore, it is desirable to
establish and manage telecommunication capabilities to support disaster relief operations that will
provide a high probability of completion of emergency telecommunications. Rec. ITU-T E.106 describes
an International Emergency Preference Scheme (IEPS) for PSTN, ISDN, and PLMN telephony services
to support emergency recovery activities during crises. Certain international and national
telecommunication capabilities will enable authorized users to have preferential access to
telecommunication services and preferential processing of telecommunications to support recovery
operations during emergency and disaster events. These capabilities, when provided nationally, are
referred to as the Emergency Telecommunication Service (ETS). While some countries already have
national preference schemes in existing telecommunication systems, the challenge at hand is
Is one of a series of Recs. of the Telecommunications Management Network (TMN), providing
specifications of TMN management functions and TMN management function sets. The content is
developed in support of Task Information Base B (Roles, resources and functions), associated with Task
2 (Describe TMN management context) in the TMN interface specification methodology specified in Rec.
ITU-T M.3020. When performing the analysis of TMN management context, it is desirable to consider
maximal use of the TMN management function sets available in this Rec. This Rec. includes descriptions
of the security management function supported by the TMN.
Describes a set of functions considered necessary for the management of security mechanisms
deployed in current and next generation packet oriented networks. A logical collection of management
functionality used to perform “Operations, Administration, Maintenance and Provisioning” (OAM&P) of
security mechanisms, policies and services within a services and communications infrastructure.
Therefore it describes the functional requirements of a Security Management System (SMS) that offers a
centralized view for control and security oversight of a Telecommunications Service Provider's (TSP's)
infrastructure. The SMS spans the management of the Management Security Plane, the Control Security
Plane, and the End-User Security Plane. The TSP's infrastructure consist of Application servers [e.g.,
servers for mail, instant messaging, database, web, file, Voice over IP (VoIP) and other applications];
Support servers (e.g., DNS, DHCP, NTP, backup, and other infrastructure support services);
Internetworking/transport components (e.g., multiplexers, switches, routers, transport gateways,
application gateways, gateway controllers, packet-filters a.k.a. firewalls, content filters, access points,
bridges, wired and wireless telephony devices and monitoring probes for QoS, and network activity, to
This is an extract from the BlueBook and contains only sections 8.5 (Intervals at which security
measures are to be invoked) to 8.9 (Load sharing method) of Rec. ITU-T Q.293
The ISDN user part is the signalling system No. 7 protocol which provides the signalling functions
required to support basic bearer services and supplementary services for voice and non-voice
applications in an integrated services digital network. The ISDN user part is also suited for application in
dedicated telephone and circuit switched data networks and in analogue and mixed analogue/digital
networks. In particular, the ISDN user part meets the requirements defined by the ITU-T for worldwide
international semi-automatic and automatic telephone and circuit switched data traffic. The ISDN user
part is furthermore suitable for national applications. Most signalling procedures, information elements
and message types specified for international use are also required in typical national applications.
Moreover, coding space has been reserved in order to allow national Administrations and recognize.
Amendment 2- Support for the International Emergency Preference Schemed operating agencies to
introduce network specific signalling messages and elements of information within the internationally
standardized protocol structure. Amendment 3: Support for the International Emergency Preference
Scheme (IEPS)
Describes the messages, parameters and the signalling information contained within parameters used
by the ISDN user part protocol, and their function. Amendment 3: Support for the International
Emergency Preference Scheme (IEPS)
Specifies the formats and codes of the ISDN user part messages and parameters required to support
basic bearer services and supplementary services. Amendment 4: Support for the International
Describes the ISDN User Part signalling procedures of the set-up and clear down of national and
international ISDN connections used for "ISUP 2000". Actions common for all types of exchanges are
described only once. Different or additional actions required in an exchange are specified in a separate
subclause applicable to that type of exchange. The procedures specified in clause 2 relate to basic call
(i.e. calls not involving supplementary services and IN). Amendment 4: Support for the International
ISDN international interconnections have to be realized between non homogeneous ISDNs that differ in
terms of services supported, national network signalling system and national access protocol.In order to
perform such international ISDN interconnections, it is required to specify unambiguously and without
options: a) the service capabilities of the international signalling system; b) the international signalling
interface, i.e., the signalling information elements and messages sent and received on the international
signalling section and the related procedures; c) all additional information, which is not specifically
signalling system related, but which is needed to absorb the potential differences between the national
networks. Amendment 1 was produced to meet the urgent need for the implementation of the
International Emergency Preference Scheme (IEPS) as specified in Rec. ITU-T E.106.
Provides specifications to support security transformations, such as encryption, hashing, sealing and
signing, focusing on whole Remote Operations Service Element (ROSE) Protocol Data Units (PDUs).
Security transformations are used to provide various security services such as authentication,
confidentiality, integrity and non-repudiation. This Rec. describes an approach to the provisioning of
security transformations that is implemented in the application layer and requires no security-specific
functionality in any of the underlying OSI stack layers. This Rec. enhances TMN security by supporting
security transformations for ROSE PDUs and exchange of related security information.
Defines the technical specification of a session layer protocol module called Electronic Communications
Interactive Agent. This may be used as an interface reference point in a TMN model for the
asynchronous exchange of data between peer application entities. The Interactive Agent (IA) supports
the exchange of near real time Electronic Data Interchange (EDIFACT or ASC X12 EDI) transactions. In
addition, this Rec. defines the architecture, design, structure, and process-flow for both normal and high
priority business functions utilizing Transport Layer Security (TLS).
Specifies an optional security module to be used with Rec. ITU-T Q.814, Specification of an Electronic
Data Interchange Interactive Agent that provides security services for whole Protocol Data Units (PDUs).
In particular, the security module supports non-repudiation of origin and of receipt, as well as whole
message integrity.
Defines a set of services that along with Rec. ITU-T X.780 composes a framework for CORBA-based
TMN interfaces. It specifies protocol requirements, CORBA Common Object Service usage
requirements, and TMN-specific support services. A CORBA IDL module defining the interfaces to the
TMN-specific support services is provided. The TMN architecture defined in Rec. ITU-T M.3010 (2000)
introduces concepts from distributed processing and includes the use of multiple management protocols.
The initial TMN interface specifications for intra- and inter-TMN interfaces were developed using the
Guidelines for the Definition of Managed Objects (GDMO) notation from OSI Systems Management with
Common Management Information Protocol (CMIP) as the protocol. The inter-TMN interface (X)
included both CMIP and CORBA GIOP/IIOP as possible choices at the application layer.
Defines extensions to the set of TMN CORBA Services required to support coarse-grained interfaces. It
specifies how CORBA Common Object Services are used to support coarse-grained interfaces, and
defines extensions to the TMN-specific support services defined in Rec. ITU-T Q.816. A CORBA IDL
module defining the interfaces to the new TMN-specific support services is provided.
Defines a set of TMN CORBA services required to support service-oriented interfaces. It specifies how
the ORB and common object services should be used in a lightweight fashion for supporting service-
oriented interfaces, and defines extensions to the TMN-specific support services defined in Rec. ITU-T
Q.816 and Rec. ITU-T Q.816.1. A CORBA IDL module defining the interfaces to the new TMN-specific
support services is provided. The new services and the lightweight use of other CORBA services, along
with Rec. ITU-T X.780.2, compose a framework for CORBA-based service-oriented TMN interfaces with
a wide range of applications.
Explains how Digital Certificates and Certificate Revocation Lists can be used in the TMN and provides
requirements on the use of Certificate and Certificate Revocation List extensions. This Rec. is intended
to promote interoperability among TMN elements that use Public Key Infrastructure (PKI) to support
security-related functions. The purpose of this Rec. is to provide interoperable, scalable mechanism for
key distribution and management within a TMN, across all interfaces, as well as in support of non-
repudiation service over the X interface. It applies to all TMN interfaces and applications. It is
independent of which communications protocol stack or which network management protocol is being
used. PKI facilities can be used for a broad range of security functions, such as, authentication, integrity,
non-repudiation, and key exchange (Rec. ITU-T M.3016.0). However, this Rec. does not specify how
such functions should be implemented, with or without PKI.
Provides a UML description for the management interface between a supplier management system and
an operator management system. This work defines part of the management aspects for network
resources defined by the Rec. ITU-T G.983-series of Rec.s for Broadband Passive Optical Network
(BPON) equipment. Generally speaking, the supplier management system is an element management
system (EMS) and the operator management system is a network management system (NMS).
However, the supplier management system is required to present a "network view" of connection
management to the operator management system. Therefore, it was deemed necessary for the sake of
clarity to use the terminology adopted in naming the systems involved.Behaviour for real time and non-
real time interfacing is addressed. All aspects of TMN management functional areas are addressed
except for accounting management since usage data collection is outside the scope of the BPON
equipment reference architecture.
Provides a CORBA IDL definition for the management interface between a Supplier Management
System and an Operator Management System. This work defines part of the management aspects for
network resources defined by the Rec. ITU-T G.983.x series of IRec.s for Broadband Passive Optical
Network (BPON) equipment.
Specifies UPT security requirements for both user-to-network and internetwork communication
applicable to UPT Service Set 1 as defined within Rec. ITU-T F.851. This Rec. covers all aspects of
security for UPT using DTMF accesses and out‑band DSS 1 based user accesses.
Provide an overall framework for the development of ITU-T IMT 2000 signalling requirements. This Rec.
is a guideline document for the other IMT 2000 Rec.s to be developed for the network functional model,
information flows, the UIM-MT interface, the radio interface, the access interface, and the network
interface. Specifically, this Rec. provides a description of the IMT 2000 "family of systems" concept and
what constitutes a family member; identification of IMT 2000 service and network capabilities for IMT
2000 Capability Set 1 (and beyond); a description of the approach to providing ITU T IMT 2000
requirements in Capability Sets; identification and description of the IMT 2000 interfaces necessary to be
standardized to support Capability Set 1; and a description of the structure of IMT 2000 Rec.s.
Provides a long-term vision (around the year 2010) for the network aspects of Systems Beyond IMT
2000. The ITU T and ITU R have collaborated to develop a single ITU vision of Systems Beyond IMT
2000 targeted for initial deployment around the year 2010, subject to market considerations. This
common ITU Vision is the nucleus and foundation for the development of related Rec.s in both the
Telecommunication Standardization Sector and the Radiocommunication Sector. This relationship is
responsive to develop roadmaps on IMT 2000 in an independent, but well-coordinated manner. There is
a definite trend towards integration of access networks (e.g., cellular, wireless local area network,
personal area wireless network, satellite systems, and Internet.) Based on this trend, it is envisioned that
the network environment of Systems Beyond IMT 2000 will consist of packet-based network
infrastructure offering a plethora of converged services.
Specifies the service and network capability framework for systems beyond IMT-2000, from the network
aspects, in order to attend the high level end-user needs delineated in the ITU long-term vision for
systems beyond IMT-2000, as specified in ITU-T Recs Q.1701 and Rec. ITU-T Q.1702 and ITU-R Rec.
M.1645. It is expected that various advanced services can be offered via the combination of radio aspect
of service capabilities and network aspect of service capabilities, the ones described herein. This Rec.
follows the vision described in ITU-R (Rec. M.1645) and ITU T (Rec. Q.1702). To fulfil the vision and
accomplish the objectives for systems beyond IMT-2000, this Rec. identifies the general capabilities
and/or requirements framework. These capabilities and/or requirements framework can be studied in
order to develop the detailed capabilities and/or requirements for systems beyond IMT-2000.
Rec. ITU-T Q.1706/Y.2801 describes the requirements for mobility management (MM) for Next
Generation Networks (NGN). For this purpose, describes the considerations for mobility management in
the NGN, classifies the types of mobility management for NGN environment, and identifies a set of the
MM requirements for NGN.
Identifies the IMT-2000 Family Member, "GSM evolved UMTS core network with UTRAN access
network". This release of the family member is known to the Standards Development Organizations (i.e.
ARIB, CWTS, ETSI, T1, TTA, TTC) as the "3GPP Release 1999". This Rec. includes references to the
3GPP security specifications i.e. to TS 21.133: Security Threats and Requirements, TS 33.102: Security
Architecture, TS 33.103: Security Integration Guidelines, TS 33.105: Cryptographic Algorithm
requirements, TS 33.106: Lawful interception requirements, TS 33.107: Lawful interception Architecture
and Functions, TS 33.120: Security Objectives and Principles
Identifies a release of the IMT-2000 family member, "GSM evolved UMTS Core Network with UTRAN
Access Network". This release of the family member is known to the Standards Development
Organizations (i.e., ARIB, CWTS, ETSI, T1, TTA, TTC) as the "3GPP Release 4". An earlier release,
known as "3GPP Release 99", of this family member is specified in ITU-T Rec. Q.1741.1, while other
IMT-2000 family members are specified in other Rec.s in the Q.174x series.This Rec. combines and
associates the relevant standards from a number of Standards Development Organizations for the core
network for this IMT-2000 family member into a global Rec.This Rec. includes references to the 3GPP
security specifications as TS 21.133: Security Threats and Requirements, TS 22.048: Security
Mechanisms for the (U) SIM application toolkit, TS 22.101: Service aspects; Service principles, TS
33.102: Security Architecture, TS 33.103: Security Integration Guidelines, TS 33.105: Cryptographic
Algorithm requirements, TS 33.106: Lawful interception requirements, TS 33.107: Lawful interception
Architecture and Functions, TS 33.120: Security Objectives and Principles, TS 33.200: Network Domain
Security – MAP, TS 35.205, .206, .207, and .208: Specification of the MILENAGE Algorithm Set
Identifies a release of the IMT-2000 Family Member, "GSM evolved UMTS Core Network". This release
of the Family Member is known to the Standards Development Organizations (i.e., ARIB, CWTS, ETSI,
T1, TTA, TTC) as the "3GPP Release 5". Earlier releases, known as "3GPP Release 99" and "3GPP
Release 4", of this Family Member are specified in ITU-T Rec.s Q.1741.1 and Q.1741.2, respectively,
while other IMT-2000 Family Members are specified in other ITU-T Rec.s in the Q.174x series.This Rec.
combines and associates the relevant standards from a number of Standards Development
Organizations for the core network for this IMT-2000 Family Member into a global Rec. This Rec.
includes references to the 3GPP security specifications as TS 22.101: Service aspects; Service
principles, TS 33.102: Security Architecture, TS 33.106: Lawful interception requirements, TS 33.107:
Lawful interception Architecture and Functions, TS 33.108: Handover interface for Lawful Interception
(LI), TS 33.200: Network Domain Security – MAP, TS 33.203: Access security for IP-based services, TS
33.210: Security; Network Domain Security (NDS); IP network layer security, TS 35.205, .206, .207, .208
and .909: Specification of the MILENAGE Algorithm Set
of the Family Member is known to the Standards Development Organizations (i.e., ARIB, CCSA, ETSI,
ATIS, TTA, TTC) as the "3GPP Release 6". Earlier releases, known as "3GPP Release 99", "3GPP
Release 4", and "3GPP Release 5", of this Family Member are specified in ITU-T Recs Q.1741.1,
Q.1741.2, and Q.1741.3, respectively, while other IMT-2000 Family Members are specified in other
Rec.s in the Q.174x series. This Rec. combines and associates the relevant standards from a number of
Standards Development Organizations for the core network for this IMT-2000 Family Member into a
global Rec.
Release 4", "3GPP Release 5", and "3GPP Release 6", of this Family Member are specified in ITU-T
Rec. Q.1741.1, Q.1741.2, Q.1741.3, and Q.1741.4, respectively, while other IMT-2000 Family Members
are specified in other ITU-T Rec.s in the Q.174x series. This Rec. combines and associates the relevant
standards from a number of Standards Development Organizations for the core network for this IMT-
2000 Family Member into a global Rec.
Release 4", "3GPP Release 5", "3GPP Release 6", and “3GPP Release 7”, of this Family Member are
specified in .ITU-T Rec Q.1741.1, Q.1741.2, Q.1741.3, Q.1741.4, and Q1741.5, respectively, while other
IMT-2000 Family Members are specified in other Rec.s in the Q.174x series. This Rec. combines and
associates the relevant standards from a number of Standards Development Organizations for the core
network for this IMT-2000 Family Member into a global Recommendation.
Identifies a release of the IMT-2000 family member, "GSM evolved UMTS core network". This release of
the family member is known to the standards development organizations (i.e., ARIB, CCSA, ETSI, ATIS,
TTA, TTC) as the "3GPP Release 9". Earlier releases, known as "3GPP Release 99", "3GPP Release 4",
"3GPP Release 5", "3GPP Release 6", "3GPP Release 7" and "3GPP Release 8", of this family member
are specified in ITU-T Rec. Q.1741.1, Q.1741.2, Q.1741.3, Q.1741.4, Q.1741.5 and Q.1741.6,
respectively, while other IMT-2000 family members are specified in other Rec.s in the Q.174x series.
This Rec. combines and associates the relevant standards from a number of standards development
organizations (SDOs) for the core network for this IMT-2000 family member into a global
Recommendation.
Associates the published core network standards from standards development organizations (SDOs)
with those 3GPP2 specifications that were approved as of 17 July 2001 for the IMT-2000 family member
"ANSI-41 evolved Core Network with cdma2000 Access Network." 3GPP2 specifications that were
approved as of July 2002 will be associated with published core network standards in future ITU-T Rec.
Q.1742.2. The radio interface and radio access network and standards from the SDOs for this IMT-2000
family member are associated in ITU-R M.1457. The associations for other IMT-2000 family members
are identified in the ITU-T Q.174x series. This Rec. combines and associates the relevant core network
standards from a number of standards development organizations for this IMT-2000 family member into
a global Rec.
Associates the published core network standards from the regional standards development
organizations (SDOs) with those 3GPP2 specifications that were approved as of 11 July 2002 for the
IMT-2000 family member "ANSI-41 evolved core network with cdma2000 access network".3GPP2
specifications that were approved as of 17 July 2001 were associated with the published core network
standards from the regional standards development organizations in ITU-T Rec. Q.1742.1. 3GPP2
specifications that are approved as of July 2003 will be associated with published core network
standards in the future ITU-T Rec. Q.1742.3. The radio interface and radio access network and
standards from the SDOs for this IMT-2000 family member are associated in ITU-R M.1457-1. The
associations for other IMT-2000 family members are identified in the ITU-T Q.174x series.This Rec.
combines and associates the regional standards for the core network of this IMT-2000 family member
into a global Rec.
organizations (SDOs) with those 3GPP2 specifications that were approved as of 30 June 2003 for the
IMT-2000 family member "ANSI-41 evolved core network with cdma2000 access network." 3GPP2
specifications that are approved as of July 2004 will be associated with published core network
standards in future ITU-T Rec. Q.1742.4. The radio interface and radio access network and standards
from the SDOs for this IMT-2000 family member are associated in ITU-R Rec. M.1457. The associations
for other IMT-2000 family members are identified in the ITU-T Rec. Q.174x series. This
Recommendation combines and associates the regional standards for the core network of this IMT-2000
family member into a global Recommendation.
IMT-2000 family member "ANSI-41 evolved Core Network with cdma2000 Access Network." 3GPP2
specifications that were approved as of 30 June 2003 were associated with the published core network
specifications that are approved as of 30 June 2005 will be associated with published core network
from the SDOs for this IMT-2000 Family Member are associated in ITU-R Rec. M.1457-3. The
associations for other IMT-2000 family members are identified in the ITU-T Rec. Q.174x series. This
organizations (SDOs) with those 3GPP2 specifications that were approved as of 31 December 2005 for
the IMT-2000 family member "ANSI-41 evolved Core Network with cdma2000 Access Network". 3GPP2
specifications that are approved as of 31 December 2006 will be associated with published core network
the IMT-2000 family member "ANSI-41 evolved core network with cdma2000 access network".3GPP2
specifications that were approved as of 31 December 2005 were associated with the published core
network standards from the regional standards development organizations in ITU-T Rec.
IMT-2000 Family Member "ANSI-41 evolved Core Network with cdma2000 Access Network." 3GPP2
standards from the regional standards development organizations in Rec. ITU-T Q.1742.1. 3GPP2
specifications that were approved as of 31 December 2005 were associated with the published core
network standards from the regional standards development organizations in Rec. ITU-T Q.1742.5.
organizations (SDOs) with the 3GPP2 specifications that were approved as of 31 January 2010 for the
IMT-2000 family member "ANSI-41 evolved Core Network with cdma2000 Access Network." 3GPP2
specifications, that were associated with the published core network standards from the regional
standards development organizations (SDOs) in Recommendation ITU-T Q.1742.1 to Q.1742.7. The
radio interface and radio access network and the standards from the SDOs for this IMT-2000 family
member are associated in Rec ITU-R M.1457. The associations for other IMT ‑2000 family members are
identified in the ITU-T Q.174x-series Recommendation. This Rec. combines and associates the regional
standards for the core network of this IMT-2000 family member into a global Recommendation.
the IMT-2000 Family Member "ANSI-41 evolved Core Network with cdma2000 Access Network", and
3GPP2 specifications that were associated with the published core network standards from the regional
standards development organizations in Rec.s Q.1742.1 to Q.1742.8. The radio interface and radio
access network and standards from the SDOs for this IMT 2000 family member are associated in Rec.
ITU-R M.1457. The associations for other IMT-2000 family members are identified in the ITU-T Q.174x
series. The core network interfaces identified in this recommendation and the radio interfaces and radio
access network interfaces identified in Rec. ITU-R M.1457 constitute a complete system specification for
the 3rd generation mobile system for terrestrial usage of this IMT-2000 family member.
Provides a functional description of the Bearer Independent Call Control (BICC) protocol for the support
of narrowband ISDN services independent of the bearer technology and signalling message transport
technology used. Amendment 2: Support for the International Emergency Preference Scheme (IEPS)
Describes the messages, parameters and the signalling information contained within parameters used
by the Bearer Independent Call Control (BICC) protocol and the ISDN user part, and their functions.
Amendment 3: Support for the International Emergency Preference Scheme (IEPS)
Specifies the formats and codes of the Bearer Independent Call Control (BICC) protocol for the support
of narrow-band ISDN services independent of the bearer technology and signalling message transport
technology used. It also specifies ISDN user part messages and parameters required to support basic
bearer services and supplementary services according to Rec. ITU-T Q.761. Amendment 3: Support for
the International Emergency Preference Scheme (IEPS)
Describes the Bearer Independent Call Control (BICC) basic call procedures for the support of narrow-
band ISDN services independent of the bearer technology and signalling message transport technology
used (Capability Set 2). Amendment 3: Support for the International Emergency Preference Scheme
(IEPS)
Amendment 1: New Annex G – Call bearer control – International Emergency Preference Scheme
Amendment 1: Support for the International Emergency Preference Scheme (IEPS). This amendment
was produced to meet the urgent need for the implementation of the International Emergency
Preference Scheme (IEPS) as specified in Rec. ITU-T E.106.
Describes the security signaling requirements and protocol architecture for supporting access security
aspect of network attachment procedure in NGN. Basic threats and security requirements for the
attachment of NGN access networks are analyzed, and a model of an EAP-based security signaling
protocol architecture accommodating heterogeneous multi-links in NGN access environment is
presented. Based on it, three feasible scenarios for authentication signaling in NGN network attachment
control function are developed. This Rec. also provides some threats and security requirements related
to the signaling and control for network attachment. The goal of this Rec. is to identify security
requirements for access network and to define an EAP-based security protocol architecture for network
access attachment. The main focus of this Rec. is on an EAP-based security signaling protocol
architecture for authentication and authorization in the network attachment system of NGN. This Rec.
incorporates overall context of related standards, on the issue of network security protocol, from IETF,
IEEE, and ITU-T.
Discusses a couple of authentication protocols for heterogeneous access authentication. 3GPP has
standardized the 3GPP system-based EAP-AKA for interworking 3GPP and WLAN networks. The
WiMax or WLAN device requires an external UICC reader for applying the current EAP-AKA defined in
3GPP TS 33.234. This Rec. proposes to apply the EAP-AKA protocol to non-3GPP network devices not
equipped with UICC for interworking among 3GPP, WiMax, and WLAN in NGN.
Is an "information" document and is intended to outline the requirements and provisions for Emergency
Services for IMT-2000 systems. This is a compilation from sources outside the ITU (e.g., administrations,
Standards Development Organizations, and the Third Generation Partnership Projects (3GPP and
3GPP2)). The scope includes any relevant discussion concerning the provisioning of Emergency
Services specifically addressing the IMT-2000 systems during Harmonization and Convergence periods.
Rec. ITU-T Q.1701 provides the framework for IMT-2000 networks and defines the IMT-2000 Family of
Systems concept. This Rec. identified the following Emergency call capabilities to be supported on IMT-
2000 systems: a) Identification of emergency call; b) Emergency call handling; c) Emergency caller
location. This Supplement to the Q-series of Rec.s identifies and discusses the requirements and
provisioning of Emergency Services in IMT-2000 systems. For the purposes of this Supplement,
Emergency Services include supporting national emergency calls and the International Emergency
Preference Scheme (IEPS), as found Rec. ITU-T E.106.
Identifies the mobility management requirements for Systems Beyond IMT-2000, based on Rec. ITU-T
Q.1702 and Q.1703 and ITU-R Rec. M.1645. A number of mobility management protocols are reviewed
and analysed according to the identified requirements.
Is an information document intended to identify the signalling requirements required to support the
International Emergency Preference Scheme (IEPS). IEPS is described in Rec. ITU-T E.106 and allows
authorized users to have access to the International Telephone Service while the service is restricted
due to damage, congestion, and/or other faults. IEPS capabilities provide authorized users with
preferential call and connection handling.
NGN release 1 defines the user profile functions, which provide capabilities for managing user profiles
and making the user profile information available to other NGN functions. A user profile is a set of data
information related to a user.The user profile functions support the identified service and control
functions in the service stratum, as well as the network access control functions in the transport stratum
[ITU-T Y.Sup.1]. This Supplementprovides details concerning user data to be stored in the service user
profile functional entity and other functional entitiesto enable user services and applications.
Identifies the signalling requirements to support preferential capabilities within IP networks for
Emergency Telecommunications Service (ETS), which involves authority-to-authority communication.
Note: National, regional or local emergency and public safety services where an individual from general
public is seeking assistance (i.e., individual-to-authority communication) are outside the scope of this
document.
Provides NGN transport user data while defining its structure with the parameters, incorporating those
defined in Rec. ITU-T Y.2014. Those categorized here are transport user profile identification, access
identification, location management, transport resource subscription, default configuration, access
authentication, identification of other functional entities, mobility and event management.
Defines the characteristics of Group 3 facsimile terminals which enable black and white documents and
also optionally colour documents to be transmitted on the general switched telephone network,
international leased circuits and the Integrated Services Digital Network (ISDN). Group 3 facsimile
terminals may be operated manually or automatically and document transmission may be requested
alternatively with telephone conversation. The procedures used by Group 3 facsimile terminals are
defined in ITU-T Rec. T.30. It includs support of all standardized image resolutions; support of mixed
raster content for black and white images; definitions for transmission of sYCC colour space using
facsimile protocol.
Annex G provides procedures for secure G3 document facsimile transmission usig the HKM and HFX
system, Annex H provides for security in facsimile G3 based on the RSA algorithm.
Defines the two independent technical solutions, which may be used in the context of secure facsimile
transmission. The two technical solutions are based upon the HKM/HFX40 algorithms and the RSA
algorithm.
Describes the technical features necessary for the Store-and-Forward ‘Simple’ mode of operation of
facsimile document transmission via Internet Mail. The general guidelines for the modes of operation of
facsimile over the Internet are contained in Rec. ITU-T F.185. This Rec. defines procedures that enable
facsimile data to be transferred using Internet Email as a store and forward system; supports the
requirements of Rec. ITU-T F.185; identifies a method for determining the capabilities of a receiving
device; identifies a method for providing notification of delivery; does not require changes to current ITU
facsimile Rec.s; permits extensive interworking between facsimile and Internet mail users and facilities,
sharing common services where possible.
Defines the procedures to be applied to allow Group 3 facsimile transmission between terminals where
in addition to the PSTN or ISDN a portion of the transmission path used between terminals includes an
IP network, e.g., the Internet. This version of Rec. ITU-T T.38 clarifies Rec. ITU-T H.323, Rec. ITU-T
H.248.1, SIP and SDP call establishment and improves the compatibility between Rec. ITU-T T.38
gateways and Group 3 facsimile.
This annex to revised Rec. ITU-T T.123 features a connection negotiation protocol (CNP) that offers
security capability negotiation. The security mechanism applied includes various means for network and
transport security on a node-to-node basis and covers means such as TLS/SSL, IPSEC w/o IKE or
manual key management, Rec. ITU-T X.274/ ISO TLSP and GSS-API.
Specifies a homogenous access mechanism to communication services (called XAPI, eXtensive
Application Programming Interface), and is an operating system and language-independent
programming interface to general communication services. It is not dedicated to a certain layer, but
allows access to all layers of the OSI reference model and other layered communication models (e.g.
conferencing). The XAPI provides a framework of functions for the use in communication applications.
All communication services are accessible through this set of functions. The XAPI does not impose any
restrictions on the service interface of the underlying communication platform. Which services are made
available via the XAPI depends on the installed service providers, and not on the XAPI, which only
provides the access mechanism. A model of communication is introduced which defines the semantics of
those XAPI functions which are communication related. New service providers can be added in the XAPI
configuration. Thus, the communication system can be tailored to specific requirements and all
communication services are accessible via one homogeneous access mechanism.
Rec. ITU-T T.411 | ISO/IEC 8613-1 introduces Open Document Architecture (ODA), i.e. the ITU-T T.410-
Series of Rec. | ISO/IEC 8613 as a whole. In the context of Rec. ITU-T T.410-Series | ISO/IEC 8613
Standards, documents are items such as memoranda, letters, invoices, forms and reports, which may
include pictures and tabular material. The content elements used within the documents may include
graphic characters, raster graphics elements and geometric graphics elements, all potentially within one
document. In addition to the content types defined in ITU-T Rec. T.410-Series | ISO/IEC 8613
Standards, Open Document Architecture (ODA) also provides for arbitrary content types to be included
in documents.ITU-T Rec. T.410-Series | ISO/IEC 8613 Standards apply to the interchange of documents
by means of data communications or the exchange of storage media, provide for the interchange of
documents for either or both of the following purposes: (a) to allow presentation as intended by the
originator; (b) to allow processing, such as editing and reformatting, also provide for the interchange of
ODA information structures used for the processing of interchanged documents.NOTE - Rec. ITU-T
T.410-Series | ISO/IEC 8613 Standards are designed to allow for extensions, including hypermedia
Defines a document application profile that may be used by any telematic service. Its purpose is to
specify an interchange format suitable for the interchange of Group 4 facsimile documents that contain
only raster graphics. Documents are interchanged in a formatted form, which enables the recipient to
display or print the document as intended by the originator.
Defines the general aspects of Group 4 facsimile apparatus and the interface to the physical network.
Defines a Programming Communication Interface called “APPLI/COM”, which provides unified access to
different communications services, such as telefax group 3 or other telematic services. This Rec.
describes the structure and contents of messages and the way to exchange them between a Local
Application (LA) and a Communication Application (CA). Any communication is preceded by a login
process and terminated by a logout process, where both the processes facilitate the implementation of
security schemes especially important on multi-user systems, and provide means to implement security
mechanisms between the LA and the CA. This Rec. forms a high level API (Application Programming
Interface), which gives powerful control and monitoring on the telecommunication activity to the
application designers.
Rec. ITU-T T.807 | ISO/IEC 15448-8 In the “Digital Age” the Internet provides many new opportunities for
rightholders regarding the electronic distribution of their work (books, videos, music, images, etc.). At the
same time, new information technology radically simplifies the access of content for the user. This goes
hand in hand with the all pervasive problem of pirated digital copies – with the same quality as the
originals- and “file-sharing” in peer-to-peer networks, which gives rise to continued complaints about
great losses by the content industry. World Intellectual Property Organization (WIPO) and its member
countries (170) have an important role to play in assuring that copyright, and the cultural and intellectual
expression it fosters, remains well protected in the 21 century. The new Digital economy and the creative
people in every country of the world depend on it. Also in Dec 1996, WIPO Copyright Treaty (WCT) has
been promulgated with two important articles (11 and 12) about technological measures and obligations
concerning Right Management Information. This treaty provides a solid foundation to protect Intellectual
Property. As of 2004, about 50 countries ratified this important treaty. Therefore, it is expected that tools
and protective methods that are recommended in JPEG 2000 must ensure the security of transaction,
Rec. ITU-T X.217 | ISO 8649 defines Association Control Service Element (ACSE) services for
application-association control in an open systems interconnection environment. ACSE supports
connection-oriented and connectionless modes of communication. Three functional units are defined in
the ACSE. The mandatory Kernel functional unit is used to establish and release application-
associations. The ACSE includes two optional functional units, one of them is the optional Authentication
functional unit, which provides additional facilities for exchanging information in support of authentication
during association establishment without adding new services. The ACSE authentication facilities may
be used to support a limited class of authentication methods. Amendment 1: Support of authentication
mechanisms for the connectionless mode.
X.227 | ISO 8650-1 This Protocol Specification defines procedures that are applicable to instances of
communication between systems, which wish to interconnect in an Open Systems Interconnection
environment in a connection-oriented mode, i.e. a connection-oriented mode protocol for the application-
service-element for application-association control, the Association Control Service Element (ACSE).
The Protocol Specification includes the Kernel functional unit that is used to establish and release
application-associations. The Authentication functional unit provides additional facilities for exchanging
information in support of authentication during association establishment without adding new services.
The ACSE authentication facilities can be used to support a limited class of authentication methods. The
Application Context Negotiation functional unit provides additional facility for the selection of the
application context during association establishment. This Protocol Specification includes an annex that
describes a protocol machine, referred to as the Association Control Protocol Machine (ACPM), in terms
of a state table. This Protocol Specification includes an annex that describes a simple authentication-
mechanism that uses a password with an AE title, and is intended for general use, and includes also an
Rec. ITU-T X.237 | ISO/IEC 10035-1 Amendment 1 to this Rec. includes the ASN.1 extensibility marker
in the module describing the protocol. It also enhances the connectionless ACSE protocol specification
to provide support for conveyance of authentication parameters in the A-UNIT-DATA APDU.
Rec. ITU-T X.257 | ISO/IEC 10035-2 provides the protocol implementation conformance statement
(PICS) proforma for the OSI connectionless protocol for the Association Control Service Element
(ACSE), which is specified in Rec. ITU-T X.237. The PICS proforma represents, in tabular form, the
mandatory and optional elements of the connectionless ACSE protocol. The PICS proforma is used to
indicate the features and choices of a particular implementation of the connectionless ACSE protocol.
Amendment 1 (1996-10): Support of authentication parameters.
Defines Data Compression Service and Privacy Service for Frame Relay networks including negotiation
and encapsulation of Data Compression, Secure data compression, authentication and encryption over
frame relay. The presence of a data compression service in a network will increase the effective
throughput of the network. The demand for transmitting sensitive data across public networks requires
facilities for ensuring the privacy of the data. In order to achieve optimum compression ratios, it is
essential to compress the data before encrypting it. Hence, it is desirable to provide facilities in the data
compression service to negotiate data encryption protocols as well. Since the task of compressing and
then encrypting the data is computational intensive, efficiency is achieved through providing
simultaneous data compression and encryption (secure data compression). Data Compression protocols
are based on PPP Link Control Protocol (IETF RFC 1661) and PPP Encryption Control Protocol (IETF
RFC 1968 and 1969). This Rec. applies to Unnumbered Information (UI) frames encapsulated using
Rec. ITU-T Q.933 Annex E. It addresses data compression and privacy on both permanent virtual
connections (PVC) and switched virtual connections (SVC).
Rec. ITU-T X.273 | ISO/IEC 11577-1 specifies the protocol to support the integrity, confidentiality,
authentication and access control services identified in the OSI security model as applicable to
connection-mode and connectionless-mode network layer protocols. The protocol supports these
services through the use of cryptographic mechanisms, security labeling and assigned security
attributes, such as cryptographic keys.
Rec. ITU-T X.274 | ISO/IEC 10736 specifies the protocol, which can support the integrity, confidentiality,
authentication and access control services identified in the OSI security model as relevant to the
transport layer. The protocol supports these services through the use of cryptographic mechanisms,
security labeling and assigned attributes, such as cryptographic keys.
Rec. ITU-T F.400/X.400 | ISO/IEC 10021-1 See Rec. ITU-T F.400
Rec. ITU-T X.402 | ISO/IEC 10021-2 specifies security procedures and Object Identifiers for use in MHS
protocols to realize the services of confidentiality, integrity, authentication, non-repudiation and access
controls identified as relevant to the Application Layer.
Rec. ITU-T X.404 | ISO/IEC TR 10021-11 provides guidance for configuring MTS routing using the
directory, and suggests the characteristics of a directory user agent for managing that process. It allows
OR-address plans, MTA interconnection topology and the management structures applied to MHS to be
dealt with independently of each other whilst remaining within a coordinated framework.
This is one of a set of Rec. for Message Handling. The entire set provides a comprehensive specification
for Message Handling comprising any number of cooperating open systems. This Rec. specifies the
algorithms the MHS uses when converting between different types of encoded information.Other aspects
of Message Handling are defined in other Rec.s.
Rec. ITU-T X.411 | ISO/IEC 10021-4 specifies mechanisms and procedures supporting confidentiality,
integrity, authentication and non-repudiation services identified as relevant to the Application Layer. The
protocol supports these services through the use of cryptographic mechanisms, security labeling, and
digital signatures as identified in Rec. ITU-T X.509. Although this Rec. specifies protocol that uses
asymmetric cryptographic techniques, symmetric cryptographic techniques are also supported.
Rec. ITU-T X.412 | ISO/IEC 10021-10 is one of a series of Rec.s | International Standards defining
Message Handling in a distributed open systems environment. Message Handling provides for the
exchange of messages between users on a store-and-forward basis. A message submitted by one user
(the originator) is transferred through the message-transfer-system (MTS) and delivered to one or more
other users (the recipients). This Rec | International Standard specifies the means by which messages
are routed through the MHS, and supplements the procedures defined in Rec. ITU-T X.411 | ISO/IEC
10021-4. Other parts define other aspects of the MHS: as Rec. ITU-T F.400/X.400 | ISO/IEC 10021-1
defines the user-oriented services provided by the MHS, the Rec. ITU-T X.402 | ISO/IEC 10021-2
provides an architectural overview of the MHS, and the Rec. ITU-T X.411 | ISO/IEC 10021-4 defines the
abstract-service of the Message Transfer System.
Rec. ITU-T X.413 | ISO/IEC 10021-5 specifies mechanisms, protocol and procedures supporting
integrity, access control, authentication and non-repudiation services identified as relevant to the
Application Layer. The protocol supports these services on behalf of the Message Store direct user.
Rec. ITU-T X.419 | ISO/IEC 10021-6 specifies procedures and application contexts to identify secure
access for MHS entities and remote users by providing authentication and access control services
identified as relevant to the Application Layer.
Rec. ITU-T X.420 | ISO/IEC 10021-7 specifies mechanisms, protocol and procedures for the exchange
of objects between Interpersonal Messaging Users or User Agents on behalf of its direct user identified
relevant to the Application Layer. The security services supported are integrity, confidentiality,
authentication and access control identified as relevant to the Application Layer.
This revision of Rec. ITU-T X.421 is a consolidation of Rec. ITU-T X.421 (07/94) and Rec. ITU-T
X.421/Amd.1 (12/97). Rec. ITU-T X.421 defines the usage of the Rec. ITU-T X.400 protocols, mainly the
Interpersonal Messaging protocol (P2) and the Message Transfer protocol (P1), to provide a global
COMFAX service. The COMFAX service, as defined in Rec.s ITU-T F.162 (1996) and Rec. ITU-T F.163
(1996), specifies a store and forward facsimile service where MHS may be used to provide a means of
moving facsimile messages in COMFAX services. Rec. ITU-T F.162 and Rec. ITU-T F.163 describe the
COMFAX service using Facsimile store and Forward units (Fax SFUs) and its interconnection
requirements. This Rec. describes a Rec. ITU-T X.400-based protocol for interconnecting Fax SFUs.
Rec. ITU-T X.435 | ISO/IEC 10021-9 specifies mechanisms, protocol and procedures for he exchange of
objects between Electronic Data Interchange (EDI) User Agents on behalf of its direct user. The security
services supported are integrity, confidentiality, authentication and access control identified as relevant
to the Application Layer.
Specifies mechanisms, protocol and procedures for he exchange of objects between Voice User Agents
on behalf of its direct user. The security services supported are integrity, confidentiality, authentication
and access control identified as relevant to the Application Layer.
Rec. ITU-T X.500 | ISO/IEC 9594-1 Together with other Recs. this Rec. has been produced to facilitate
the interconnection of information processing systems to provide directory services. A set of such
systems, together with the directory information that they hold, can be viewed as an integrated whole,
called the Directory. The information held by the Directory, collectively known as the Directory
Information Base (DIB), is typically used to facilitate communication between, with or about objects such
as application entities, people, terminals and distribution lists. The Directory plays a significant role in
Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of
the interconnection standards themselves, the interconnection of information processing systems. This
Rec. introduces and models the concepts of the Directory and of the DIB and overviews the services and
capabilities, which they provide. Other Recs. make use of these models in defining the abstract service
provided by the Directory, and in specifying the protocols through which this service can be obtained or
propagated. This Rec. specifies the Directory and its security features.§. 8.2.2, Security parameters. - §
10, Access control in the Directory
Rec. ITU-T X.501 | ISO/IEC 9594-2 provides a number of different models for the Directory as a frame
work for the other Recs. in the Rec. ITU-T X.500 series. The models are the overall (functional) model,
the administrative authority model, generic Directory Information models providing Directory User and
Administrative User view on Directory information, generic Directory System Agent (DSA) and DSA
information models and operational framework and a security model. This Rec. specifies the Directory
use of its Rec. ITU-T X.509 Public-key and attribute certificate frameworks. § 8, SECURITY - § 17,
Security Models - § 17.2, Security Policies - § 18, Basic Access Control - § 19, Rule-based Access
Control - § 20, Cryptographic Protection in Storage - Annex H, Enhanced security
Rec. ITU-T X.509 | ISO/IEC 9594-8 defines a framework for public-key certificates and attribute
certificates, and defines a framework for the provision of authentication services by Directory to its users.
It describes two levels of authentication: simple authentication, using a password as a verification of
claimed identity; and strong authentication, involving credentials formed using cryptographic techniques.
While simple authentication offers some limited protection against unauthorized access, only strong
authentication should be used as the basis for providing secure services. The frameworks defined may
be used to profile application to Public Key Infrastructures (PKI) and Privilege Management
Infrastructures (PMI). The framework for public-key certificates includes specification of data objects
used to represent the certificates themselves as well as revocation notices for issued certificates that
should no longer be trusted. While it defines some critical components of a PKI, it does not define a PKI
in its entirety. However, it provides the foundation upon which full PKIs and their specifications would be
built. The framework for attribute certificates includes specification of data objects used to represent the
certificates themselves as well as revocation notices for issued certificates that should no longer be
trusted. While it defines some critical components of a PMI, it does not define a PMI it its entirety.
However, it provides the foundation upon which full PMIs and their specifications would be built.
Rec. ITU-T X.511 | ISO/IEC 9594-3 defines in an abstract way the externally visible service provided
by the Directory, including bind and unbind operations, read operations, search operations, modify
operations and errors.
Rec. ITU-T X.518 | ISO/IEC 9594-4 specifies the procedures by which the distributed components of
the Directory interwork in order to provide a consistent service to its users
Rec. ITU-T X.519 | ISO/IEC 9594-5 specifies procedures and application contexts to identify secure
access during binding of Directory entities.
Rec. ITU-T X.520 | ISO/IEC 9594-6 defines a number of attribute types and matching rules which may
be found useful across a range of applications of the Directory. One particular use for many of the
attributes defined is in the formation of names, particularly for the classes of object defined in Rec. ITU-T
X.521 | ISO/IEC 9594-7
Rec. ITU-T X.521 | ISO/IEC 9594-7 defines a number of selected object classes and name forms which
may be found useful across a range of applications of the Directory. An object class definition specifies
the attribute types which are relevant to the objects of that class. A name form definition specifies the
attributes to be used in forming names for the objects of a given class.
Rec. ITU-T X.525 | ISO/IEC 9594-9 specifies a shadow service which DSAs may use to replicate
Directory information. The service allows Directory information to be replicated among DSAs to improve
service to Directory users, and provides for the automatic updating of this information.
Describes the requirements for Directory management, and analyses these requirements to identify
those that may be realized by OSI systems management services (and protocols), those that are
realized by Directory services (and protocols), and those that are realized by local means.The Directory
may support open systems applications such as message handling systems; file transfer, access and
management (FTAM) systems; and transaction processing systems. Therefore, the Directory system
may be manageable from an integrated system management platform. The purpose of Directory
management is to assure that needed, accurate Directory information is available to users as scheduled
with the expected response time, integrity, security and level of consistency. Furthermore, systems
management may be accomplished with the minimum burden on processing time and memory on
platforms and the communications system.
Rec. ITU-T X.680 | ISO/IEC 8824-1 provides a a standard notation called Abstract Syntax Notation One
(ASN.1) for defining the syntax of information data. It defines a number of simple data types and
specifies a notation for referencing these types and for specifying values of these types. The ASN.1
notations can be applied whenever it is necessary to define the abstract syntax of information without
constraining in any way how the information is encoded for transmission. ASN.1 is used for the definition
of data types, values, and constraints on data types i.e. defines a number of simple types, with their
tags, and specifies a notation for referencing these types and for specifying values of these types;
defines mechanisms for constructing new types from more basic types, and specifies a notation for
defining such types and assigning them tags, and for specifying values of these types; defines character
sets (by reference to other Rec.s) for use within ASN.1. A data type (or type for short) is a category of
information (for example, numeric, textual, still image or video information). A data value (or value for
short) is an instance of such a type. This Rec. defines several basic types and their corresponding
values, and rules for combining them into more complex types and values. In some protocol
Rec. ITU-T X.681 | ISO/IEC 8824-2 provides the ASN.1 notation which allows information object classes
as well as individual information objects and sets thereof to be defined and given reference names, i.e.
provides notation for specifying information object classes, information objects and information object
sets. An information object class defines the form of a conceptual table (an information object set) with
one column for each field in the information object class, and with each complete row defining an
information object. An application designer frequently needs to design a protocol which will work with
any of a number of instances of some class of information objects, where instances of the class may be
defined by a variety of other bodies, and may be added to over time. Examples of such information
object classes are the "operations" of Remote Operations Service (ROS) and the "attributes" of the OSI
Directory. This Rec. provides notation which allows information object classes as well as individual
information objects and information object sets thereof to be defined and given reference names. See
Note at Rec. ITU-T X.680.
Rec. ITU-T X.682 | ISO/IEC 8824-3 is part of Abstract Syntax Notation One (ASN.1) and provides
notation for specifying user-defined constraints, table constraints, and contents constraints. This Rec.
provides the ASN.1 notation for the general case of constraint and exception specification by which the
data values of a structured data type can be limited. The notation also provides for signalling if and when
a constraint is violated. Application designers require a notation to define a structured data type to
convey their semantics and notation is also required to further constrain the values that can appear.
Examples of such constraints are restricting the range of some component(s), or using a specified
information object set to constrain an "ObjectClassFieldType" component, or using the "AtNotation" to
specify a relation between components. See NOTE at Rec. ITU-T X.680.
Rec. ITU-T X.683 | ISO/IEC 8824-4 is part of Abstract Syntax Notation One (ASN.1) and defines notation
for parameterization of ASN.1 specifications, i.e. defines the provisions for parameterized reference
names and parameterized assignments for data types which are useful for the designer when writing
specifications where some aspects are left undefined at certain stages of the development to be filled in
at a later stage to produce a complete definition of an abstract syntax. Application designers need to
write specifications in which certain aspects are left undefined. Those aspects will later be defined by
one or more other groups (each in its own way), to produce a fully defined specification for use in the
definition of an abstract syntax (one for each group). In some cases, aspects of the specification (for
example, bounds) may be left undefined even at the time of abstract syntax definition, being completed
by the specification of International Standardized Profiles or functional profiles from some other body.
See NOTE at Rec. ITU-T X.680.
Rec. ITU-T X.690 | ISO/IEC 8825-1 specifies a a set of Basic Encoding Rules (BER) that may be applied
to values of types defined using the ASN.1 notation, i.e. used to derive the specification of a transfer
syntax for values of types defined using the notation specified in of X.680 series of ITU-T Recs. referred
to as Abstract Syntax Notation One or ASN.1. Application of these encoding rules produces a transfer
syntax for such values. It is implicit in the specification of these encoding rules that they are also used for
decoding, i.e. these basic encoding rules are also to be applied for decoding such a transfer syntax in
order to identify the data values being transferred. It also specifies a set of canonical and distinguished
encoding rules that restrict the encoding of values to just one of the alternatives provided by the basic
encoding rules, i.e. it defines also a set of Distinguished Encoding Rules (DER) and a set of Canonical
Encoding Rules (CER) both of which provide constraints on the Basic Encoding Rules (BER). The key
difference between them is that DER uses the definite length form of encoding while CER uses the
indefinite length form. DER is more suitable for the small encoded values, while CER is more suitable for
the large ones. It is implicit in the specification of these encoding rules that they are also used for
Rec. ITU-T X.691 | ISO/IEC 8825-2 X.680 series of Recs. describe Abstract Syntax Notation One
(ASN.1), a notation for the definition of messages to be exchanged between peer applications. This Rec.
describes a set of encoding rules that can be applied to values of all ASN.1 types to achieve a much
more compact representation than that achieved by the Basic Encoding Rules and its derivatives
(described in X.690), i.e., it specifies a set of Packed Encoding Rules that may be used to derive a
transfer syntax for values of types defined in Rec. ITU-T X.680. The Packed Encoding Rules are also to
be applied for decoding such a transfer syntax in order to identify the data values being transferred.
There are more than one set of encoding rules that can be applied to values of ASN.1 types. This
Packed Encoding Rules (PER) are so called because they achieve a much more compact
representation than that achieved by the Basic Encoding Rules (BER) and its derivatives described in
Rec. ITU-T X.690. See NOTE at Rec. ITU-T X.680.
Rec. ITU-T X.692 | ISO/IEC 8825-3 defines the Encoding Control Notation (ECN) used to specify
encodings of ASN.1 types or of parts of types that differ from those provided by standardized encoding
rules such as the Basic Encoding Rules (BER) and the Packed Encoding Rules (PER). It provides
several mechanisms for such specification. It also provides the means to link the specification of
encodings to the type definitions to which they are to be applied. ECN can be used to encode all types of
an ASN.1 specification, but can also be used with standardized encoding rules such as BER or PER to
specify only the encoding of types that have special requirements. An ASN.1 type specifies a set of
abstract values. Encoding rules specify the representation of these abstract values as a series of bits.
See NOTE at Rec. ITU-T X.680.
Rec. ITU-T X.693 | ISO/IEC 8825-4 The publication of Abstract Syntax Notation One (ASN.1) became
the generally used notation for the definition of messages to be exchanged between peer applications.
This Rec. specifies encoding rules that may be applied to encode values of ASN.1 types using the
Extensible Markup Language (XML), i.e. specifies a set of Basic XML Encoding Rules (XER) that may
be used to derive a transfer syntax for values of types defined in X.680 series of Recs. This Rec. also
specifies a set of Canonical XML Encoding Rules which provide constraints on the Basic XML Encoding
Rules and produce a unique encoding for any given ASN.1 value. It is implicit in the specification of
these encoding rules that they are also used for decoding. Application of these encoding rules produces
a transfer syntax for such values. It is implicit in the specification of these encoding rules that they are
also to be used for decoding. There is more than one set of encoding rules that can be applied to values
of ASN.1 types. This Rec. defines two sets of encoding rules that use the Extensible Markup Language
(XML). These are called the XML Encoding Rules (XER) for ASN.1, and both produce an XML document
compliant to W3C XML 1.0. The first set is called the Basic XML Encoding Rules. The second set is
Rec. ITU-T X.694 | ISO/IEC 8825-5 defines rules for mapping an XSD Schema (a schema conforming to
the W3C XML Schema specification) to an ASN.1 schema in order to use ASN.1 encoding rules such as
the Basic Encoding Rules (BER), the Distinguished Encoding Rules (DER), the Packed Encoding Rules
(PER) or the XML Encoding Rules (XER) for the transfer of information defined by the XSD Schema.
Rec. ITU-T X.695 | ISO/IEC 8825-6 specifies the rules for applying PER encoding instructions using
either type prefixes or an encoding control section. Encoding instructions are a means of modifying the
encodings of ASN.1 types for some specified encoding rule (in this case PER). They can be inserted in
an ASN.1 specification in square brackets (much like a tag in the Basic Encoding Rules, BER)
immediately before the type that they affect (type prefixes), or they can be collected together at the end
of an ASN.1 module (an encoding control section). It also specifies the procedures for developing,
registering and publishing new PER encoding instructions from time to time.
Rec. ITU-T X.711 | ISO/IEC 9596-1 specifies a protocol which is used by application layer entities to
exchange management information, also specifies procedures for the transmission of management
information between application entities; the abstract syntax of the Common Management Information
Protocol (CMIP) and the associated encoding rules to be applied; procedures for the correct
interpretation of protocol control information; the conformance requirements to be met by implementation
of this Rec | International Standard. The Common Management Information Protocol (CMIP) specifies
protocol elements that may be used to provide the operation and notification services described in Rec.
ITU-T X.710 | ISO/IEC 9595, which defines the Common Management Information Services (CMIS).
Rec. ITU-T X.733 | ISO/IEC 10164-4 defines a Systems Management Function that may be used by an
application process in a centralized or decentralized management environment to interact for the
purpose of systems management, as defined by Rec. ITU-T X.700 | ISO/IEC 7498-4. This Rec. |
International Standard defines the alarm notifications function which consists of generic definitions,
services and functional units. This function is positioned in the application layer of the OSI reference
model Rec. ITU-T X.200 | ISO 7498) and is defined according to the model provided by ISO/IEC 9545.
The role of systems management functions is described by Rec. ITU-T X.701 | ISO/IEC 10040. The
alarm notifications defined by this function provides information that a manager may need to act upon
pertaining to a system’s operational condition and quality of service.
Rec. ITU-T X.734 | ISO/IEC 10164-5 defines a Systems Management Function which may be used by
an application process in a centralized or decentralized management environment to interact for the
International Standard defines the Event report management function and consists of services and two
functional units. This function is positioned in the application layer of Rec. ITU-T X.200 | ISO 7498 and is
defined according to the model provided by ISO/IEC 9545. The role of systems management functions is
described in Rec. ITU-T X.701 | ISO/IEC 10040.
Rec. ITU-T X.735 | ISO/IEC 10164-6 defines a Systems Management Function which may be used by
International Standard defines the Log Control function and consists of services and two functional units.
This function is positioned in the application layer of the Rec. ITU-T X.200 | ISO/IEC 7498-1 and is
described by Rec. ITU-T X.701 | ISO/IEC 10040.
Rec. ITU-T X.736 | ISO/IEC 10164-7 defines the security alarm reporting function, a systems
management function which may be used by an application process in a centralized or decentralized
management environment to exchange information for the purpose of systems management. This Rec.
is positioned in the application layer. The security alarm notifications defined by this systems
management function provide information regarding operational condition and quality of service,
pertaining to security.
Rec. ITU-T X.737 | ISO/IEC 10164-14 specifies a number of generally useful “test categories” such as
“connection request”, loop back test and data integrity test. For each of these, a standard approach is
used in terms of the components of the test category such as the purpose of the test, the resources, as
defined in Rec. ITU-T X.745, test environment and content of result report, etc. The “inheritance”
relationship among test object classes (representing test categories) is defined and the specifications of
these as managed objects, included. This Rec | International Standard provides a means for other,
notably TMN related groups, to use the same method for test category specification. This Rec |
International Standard should be considered with the Test Management Function in Rec. ITU-T X.745.
Rec. ITU-T X.738 | ISO/IEC 10164-13 defines the Summarization Function, which is a Systems
Management function to be used by an application process in a centralised or decentralised
management environment to interact for the purpose of systems management, as defined by the OSI
Management Framework, Rec. ITU-T X.700 | ISO/IEC 7498-4. This Rec. | International Standard defines
a function which consists of generic definitions and services. This function is positioned in the application
layer of the OSI reference model Rec. ITU-T X.200 | ISO 7498 and is defined according to the model
provided by ISO 9545. The role of systems management functions is described by Rec. ITU-T X.701 |
ISO/IEC 10040. The Summarization Function specifies methods to observe and report attribute values. It
also specifies methods for reporting statistics based on attribute values, all observed at the same time.
These attribute values and statistics provide summary information concerning a set of managed objects
and their attributes at one or more distinct points in time. The statistics are calculated across managed
objects, not over time.
Rec. ITU-T X.739 | ISO/IEC 10164-11 specifies performance tools to observe characteristics of
resources either directly within managed objects or through the use of metric objects. The tools also
include provision of statistics, such as mean and percentile calculations, and thresholds to generate
notifications. The metric objects and attributes function is a systems management function which may be
used by an application process in a centralised or decentralised management environment to interact for
the purpose of systems management, as defined by Rec. ITU-T X.700 | ISO/IEC 7498-4. This Rec |
International Standard defines a function which consists of generic definitions. This function is positioned
in the application layer of the OSI reference model, Rec. ITU-T X.200 | ISO 7498, and is defined
according to the model provided by ISO 9545. The role of systems management functions is described
by Rec. ITU-T X.701 | ISO/IEC 10040.
Rec. ITU-T X.740 | ISO/IEC 10164-8 defines the security audit trail function. The security audit trail
function is a systems management function which may be used by an application process in a
centralized or decentralized management environment to exchange information and commands for the
purpose of systems management, as defined by Rec. ITU-T X.700 | ISO 7498-4. This Rec. |
International Standard is positioned in the application layer of Rec. ITU-T X.200 | ISO 7498 and is
described by Rec. ITU-T X.701 | ISO/IEC 10040.
Rec. ITU-T X.741 | ISO/IEC 10164-9 defines specifications applicable to the provision of access control
for applications that use OSI management services and protocols. The access control information
identified by this Rec. may be used in support of access control schemes based on access control lists,
capabilities, security labels, and contextual constraints.This Rec. | International Standard specifies an
Access Control Security Model and the management information necessary for creating and
administering access control associated with OSI Systems Management. Security policy adopted for any
instance of use is not specified and is left as an implementation choice. This Specification is of generic
application and is applicable to the security management of many types of application. It is expected to
be adopted for TMN use.The specifications contained herein are applicable to the provision of access
control for applications that use OSI management services and protocols.
Rec. ITU-T X.742 | ISO/IEC 10164-10 defines a systems management function which may be used by
purpose of systems management as defined in Rec. ITU-T X.700 | ISO/IEC 7498-4. This Rec. |
International Standard defines the usage metering function and consists of service and generic
definitions. It is positioned in the application layer of Rec. ITU-T X.200 | ISO/IEC 7498-1 and is defined
according to the model provided by ISO/IEC 9545. The role of systems management functions is
described by Rec. ITU-T X.701 | ISO/IEC 10040. This Rec. | International Standard specifies a model
and management information for the acquisition of information by a managing system of resource usage
information. The information may be used as part of a charging and billing process; however, charging
and billing is outside the scope of this Rec. | International Standard. This specification is of generic
application and needs to be extended by some application specific purpose. It is expected to be adopted
for TMN use.
Rec. ITU-T X.743 | ISO/IEC 10164-20 defines a Systems Management Function that may be used by an
application process in a centralized or decentralized management environment to interact for the
purpose of systems management, as defined by Rec. ITU-T X.200 | ISO/IEC 7498-1. This Rec |
International Standard defines the time management function which consists of generic definitions,
services, and functional units. This function is positioned in the application layer of Rec. ITU-T X.200 |
ISO/IEC 7498-1 and is defined according to the model provided by ISO 9545. The role of systems
management functions is described by Rec. ITU-T X.701 | ISO /IEC 10040.
Rec. ITU-T X.744 | ISO/IEC 10164-18 Operations Systems (OS) Network Elements (NE) and other
systems will occasionally be subject to software changes. These changes may include program code,
such as a new version of some call processing related programme or revised routeing tables. The need
within a network is to be able to manage software that can be changed or modified by some remote OS.
In this context management can include: control over the downloading process for transfer of a software
product from an OS to another system such as an OS or NE; control of installing downloaded software
into the suite existing at the system; and the ability to check the version of software installed in a system.
This Rec. | International Standard provides a standard Rec. ITU-T X.700 message based means to
manage this software process to meet these needs. The method of software transfer between an OS
and another system is not specified or constrained in any way by this Rec. | International Standard but
practically could include file transfer, electronic mail or postal services with floppy disks. The role of this
Rec. | International Standard in this transfer is to mange the start of delivery to another system by
maintaining information about the start of a software delivery and relating this to actual receipt, resulting
Specifies guidelines for defining Common Object Request Broker Architecture (CORBA)-based
interfaces to software objects representing manageable resources in a TMN. It covers information
modelling guidelines, rules for translating models from the Guidelines for the Definition of Managed
objects (GDMO) and Interface Definition Language (IDL) style conventions. It also provides an IDL
module defining data types, superclasses, and notifications to be used in CORBA-based information
model specifications. The TMN architecture defined in Rec. ITU-T M.3010 introduces concepts from
distributed processing and includes the use of multiple management protocols. The initial TMN interface
specifications for intra- and inter-TMN interfaces were developed using the Guidelines for the Definition
of Managed objects (GDMO) notation from OSI Systems Management with Common Management
Information Protocol (CMIP) as the protocol. The inter-TMN interface (X) included both CMIP and
CORBA GIOP/IIOP as possible choices at the application layer.
Defines extensions to the set of TMN CORBA managed object modelling guidelines required to support
coarse-grained interfaces. It specifies how coarse-grained CORBA TMN interfaces are to be defined. It
also provides guidelines on converting fine-grained interfaces to coarse-grained. A CORBA Interface
Definition Language (IDL) module defining the base interface types to be extended is provided. The
TMN architecture defined in Rec. ITU-T M.3010 introduces concepts from distributed processing and
includes the use of multiple management protocols. Rec. ITU-T Q.816 and Rec. ITU-T X.780
subsequently define within this architecture a framework for applying the Common Object Request
Broker Architecture (CORBA) as one of the TMN management protocols.
Defines a set of TMN CORBA managed object and façade object modelling guidelines required to
support service-oriented interfaces. It specifies how service-oriented CORBA TMN interfaces are to be
defined. It covers IDL repertoire, information modelling in IDL and IDL style conventions. It also provides
guidelines on redesigning fine-grained and coarse grained interfaces to service-oriented interfaces. An
IDL module is provided defining basic data types, exceptions, notification constructs, a base CORBA
struct to be included by every service oriented managed object and a base CORBA interface to be
inherited by every service oriented CORBA interface.
Provides the requirements and guidelines for CORBA Interface Implementation Conformance Statement
(CIICS) proforma and the specification of this proforma to be used in telecommunication network
management, and also provides the testing methodology for CORBA-based interfaces.. The CIICS is a
statement made by an implementer to claim conformance to a CORBA/IDL based interface definition.
Is concerned with the management of malfunction in systems and communications networks from the
perspective of a provider of service and user of that service. Malfunction, referred to as “trouble” is a
problem that has an adverse effect on the quality of service perceived by network users. When a trouble
is detected, possibly as a result of an alarm report, a trouble report may be entered by a user or the
system may raise a report automatically. Management of that trouble report is necessary to ensure that it
receives attention and that the trouble is cleared to restore the service to its previous level of capability. A
report format is defined to allow a user to report a trouble, which will then be progressed to resolution by
a provider. During the resolution by the service provider, the service user may determine the current
state of resolution by issuing a request for this information. When cleared the provider may notify the
user. Particular types of troubles are included; however, the use of this Rec. by a particular application
may require trouble types specific to that application to be used – this is catered for in this Rec.. At the
time of a trouble, a network may have been interworking with another network to provide a service, and
the problem or malfunction may be due to the other network. Therefore it may be necessary to exchange
Rec. ITU-T X.800 | ISO/IEC 7498-2 defines the general security-related architectural elements which can
be applied appropriately in the circumstances for which protection of communication between open
systems is required. It establishes, within the framework of the Reference Model, guidelines and
constraints to improve existing Rec.s or to develop new Rec.s in the context of OSI in order to allow
secure communications and thus provide a consistent approach to security in OSI. This Rec. extends
the Reference Model to cover security aspects which are general architectural elements of
communications protocols, but not discussed in the Reference Model. This Rec. provides a general
description of security services and related mechanisms, which may be provided by the Reference
Model; and defines the positions within the Reference Model where the services and mechanisms may
be provided.
Rec. ITU-T X.802 | ISO/IEC TR 13594 describes the cross layer aspects of the revision of security
services in the lower layers of the OSI Reference Model (Transport, Network, Data Link, Physical). It
describes the architectural concepts common to these layers, the basis for interactions relating to
security between layers and the placement of security protocols in the lower layers.
Rec. ITU-T X.803 | ISO/IEC 10745 describes the selection, placement and use of security services and
mechanisms in the upper layers (applications, presentation and session layers) of the OSI Reference
Model.
Rec. ITU-T X.805 | ISO/IEC 18028-2 defines the general security-related architectural elements that
when appropriately applied, in particular in a multi-vendor environment, can ensure that a network is
properly protected against malicious and inadvertent attacks, and operates with provision for
performance parameters such as a high availability, appropriate response time, integrity, scalability, and
accurate billing function.
Rec. ITU-T X.810 | ISO/IEC 10181-1 defines the framework within which security services for open
systems are specified. This part of the Security Frameworks describes the organization of the security
framework, defines security concepts, which are required in more than one part of the security
framework, and describes the interrelationship of the services and mechanisms identified in other parts
of the framework. This framework describes all aspects of authentication as these apply to Open
Systems, the relationship of authentication with other security functions such as access control and the
management requirements for authentication.
Rec. ITU-T X.811 | ISO/IEC 10181-2 defines a general framework for the provision of authentication. The
primary goal of authentication is to counter the threats of masquerade and replay.
Rec. ITU-T X.812 | ISO/IEC 10181-3 defines a general framework for the provision of access control.
The primary goal of access control is to counter the threat of unauthorized operations involving a
computer or communications system; these threats are frequently subdivided into classes known as
unauthorized use, disclosure, modification, destruction and denial of service.
Rec. ITU-T X.813 | ISO/IEC 10181-4 defines a general framework for the provision of non-repudiation
services. The goal of the Non-repudiation service is to collect, maintain, make available, and validate
irrefutable evidence regarding identification of originators and recipients involved in data transfers.
Rec. ITU-T X.814 | ISO/IEC 10181-5 defines a general framework for the provision of confidentiality
services. Confidentiality is the property that information is not made available or disclosed to
unauthorized individuals, entities or processes.
Rec. ITU-T X.815 | ISO/IEC 10181-6 defines a general framework for the provision of integrity services.
The property that data has not been altered or destroyed in an unauthorized manner is called integrity.
Rec. ITU-T X.816 | ISO/IEC 10181-7 describes a basic model for handling security alarms and for
conducting a security audit for open systems. A security audit is an independent review and examination
of system records and activities. The security audit service provides an audit authority with the ability to
specify, select and manage the events, which need to be recorded within a security audit trail.
Rec. ITU-T X.830 | ISO/IEC 11586-1 belongs to a series of Rec.s, which provide a set of facilities to aid
the construction of OSI Upper Layer protocols, which support the provision of security services. This
Rec. defines the following: a) general models of security exchange protocol functions and security
transformations; b) a set of notational tools to support the specification of selective field protection
requirements in an abstract syntax specification, and to support the specification of security exchanges
and security transformations; c) a set of informative guidelines as to the application of the generic upper
layer security facilities covered by this series of Rec.s.
Rec. defines the service provided by the Security Exchange Service Element (SESE). The SESE is an
application-service-element (ASE), which facilitates the communication of security information to support
the provision of security services within the Application Layer of OSI.
Rec. specifies the protocol provided by the Security Exchange Service Element (SESE). The SESE is an
application-service-element (ASE), which facilitates communication of security information to support the
provision of security services within the Application Layer of OSI.
Rec. defines the protecting transfer syntax, associated with Presentation Layer support for security
services in the Application Layer.
Rec. ITU-T X.834 | ISO/IEC 11586-5 belongs to a series of Rec.s on Generic Upper Layers Security
(GULS). It is the Protocol Implementation Conformance Statement (PICS) proforma for the Security
Exchange Service Element Protocol specified in Rec. ITU-T X.832 and the Security Exchange described
in Rec. ITU-T X.830. Annex C. provides a description of the standardized capabilities and options in a
form that supports conformance evaluation of a particular implementation.
Rec. ITU-T X.835 | ISO/IEC 11586-6 belongs to a series of Rec.s on Generic Upper Layers Security
(GULS). It is the Protocol Implementation Conformance Statement (PICS) proforma for the Protecting
transfer syntax Protocol specified in Rec. ITU-T X.833. This Rec. provides a description of the
standardized capabilities and options in a form that supports conformance evaluation of a particular
implementation.
Rec. ITU-T X.841 | ISO/IEC 15816 This Rec. on Security Information Objects (SIOs) for Access Control
provides object definitions that are commonly needed in security standards to avoid multiple and
different definitions of the same functionality. Precision in these definitions is achieved by use of the
Abstract Syntax Notation One (ASN.1). This Rec. covers only static aspects of Security Information
Objects (SIOs).
Rec. ITU-T X.842 | ISO/IEC TR 14516 provides guidance for the use and management of Trusted Third
Party (TTP) services, a clear definition of the basic duties and services provided, their description and
their purpose, and the roles and liabilities of TTPs and entities using their services. This Rec. identifies
different major categories of TTP services including time stamping, non-repudiation, key management,
certificate management, and electronic notary public.
Rec. ITU-T X.843 | ISO/IEC 15945 define the services required to support the application of digital
signatures for non-repudiation of creation. Since the use of digital signature mechanisms for non-
repudiation of creation of a document implies integrity of the document and authenticity of the creator,
the services described in this Rec. | International Standard can also be combined to implement integrity
and authenticity services. This is done in a way to promote interoperability among TTPs as well as
between TTPs and commercial applications. NOTE – There is no inherent reason why every TTP
planning to support the application of digital signatures should be required to offer all of these services. It
is possible that a number of TTPs offering different services cooperate in supporting the use of digital
signatures. But, from the view of the potential commercial applications, the whole range of the services
may be required and interoperability becomes even more important in this scenario. This is an additional
justification to collect all these services together in one document.
Rec. ITU-T X.893 | ISO/IEC 24824-3 specifies the application of encryption and integrity (either
separately or in combination) to a fragment of an XML infoset that is serialized using the Fast Infoset
specification in Rec. ITU-T X.891 | ISO/IEC 24824-1. The specification of encryption uses the W3C Rec.
XML Encryption Syntax and Processing. The specification of integrity uses the W3C Rec. W3C
Canonical XML Version 1.0, W3C Exclusive XML Canonicalization Version 1.0, and XML-Signature
Syntax and Processing.
Rec. ITU-T X.901 | ISO/IEC 10746-1 The rapid growth of distributed processing has led to a need for a
coordinating framework for the standardization of Open Distributed Processing (ODP). This Reference
Model provides such a framework and creates an architecture to support distribution, interworking and
integrated portability. This Rec. contains a motivational overview of ODP giving scoping, justification and
explanation of key concepts, and an outline of the ODP architecture. It contains explanatory material on
how this Reference Model is to be interpreted and applied by its users, standards writers and architects
of ODP systems. It also contains a categorization of required areas of standardization expressed in
terms of the reference points for conformance identified in Rec. ITU-T X.903. ODP systems have to be
secure, i.e. must be built and maintained in a manner which ensures that system facilities and data are
protected against unauthorized access, unlawful use and any other threats or attacks. Security
requirements are difficult to meet by remoteness of interactions, and mobility of the system and of the
system users. The security rules for ODP systems may define: the detection of security threats; the
protection against security threats; the limiting any damage caused by any security breaches.
Rec. ITU-T X.902 | ISO/IEC 10746-2 contains the definition of the concepts and analytical framework for
normalized description of (arbitrary) distributed processing systems. It introduces the principles of
conformance to ODP standards and the way in which they are applied. This is only to a level of detail
sufficient to support Rec. ITU-T X.903 | ISO/IEC 10746-3 and to establish requirements for new
specification techniques. This Rec | IS revises descriptions of role, action, policy, component, and
additional definitions such as refinement of interaction, relationship between specification and
instantiation, and human-system interaction. Additionally, multi-provider business, services and
causalities are revisited.
Rec. ITU-T X.903 (2009-10) | ISO/IEC 10746-3 contains the specification of the required characteristics
that qualify distributed processing systems as open. These are the constraints to which ODP standards
must comply. It uses the descriptive techniques from Rec. ITU-T X.902 | ISO/IEC 10746-2. This Rec | IS
revises descriptions of community, channel rules, and provide alignments with Rec. ITU-T X.902 |
ISO/IEC 10746-2 on the number of parameters, flows and use of signals, relationship between the
computational and engineering viewpoints, the nature of the technology viewpoint, and infrastructure.
Additionally, interaction rules and signatures of action templates are revisited.
Rec. ITU-T X.904 | ISO/IEC 10746-4 contains a normalization of the ODP modelling concepts defined in
Rec. ITU-T X.902, clauses 8 and 9. The normalization is achieved by interpreting each concept in terms
of the constructs of the different standardized formal description techniques.
Rec. ITU-T X.910 | ISO/IEC 14771 defines a naming model comprising concepts, rules and structures
governing naming in ODP systems. It places constraints and gives guidance to the specifiers of ODP-
compliant naming systems. This Rec | IS defines the processes involving names in: – basic naming
concepts, including the management of names which involves naming and unnaming; – resolution of
names, in which a name is interpreted in order to make it possible to interact with the entity named; –
communication of names, which may involve the transfer of a name to an entity which interprets names
in a different context from that used by the sender. In general, the communication of names will be an
active process which involves transformation of the name so that, when resolved, it continues to refer to
the same entity; – comparison of names, to determine whether two names are known to refer to the
same entity (are synonyms). However, if the naming system is sufficiently complex (for example,
involving loose federations), in some cases comparison may fail to identify synonyms; – federation of
naming systems, which involves the definition of the abstract processes for name resolution, name
communication, and name comparison necessary to handle names in the federation of different naming
Provides guidance for applying the concepts of the Rec. ITU-T X.805 architecture to divide of security
controls between the telecommunication networks (including service provider’s and/or application
provider’s networks) and the end user’s equipment. This Rec. also defines the factors that must be taken
into account in setting up or dividing the interaction of security controls belonging to the
telecommunication network and the users. In addition, a classification of security controls for
telecommunication is given.
Proposes four models that make possible a review of interrelationships between a telecommunication
IP-based network security system (TNSS) and various groups of external objects. Each object is
considered in terms of its main functions and its probable effect on TNSS construction and functioning
principles. This Rec. provides a basis for developing detailed recommendations on network security with
regard to the effect on external objects.
The extensible authentication protocol (EAP) is an authentication framework that supports multiple
authentication mechanisms between a supplicant and an authentication server in a data communication
network. EAP can be used as a basic tool for enabling user authentication and distribution of session
keys in a data communication network. Since there are several EAP methods, the application designer
should select the optimal EAP method among them. This revised Rec. ITU-T X.1034 describes a
framework for EAP-based authentication and key management for securing the lower layer in a
communication network. It provides guidance on the selection of EAP methods and describes the
mechanism for key management for the lower layer of a data communication network. The framework
described in this Rec. can be applied to protect data communication networks with either wireless
access network or wired access network with a shared medium.
Specifies a password-based protocol for authentication and key exchange, which ensures mutual
authentication of both parties in the act of establishing a symmetric cryptographic key via Diffie-Hellman
exchange. The use of Diffie-Hellman exchange ensures the perfect forward secrecy. With the proposed
authentication method, the exchange is protected from the man-in-the-middle attack. The authentication
relies on a pre-shared secret, which is protected (i.e., remains unrevealed) to an eavesdropper
preventing an off-line dictionary attack. Thus, the protocol can be used in a wide variety of applications
where pre-shared secrets based on the possibly weak password exist.
Establishes a set of network security policies that will drive the security controls of a system or a service.
It also specifies the framework for the creation, storage, distribution, and enforcement of policies for
network security that can be applied to various network conditions and devices.
Rec. ITU-T X.1051 | ISO/IEC 27011 For telecommunications organizations the information and the
supporting processes, facilities, networks and lines are important business assets. To manage these
business assets appropriately and to continue their business activities correctly and successfully,
information security management system (ISMS) is necessary. This Rec. specifies the requirements of
information security management for telecommunications organizations to establish, implement, operate,
monitor, review, maintain and improve a documented ISMS, and specifies requirements for the
implementation of security controls customized to the needs of individual telecommunications or parts
thereof. The ISMS is designed to ensure adequate and proportionate security controls that adequately
protect information assets and give confidence to the customers and business partners of
telecommunications organizations as well as to other interested telecommunications parties. This can be
translated into maintaining and improving competitive edge, cash flow, profitability, legal compliance and
commercial image. This Rec | establishes guidelines and general principles for initiating, implementing,
maintaining, and improving information security management in telecommunications based on ISO/IEC
Describes and recommends the framework of information security management for telecommunications
to support Rec. ITU-T X.1051, Rec. ITU-T X.1055 etc. It provides information security management
framework (ISMF). ISMF maps the controls defined by Rec. ITU-T X.1051 to the practical
implementation methodologies by defining a set of management areas, such as asset management,
incident management, risk management, policy management and so on. Information security
management framework (ISMF) is based on a process approach to describe a set of security
management areas which gives guidelines to telecommunications to fulfill the control object defined in
Rec. ITU-T X.1051, Rec. ITU-T X.1055 etc. The management areas include asset management, incident
management, risk management, policy management and so on, which map the controls defined by Rec.
ITU-T X.1051 to the implementation methodologies, so ISMF relates the Rec. ITU-T X.1051 which gives
the baselines for the telecommunications and other Rec.s, such as Rec. ITU-T X.1055 and Rec. ITU-T
X.1056, which gives the practical methodologies focusing on a specific area of information security
management.
Describes and recommends the processes, techniques and functional profiles for information security
risk management for telecommunication to support Rec. ITU-T X.1051 | ISO/IEC 27011 and other ITU-T
Rec. These processes and techniques can be used to assess security requirements and risks identified
in telecommunication, and help to select, implement and maintain/update appropriate information
security risk controls, i.e., the correct information security level. There are many specific methodologies
that have been developed to address the requirements for risk management. This Rec. provides the
criteria for assessing and selecting appropriate methodologies for a telecommunication organization.
However, this does not aim to propose a specific risk management methodology for telecommunication.
In addition, this Rec. provides several risk profiles both in terms of Rec. ITU-T X.1051 management
areas as well as telecom specific services areas.
Provides an overview of security incident management processes and services for telecommunication
organizations. It provides concepts and key issues associated with security incident management. Since
the telecommunication organizations need to have processes in place to not only handle incidents that
do occur but to prevent incidents from re-occurring, the five high-level processes are described along
with the relationship to the security management. In addition, a list of services that a security incident
management team can provide is suggested in terms of reactive, proactive, and security quality
management services. This Rec. seeks to assist telecommunications organizations in mitigating the risks
from security incidents by providing practical guidance on responding to incidents effectively and
efficiently. Telecommunications organizations are encouraged to tailor the recommended guidelines and
solutions to meet their specific security or business requirements. This Rec. presents general security
incident management guidelines that are independent of particular hardware platforms, operating
systems, and applications to supportively provide detailed implementation guidelines in line with [Rec.
ITU-T X.1051]. Specifically, it includes guidance on establishing an effective security incident
Provides guidelines for securely managing various assets including electronic information, paper, and IT
system in telecommunication organizations. This Rec. also contains main activities and methods for
implementing asset management on the basis of PDCA (Plan – Do – Check – Act) process model.
Is the first in a suite of e-health and telemedicine recommendations (Rec. ITU-T X.1080.1 - to - 6) and
defines a generic telecommunication protocol that supports interactions between a medical station local
to a patient and a remote medical center providing greater expertise. It specifies a set of protocols,
including security features that enable these interactions to take place. It specifies mechanisms to
provide either integrity or encryption or both for the protocol interactions. The protocol defined is called
the ITU-EHP protocol (ITU-T E-Health Protocol). The protocol specification is generic, and can be
supplemented by standards from other Standard Development Organizations (SDOs). The remaining
five parts of the Rec. ITU-T X.1080 series, dealing with the identification of physiological quantities and
units, are being constructed in close collaboration with ISO/TC 12, and IEC/TC 25.
Defines a Telebiometric Multimodal Model (TMM) that provides a common framework for the
specification of four inter-connected security issues: Privacy, Authentication, Safety and Security. This
Telebiometric Multimodal Model covers all the possibilities for safe and secure multimodal man-machine
interactions, and is derived in part from ISO 31 and IEC 60027-1 standards. The cognitive, perceptual
and behavioral modalities of a human being are also relevant in the field of telecommunication, and are
likely to be used by a biometric sensor or effector in the future, for authentication purposes. These are
also covered by the Telebiometric Multimodal Model. Taxonomy is presented of the interactions that
occur at the multimodal layer where the human body interacts electronic, photonic, chemical or material
devices capturing biometric parameters or impacting that body. Authentication of a human being, with
preservation of his privacy and safety, can be specified in terms of interactions between devices and the
Personal Privacy Sphere, which models and encapsulates the interactions of a human being with its
environment, making discussion of such interactions explicit and engineerable. This Rec. includes
specification of the Personal Privacy Sphere, categorization of modalities of interaction across that
Rec. ITU-T X.1082 | ISO/IEC 80000-14 uses the framework defined in Rec. ITU-T X.1081, The
telebiometric multimodal model (TMM) – A framework for the specification of security and safety aspects
of telebiometrics, for optimal safety and security in telebiometrics. It gives names and symbols for
quantities and units concerned with emissions from the human body that can be detected by a sensor,
and with effects on the human body produced by the telebiometric devices in its environment. It is
applicable to both physiology and biometrics (the measurement of physiological, biological, and
behavioral characteristics). A taxonomy of wetware and hardware/software interactions is defined.
Thresholds using the set of International System of Quantities (ISQ) and the related International
System of Units (SI) are specified.
Rec. ITU-T X.1083 | ISO/IEC 24708 specifies the syntax, semantics, and encodings of a set of
messages ("BIP messages") that enable a BioAPI-conforming application to request biometric
operations in BioAPI-conforming biometric service providers (BSPs) across node or process boundaries,
and to be notified of events originating in those remote BSPs. It also specifies extensions to the
architecture and behaviour of the BioAPI framework (specified in ISO/IEC 19784-1) that support the
creation, processing, sending, and reception of BIP messages.
The biometric technologies are developed various products and populated in application systems such
as the border control, the physical access control, etc, for identity verification. These technologies are
expected to be applied to open network systems for reliable user authentication. However, open network
systems need to manage risks in biometric products and system configurations for secure remote
services. This Rec. specifies the biometric authentication protocols and profiles for telecommunication
systems in the open network.
Defines the requirements of guideline to provide security countermeasures for the telebiometrics
protection procedures. This Rec. defines the vulnerabilities and threats in operating telebiometric
systems, and proposes a general guideline for security countermeasures from both technical and
managerial perspectives in order to establish a safe environment for the use of telebiometric systems
and to protect individual privacy. This Rec. describes countermeasures that allow the protection of
biometric devices as related to their installation, removal, and delivery. Countermeasures are proposed
for the protection of biometric systems as related to their operational procedures, as well as the roles
and responsibilities of personnel involved in system design. It is expected that the proposed
countermeasures will ensure security and reliability of the flow of biometric information in a
telecommunications environment. This Rec. defines weaknesses and threats in operating telebiometric
systems and proposes a general guideline of security countermeasures from both technical and
managerial perspectives. From the technical point of view, countermeasures are proposed to ensure the
integrity, mutual authentication, and confidentiality of the transmitted data and also to protect the data
Describes a framework for biometric digital key generation, protection from a biometric template with
Public Key Certificate and Biometric Certificate in order to provide cryptographic secure authentication
and secure communication on open network. This Rec. also describes the security requirements in
biometric digital key generation and protection. The framework described in this Rec. can be applied to
the biometric encryption and digital signature.
Defines an authentication infrastructure, using a range of biometric certificates, for remote authentication
of human beings. It extends Rec. ITU-T X.509, Public-Key and Attribute Certificate Frameworks and
ISO/IEC 24761 Authentication context for biometrics. The combination of the Rec. ITU-T X.509
extensions and telecommunications and biometrics is called the Telebiometrics Authentication
Infrastructure (TAI). It can be used in authentication applications with or without a Public Key
Infrastructure (PKI) and/or a Privilege Management Infrastructure (PMI) based on Rec. ITU-T X.509, but
would normally be used with both. It defines biometric extension fields for use in Rec. ITU-T X.509
certificates, to produce biometric certificates. An important part of this Rec. is to recognise and provide
for biometric devices and associated software to operate at different (certified) security levels, depending
on the needs of the application that is being accessed.
Describes a user authentication framework with a one-time telebiometric template. The framework
provides secure user authentication and protection mechanisms for a biometric template transmitted
over open networks. It prevents a replay attack and protects an original biometric template by
generating a new template upon each completion of authentication. This Rec. also addresses the
security requirements associated with the framework for a one-time telebiometric template.
Describes a general guideline for testing and reporting the performance of biometric template protection
techniques, based on biometric cryptosystem or cancelable biometrics. This guideline specifies two
reference models for evaluation, which use biometric template protection techniques in telebiometric
systems. It then defines the metrics, procedures, and requirements for testing and evaluating the
performance of the biometric template protection techniques.
Defines the network and service models used for multicast communication. It addresses potential
security threats and the required countermeasures. Potential threats are defined from the general,
mobility-oriented and multicast specific perspectives, and multicast-specific threats are analysed in
particular detail. As such, the security requirements, framework and functions are defined and explained
as the main focus of the Rec.
Describes security threats and security requirements to the home network from the point of view of home
user and remote user. It excludes the security requirements from the service provider’s viewpoint. In
addition, this Rec. categorizes security technologies by security functions that satisfy above security
requirements and by the place to which the security technologies are applied in the model of the home
network. Finally, the security function requirements for each entity in the network and possible
implementation layer for security function are also presented.
Proposes a certificate profile for authenticating the device in the home network. It also describes how
authentication works between devices in the home network with a secure home gateway. In addition, this
Rec. describes the certificate profile standard for home network devices using Rec. ITU-T X.509 as the
basic reference for the device certificate profile. Finally, this Rec. describes the certificate management
procedures for the home device certificate in the home network.
Some environments necessitate the authentication of the human user rather than a process or a device.
In authenticating human users, the authentication system requires human users to prove their
uniqueness. Such uniqueness is generally based on various authentication means like something
known, something possessed or some immutable characteristics for each human user. This Rec.
provides a guideline on user authentication mechanism for the home network services. It also considers
various security issues according to Rec. ITU-T X.1111, which specifies the framework of security
technologies for home network. Finally, the security assurance level and authentication model are
defined according to authentication service scenarios.
Alongside the wide deployment of home network services and the increasing development of a variety of
technologies for telecommunication, contents provision, remote control, etc., concerns over the security
of the home network are increasing. As a basic security function for protecting the home network,
authorization ensures that only an authorized entity (including user, device) can access the home
network resources. This Rec. describes an authorization framework for home network, which includes a
number of home network resources such as home network users, three types of home devices, the
service servers, the services provided, a variety of applications, and the heterogeneous network
protocols and middleware for communication and service development. This Rec. describes the security
threats and authorization requirements for the home network, identifies the authorization entities and
methods, and develops authorization models and authorization modes for guaranteeing the security of
the home network.
Describes security threat on mobile end-to-end data communication and security requirements for
mobile user and application service provider (ASP) in the upper layer of the OSI Reference Model for
mobile end-to-end data communication between a mobile terminal in mobile network and an application
server in an open network. In addition, this Rec. shows where the security technologies realizing certain
security function appear in the mobile end-to-end data communication model. This Rec. provides a
framework of security technologies for mobile end-to-end data communication.
PKI technology is a security technology that is applied to the relation between mobile terminal and
application sever in general model of mobile end-to-end data communication between mobile user and
ASP or to the relation between mobile terminal and mobile security gateway and between mobile
security gateway and server in gateway model of mobile end-to-end data communication between
mobile user and ASP. Although PKI technology is a very useful technology for protecting mobile end-to-
end data communications, there are characteristics specific to mobile data communications that require
the PKI technology to be adapted when constructing secure mobile systems (encipherment, digital
signature, data integrity, and so on). As methods to construct and manage secure mobile systems based
on PKI technology has not been established this Rec. shows a guideline to construct secure mobile
systems based on PKI technology.
Describes differentiated security service for secure mobile communication. The investigation of
differentiated security service is important for both service providers and users. The service providers
can use the differentiated security service to overcome rigorous circumstance of wireless access
network and satisfy various users and service with different levels of security. The differentiated security
service is realized by security policy with three layers. One layer is super security policy used as value
added service that safeguards mobile communication with sensitive information. The second layer is
baseline security policy used as prevalent service that satisfies mobile communication without sensitive
information. The last layer is no security policy defined as the policy under which no security function is
configured during communication.
End-to-end data communications between mobile users and various service providers in the network.
The generic negotiation mechanisms and authentication procedures specified in this Rec. support both
those entities that have miscellaneous authentication capabilities and to those entities that have
differentiated security requirements. The authentication addressed in this Rec. is used for service
providers and requesters and is independent of network access authentication of the mobile users. This
Rec. constructs generic authentication architecture for mobile data communication to satisfy various
requirements of application service authentication methods between mobile users and application
servers. The architecture applies to mobile terminal users subscribed to different mobile networks and
application service providers inside the mobile network or in open networks.
In a mobile network environment, while core networks are able to manage security threats, mobile
stations (MS) that access the mobile network have little defence capability due to limited hardware
resources. Compromised mobile stations can themselves easily become virus agents and threaten the
entire network. The Correlative Reacting System (CRS) defined in this Rec. aims to protect mobile
networks against the threats of the insecure terminals that do not conform to the security policy of the
network, such as the terminals that have been compromised. This Rec. describes the generic
architecture of a correlative reactive system deploying the mobile network and its user terminals to
cooperate and combat various security threats for secure end-to-end data communications. Such threats
include, for example, virus, worms, Trojan-horses or other network attacks etc. to both the mobile
network and its mobile users. Protocol and procedures are comprehensively specified and some
important application issues are addressed. For the cases that viruses or worms have already been
spreading in the mobile network, the correlative reactive system also provides a mechanism to keep
them spreading in configurable scope, thus saving time for the network operator to recover, and finally to
Rec. ITU-T X.1141 | OASIS SAML v2.0 In order to access protected resources at a service provider,
users authenticate to their identity provider ("thinking locally" because they do not need to authenticate
to a remote service provider, just an identity provider with which they have a closer trust relationship).
Based on this authentication, they are then able to access resources at one or many service providers
("acting globally"). Federation is the dominant movement in identity management today. Federation
refers to the establishment of business agreements, cryptographic trust, and user identifiers or attributes
across security and policy domains to enable more seamless cross-domain business interactions. Just
as web services promise to enable integration between business partners through loose coupling at the
application and messaging layer, federation does so at the identity management layer – insulating each
domain from the details of the others" authentication and authorization infrastructure. Key to this loose
coupling at the identity management layer are standardized mechanisms and formats for the
communication of identity information between the domains – the standard provides the insulating buffer.
The Security Assertion Markup Language (SAML) defines just such a standard.
Rec. ITU-T X.1142 | OASIS XACML v2.0 The "economics of scale" have driven computing platform
vendors to develop products with very generalized functionality, so that they can be used in the widest
possible range of situations. "Out of the box", these products have the maximum possible privilege for
accessing data and executing software, so that they can be used in as many application environments
as possible, including those with the most permissive security policies. In the more common case of a
relatively restrictive security policy, the platform's inherent privileges must be constrained, by
configuration. The basic requirements of a policy language for expressing information system security
policy are: a) To provide a method for combining individual rules and policies into a single policy set
that applies to a particular decision request. b) To provide a method for flexible definition of the
procedure by which rules and policies are combined. c) To provide a method for dealing with multiple
subjects acting in different capacities. d) To provide a method for basing an authorization decision on
attributes of the subject and resource. e) To provide a method for dealing with multi-valued attributes. f)
To provide method for basing an authorization decision on the contents of an information resource. g)
Describes the security architecture and scenarios for message security in mobile Web Services. Security
services for messages are the most fundamental security requirements for mobile Web Services.
Although the components for message security such as WS-Security have been standardized, standard
architecture and service scenarios for providing message security for mobile Web Services have yet to
be defined. Since Simple Object Access Protocol (SOAP) messages use Hypertext Transport Protocol
(HTTP) ports, they cannot be filtered by firewalls; hence there is a need to provide a message filtering
mechanism based on the message contents in the architecture for secure mobile Web Services as well
as to integrate security policy mechanism suitable for mobile Web Services message security and the
message filtering mechanism into the architecture. Since many mobile terminals do not have sufficient
processing power to support the Web Services protocol stack fully, and many backend application
servers are not based on Web Services, interworking mechanisms and scenarios between mobile Web
Services and legacy non-Web Services applications should be provided. This Rec. seeks to establish a
guideline for security architecture and security service scenarios for message security in mobile Web
A secure password-based authentication protocol with key exchange is a kind of authentication protocol
with authenticated key exchange using a human-memorable password. It is very simple and easy to
implement as well as easy to use; no need for other infrastructure, e.g., PKI. A secure password-based
authentication protocol with key exchange (SPAK) becomes very important, since a variety of usage
cases in many applications will emerge in the near future. In addition, SPAK provides both user
authentication and strong key exchange with weak password, .i.e., the subsequent communication
session can be protected by a shared secret during the authentication procedure. This Rec. is intended
to identify a set of requirements for password-based authentication protocols and define the guideline for
selecting most suitable password authentication protocol by presenting the criteria for choosing an
optimum SPAK protocol for applications. SPAK can also be used in a wide variety of applications
wherein pre-shared secrets based on the weak password exist.
Defines basic interfaces, interactions and security considerations of on-line Trusted Third Party (TTP)
services for secure end-to-end data communication. This Rec. also identifies on-line TTP services which
can be used to support secure end-to-end data communication which is a connection-oriented
communication between two entities with no eavesdropping, injection and modification of data,
unauthorized access and repudiation.
Provides a management framework of an one time password (OTP)-based authentication service to
support multi-factor authentication, and specifically, includes the general management framework,
centralized management framework, enhanced centralized framework, and cross-domain management
framework. These frameworks consist of the OTP management models, OTP management operations,
and security considerations for providing the OTP authentication service in a secure telecommunication
network. The OTP authentication service supports multi-factor authentication through an OTP token that
creates a password for one-time use only. OTP-based authentication usually consists of 2 basic units: an
OTP token and a relevant OTP validation server using an identical OTP generation algorithm. OTP has
been developed to cope with fundamental security threats inherent in the traditional static password
while requiring each OTP user to have several OTP tokens for the authentication service unless a
management framework is provided. This framework enables using the service with only one token.
Describes security threats and security requirements to the peer-to-peer (P2P) communications based
on the service scenarios and characteristics of P2P communications. Peer-to-peer (P2P) is an
instantiation of network architectures where all peers have equivalent authority and responsibility,
differing completely from that of server and client system. In the case of P2P communications, a peer
can be both the server and the client. When data or messages are exchanged in a P2P network, a peer
communicates with other peers directly. Because traffic and processing are distributed to each peer, the
P2P network does not require high performance computing power and high bandwidth network
compared with the server and client system. Because the P2P communication architecture differs from
that of the server and client system, further security threats emerge, which are not applicable to server
and client architecture. With this in mind, P2P applications should be carefully built while taking into
consideration the security threats to P2P communications. This Rec. describes the framework for secure
P2P communications, which includes security threats and security requirements for P2P
communications. In addition, this Recommendation describes that the security functions for satisfying
Describes a general and common security-related architectural model and operations that can be
applied to various peer-to-peer (P2P) networks, and only covers the generic security issues that are
common to most P2P networks. The security issues are described on the basis of the operations. The
complete set of security requirements is defined in Rec. ITU-T X.1161. Based on the architectural model,
this Rec. identifies primitive operations for generic P2P networks. Non-generic and application
dependent operations are not described in this Rec. For each primitive operation, the relations among
the security requirements, security functions, and operations are described for the development
guidelines. In addition, the relationship between the security functions and operation is described.
The widespread deployment of Radio Frequency Identification (RFID) tags may give rise to concerns of
privacy infringement for the ordinary person because of the abilities of RFID technology such as the
automated collection and processing of RFID data from the RFID-enabled products and possible
disclosure of such data to the public. For the networked ID (including RFID) services based on a
personalized tag such as after-sale service for networked ID tag-enabled products, healthcare-related
service using networked ID, etc., in particular, the privacy issue is becoming an increasingly serious
problem. This Rec. describes various Personally Identifiable Information (PII) infringements for the
networked ID service environment and requirements for PII protection. In addition, this Rec. provides a
framework for PII protection service based on PII policy profile.
Addresses the functional requirements, architecture, and mechanisms dealing with the security and
protection aspects of IPTV content, services, networks, terminal devices, and subscribers (end users). It
is anticipated that requirements and relevant functions identified in this Rec. can be applied
appropriately according to the IPTV service and business models which could request different level of
security capabilities.
Deals with the functional requirements, architecture, and mechanisms that pertain to the security of
transcoding protected IPTV content. Generic security of IPTV content is not discussed here.
Describes requirements and architecture for key management, including key hierarchy for unicast and
multicast IPTV services in the IPTV context. It also specifies key management for downloadable service
and content protection (SCP) if deployed. This Rec. does not include any other key management
architecture and mechanisms in Rec. ITU-T X.1191.
Develops a complete set of requirements for the interoperable service and content protection (SCP) to
support interoperability between multiple SCP mechanisms. This includes interoperable SCP scenarios,
interoperable SCP architecture and interoperable SCP process.
Provides guidelines on criteria for selecting cryptographic algorithms for IPTV service and content
protection (SCP). It also provides a list of cryptographic algorithms to provide confidentiality, data origin
authentication, and integrity for IPTV SCP services.
provides a definition for cybersecurity. The Rec. provides a taxonomy of security threats from an
operator point of view. Cybersecurity vulnerabilities and threats are presented and discussed at various
network layers. Various cybersecurity technologies that are available to counter threats include: routers,
firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure
computing, audit and monitoring. Network protection principles such as defense in depth, access and
identity management with application to cybersecurity are discussed. Risk management strategies and
techniques are discussed including the value of training and education in protecting the network. A
discussion of cybersecurity standards, cybersecurity implementation issues and certification are
presented.
Provides a framework for automatic notification of security related information and dissemination of
updates. The key point of the framework is that it is vendor-neutral. Once an Asset is registered, updates
of vulnerability information, patches or updates can be automatically made available to the users or
directly to applications.
Provides guidelines for Telecommunication Service Providers (TSP) for addressing the risks of spyware
and potentially unwanted software. The Rec. promotes best practices around principles of clear notices,
and user’s consents and controls for TSP web hosting services. The Rec. develops and promotes best
practices to users on Personal Computer (PC) security, including use of Anti-spyware, Anti-virus,
Personal Firewall, and security updates software on client systems.
Describes high level scenarios and supporting capabilities for cybersecurity information sharing and
exchange, and provides capabilities important for supporting interoperability between applications for the
sharing and exchange of cybersecurity information. Capabilities are described which may be used in
scenarios/situations supporting previously independent acting entities to participate in various
coordinated efforts, such as the prevention or halting of targeted behaviour or the coordination of
analysis and determination efforts. The goal of the capabilities listed and described is to support more
efficient and effective security operations by supporting the interoperable sharing and exchange of
information between trusted parties working together to monitor, maintain and generally manage the
security of systems and networks.
Emphasizes technical strategies on countering spam, and includes general characteristics of spam and
main objectives of countering spam as well. Furthermore, recognizing that there is no single solution to
resolve the spam problem, this Rec. also provides a checklist to evaluate promising tools for countering
Spam.
Specifies basic concepts, characteristics, effects, and technical issues of email spam. It also provides
the current technical solutions and related activities from various standard development organizations
and relevant organizations on countering email spam. It provides guideline and information to the users
who want to develop technical solutions on countering email spam and it will be used as a basis for
further development of technical Rec.s on countering email spam.
Specifies the technical framework for network structure for countering spam. Functions inside the
framework are defined. It also provides, the universal rules of distinguishing spam from other emails and
the common methods of countering email spam.
Describes realization of the SMS spam filtering system based on user-specified rules. It defines: the
structure of SMS spam filtering system, SMS spam filtering functions, users’ service management,
communication protocols and basic functional requirements of terminals with SMS functions.
Specifies interactive gateway system countering spam as a technical mean for countering various types
of spam. The gateway system enables spam notification from receiver's gateway to sender's gateway,
prevents spam traffic from going across the network. This Rec. defines the architecture of the gateway
system, describes basic entities, protocols and functions of the gateway system, and provides
mechanisms for spam detection, information sharing and specific actions in the gateway system for
countering spam.
Specifies basic concepts, characteristics, and technical issues related to countering spam in IP
multimedia applications such as IP telephony, instant messaging, etc. The various types of IP multimedia
application spam are categorized, and each categorized group is described according to its
characteristics. This Rec. describes various spam security threats that can cause IP multimedia
application spam. There are various techniques developed to control the email spam which has caused
social problem. Some of those techniques can be used in countering IP multimedia application spam.
This Rec. analyzes the conventional spam countering mechanisms and discusses their applicability of
countering IP multimedia application spam. This Rec. concludes by mentioning various aspects that
should be considered in countering IP multimedia application spam.
Specifies the general architecture of countering spam system on IP multimedia applications such as IP
telephony, instant messaging, multimedia conference, etc. It provides functional blocks of necessary
network entities to counter spam and their functionalities, and describes interfaces among the entities.
To build secure session against spam attack, user terminals and edge service entities such as proxy
server or application servers are extended to have spam control functions. Shown are interfaces
between these extended peer entities, and interfaces with other network entities which can play a role in
countering spam.
Provides a structured set of requirements for capabilities necessary for global identity management
(IdM) trust and interoperability, i.e., to enable known trust in the assertions about digital identities
(credentials, identifiers, attributes and reputations) used in all communication and control networks and
services. The use of the term “global” in this Rec. implies both worldwide geography as well as
applicability to the entire array of telecommunication/ICT networks and services. It is recognized that the
implementation of IdM capabilities must often span vague boundaries among private and public sector
networks and services that will remain very diverse, highly distributed, substantially autonomous, and
constantly evolving. This dynamic diversity was a consideration in defining these requirements. This
Rec. includes available references to best practices for the protection of personally identifiable
information and support of cybersecurity capabilities.
Defines a framework to enhance user control and exchange of their digital identity related information.
This Rec. also defines requirements of the digital identity information exchange. The work includes
providing the user with the ability to control the release of personally identifiable Information. NOTE –
The use of the term “identity” in this recommendation relating to IdM does not indicate its absolute
meaning. In particular, it does not constitute any positive validation.
Contains a baseline set of definitions of terms commonly used in identity management (IdM). The
definitions provide a basic definition of the term, i.e., they are intended to convey the basic meaning
although exceptionally, a note is included when it helps to clarify the definition. One of the main
objectives of this Rec is to promote a common understanding of these terms among the groups currently
developing (or planning to develop) IdM-related standards. The definitions are constructed so that, as far
as possible, they are independent of implementations or specific context and, therefore, should be
suitable as baseline definitions for any IdM work. It is acknowledged that, in some instances and
contexts, greater detail may be required for a particular term, in which case, elaboration of the baseline
definition may be considered. The rationale for some of the key terms/definitions is included in Annex A.
NOTE – The use of the term "identity" in this Rec. relating to IdM does not indicate its absolute meaning.
In particular, it does not constitute any positive validation of a person.
Proposes security guidelines for identity management (IdM) systems. The security guidelines provide
how an IdM system should be deployed and operated for secure identity services in NGN (Next
Generation Network) or cyberspace environment. The security guidelines will focus on providing official
advice how to employ various security mechanisms to protect a general IdM system and it will also study
proper security procedures required when two IdM systems are interoperated.
Recognizes that RFID technology renders information pertaining specifically to the merchandise worn or
carried by individuals open to abuse even as it greatly facilitates access to and distribution of such
information for useful purpose. The abuse can be manifest as tracking the location of the individual or
invasion of his or her privacy in another malfeasant manner. For this reason Rec. ITU-T X.1275 provides
guidelines regarding the RFID procedures that can be used to enjoy the benefits of RFID while
attempting to protect personally identifiable information (PII).
Rec. ITU-T X.1303 | OASIS CAP.1.1 specifies the common alerting protocol (CAP) which is a simple but
general format for exchanging all-hazard emergency alerts and public warnings over all kinds of
networks. CAP allows a consistent warning message to be disseminated simultaneously over many
different warning systems, thus increasing warning effectiveness while simplifying the warning task. CAP
also facilitates the detection of emerging patterns in local warnings of various kinds, such as might
indicate an undetected hazard or hostile act. And CAP provides a template for effective warning
messages based on best practices identified in academic research and real-world experience. This Rec.
is technically equivalent and compatible with the OASIS Common Alerting Protocol, V1.1 standard.
Rec. ITU-T X.1311 | ISO/IEC 29180 The recent advancement of wireless-based communication
technology and electronics has facilitated the implementation of a low-cost, low-power sensor network.
Basically, a Ubiquitous Sensor Network (USN) consists of three parts: a sensor network consisting of a
large number of sensor nodes, a base station (also known as gateway) interfacing between the sensor
networks and an application server, and the application server controlling the sensor node in the sensor
network or collecting the sensed information from the sensor nodes in the sensor network. Rec. ITU-T
X.1311 | ISO/IEC 29180 describes the security threats to and security requirements of a Ubiquitous
Sensor Network, and categorizes the security technologies according to the security functions that
satisfy said security requirements and by the place to which the security technologies are applied in the
security model of the Ubiquitous Sensor Network. Finally, the security functional requirements and
security technologies for the Ubiquitous Sensor Network are presented.
Provides guidelines for USN middleware security, analyzes security threats on ubiquitous sensor
network (USN) middleware, defines the functional requirements, develops the guidelines for USN
middleware security, and also covers inter alia a) an overview of USN middleware security; b) a
functional model of USN middleware; c) describes security threats on USN middleware; d) lists security
requirements for USN middleware; e) presents guidelines for USN middleware security
Describes techniques for exchanging cybersecurity information. These techniques can be used
individually or in combinations, as desired or appropriate, to enhance cybersecurity through coherent,
comprehensive, global, timely and assured information exchange. No obligations to exchange
information are implied, nor are the means of acquisition or ultimate use of the information treated.
CYBEX is one of the elements providing confidence and security in the use of ICTs.
Provides for the registration of OID arcs which enable coherent, unique and global identification of
cybersecurity information as well as of organizations exchanging that information and associated
policies; specifies the information and justification to be provided when requesting an OID for
cybersecurity information exchange purposes, and the procedures for the operation of the Registration
Authority; specifies the procedures for operating the registration of OID arcs to identify cybersecurity
information, organizations exchanging that information, and associated policies under the Cybersecurity
Information Exchange object identifier arc {joint-iso-itu-t(2) cybersecurity(48)}.
On the use of the common vulnerabilities and exposures (CVE) provides a structured means to
exchange information security vulnerabilities and exposures that provides common names for publicly
known problems in the commercial or open source software used in communications networks, end user
devices, or any of the other types of information and communications technology (ICT) capable of
running software. The goal of the Recommendation is to define use of CVE to make it easier to share
data across separate vulnerability capabilities (tools, repositories, and services) with this common
naming. This Rec. defines the use of CVE to provide a mechanism for vulnerability databases and other
capabilities to be used together, and to facilitate the comparison of security tools and services. CVE
does not contain information such as risk, impact, fix information, or detailed technical information. CVE
only contains the standard identifier number with status indicator, a brief description, and references to
related vulnerability reports and advisories. The repository of CVE identifiers is available at
[cve.mitre.org/cve/cve.html]. The intention of CVE, the use of which is defined in this Rec, is to be
comprehensive with respect to all publicly known vulnerabilities and exposures. While CVE is designed
On the common vulnerability scoring system (CVSS) provides an open framework for communicating the
characteristics and impacts of information and communication technologies (ICT) vulnerabilities in the
commercial or open source software used in communications networks, end user devices, or any of the
other types of ICT capable of running software. The goal of the Rec. is to enable ICT managers,
vulnerability bulletin providers, security vendors, application vendors and researchers to speak from a
common language of scoring ICT vulnerabilities.
Provides a structured means to exchange information security weaknesses that provides common
names for publicly known problems in the commercial or open source software used in communications
networks, end user devices, or any of the other types of information and communications technology
(ICT) capable of running software. The goal of CWE is to enable more effective discussion, description,
selection, and use of software security tools and services that can find these weaknesses in source code
and operational systems as well as better understanding and management of software weaknesses
related to architecture and design. The intention of CWE, the use of which is defined in this Rec., is to be
comprehensive with respect to the software architecture, design, coding, and deployment errors that are
the root causes of vulnerabilities and exposures. While CWE is designed to contain mature information,
the primary focus is on identifying, educating, and describing these root causes of vulnerabilities and
exposures so they can be avoided by developers, tested for, and managed by development teams as
well as consistently reported by security tools and services. This Rec. defines the use of CWE to provide
a mechanism for software security tools, services, knowledge bases and other capabilities to be used
Provides a framework for discovering cybersecurity information and the mechanism that enables this.
Discovery can be seen as a stage of cybersecurity information lifecycle adjacent to information
publishing and acquisition, which are integral and necessary stages for discovery. Thus the framework
covers how to publish cybersecurity information, obtain the candidate list, and acquire the needed
information. A discovery scheme may be implemented with arbitrary mechanisms so long as it complies
with the framework, and among these mechanisms are object identifier (OID)-based and Resource
Description Framework (RDF)-based discovery, which are also elaborated in this Rec.
Defines a security baseline against which network operators can assess their network and information
security status in terms of readiness and ability to collaborate with other entities (operators, users and
law enforcement authorities) to counteract information security threats. This supplement can be used by
network operators to provide meaningful criteria against which each network operator can be assessed if
required.
Network security is designed around a strong security framework, available tools, and standardized
protocols. In complex multi-vendor environments, standards-based security solutions can ensure
interoperability and operational efficiencies in realizing end-to-end security. Network providers depend
upon security information available to them to help plan, design, implement and maintain their networks
in order to meet the security objectives. Network operators depend upon key security information to
plan/design, implement and maintain secure networks to meet the organization’s business and technical
goals. Standards-based systematic methodology and guidelines identify and address critical security
challenges of network and information security.This Supplement establishes guidelines for implementing
system and network security with a focus on telecommunications networks, and provides security
guidelines for critical activities during the network life-cycle. These guidelines address four areas: (1)
technical security policy, (2) asset identification, (3) threats, vulnerabilities and mitigations, and (4)
security assessment. The guidelines and associated templates help in systematically addressing the
security of networks.
States that in order to deal effectively with spam, governments need to employ a variety of approaches,
including effective laws, technological tools, and consumer and business education. The document
reviews the international forums where the issue of spam is being addressed. As a case study, for
illustrative purposes, it provides some information about the way the U.S. has approached the spam
problem.
The security of the traditional public circuit-switched telephone network (PSTN) has been addressed
over many decades of operation. However, the same cannot be said for distributed public packet-
switched networks with multiple-service providers, such as the Internet and Next Generation Networks
(NGNs). Such networks use one common transport platform for control traffic and for user traffic which,
in addition to the possible anonymity of such traffic and the possibility of generating unidirectional traffic,
makes such networks vulnerable to misuse. All electronic services (e-services such as e-business, e-
commerce, e-health, e-government) are open to attack. This problem can be at least partly addressed
by improving confidence in the identity of users, network devices and service providers, so that they can
be authenticated, granted appropriate access, and audited. Because identity management provides
greater assurance and trust in user, service provider, and network device identities, it improves security
by reducing exposure to security risks. This aspect of cybersecurity is something that service providers
need to consider at a business and technical level, and that governments need to consider on a national
level as part of the national cybersecurity plan.
Provides practical solutions as best practices for countermeasures against botnet threats. These best
practices can be utilized for network operators to implement countermeasures against botnet threats.
The best practices are applicable to management, control and user activities to mitigate security
incidents caused by botnet.
Provides guidelines for end users for reducing malware in ICT networks, including propagation in end
user devices, applications, and external and portable devices. These guidelines can be implemented
manually or through automated techniques for cybersecurity information exchange described in [Rec.
ITU-T X.1500]. Malware is the general term for various types of software instances intended to or
exhibiting characteristics that harm or threaten computers or computer systems, and includes viruses,
worms, spyware, trojans, bots, etc. As malware has become more complex, the distinctions among
these types have tended to disappear. Indeed, malware types today may be polymorphic – that is, adapt
and evolve as they propagate. Incidents of malware infection and related damage are increasing
exponentially due in part to the proliferation of ICT end user devices and application software that are
autonomously connected to open network infrastructures worldwide. This damage can include excessive
network traffic, reduced available bandwidth, loss of sensitive data, lost end user device resources, and
loss of end user confidence. Malware has also become a major means of undertaking cybercrime, and
produced as part of criminal enterprise. As a result, malware constitutes a major threat to ICT networks
Provides an overview of traceback capabilities that may be useful in responding to network incidents
where some knowledge of the source(s) of those incidents is necessary for effective cybersecurity
responsive measures. It includes descriptions and usability considerations of traceback. Traceback may
assist in discovering ingress points, paths, partial paths or sources of problematic network events. This
information may aid service providers in mitigating such events. Note: Traceback as described in this
supplement may be in conflict with laws and regulation (e.g., secrecy of telecommunications or data
protection/privacy) in some countries or regions and therefore cannot be applied in those countries or
regions. Implementers and users of the described mechanisms shall comply with all applicable national
and regional laws, regulations and policies.
Provides a technical framework based on real-time blocking list (RBL) for countering Voice over Internet
Protocol (VoIP) spam, and consists of four functional entities: VoIP spam prevention system (VSPS),
VoIP spam prevention policy server (VSPPS), RBL central system for VoIP spam prevention (VSP-RBL),
and user reputation system (URS). Also it specifies the functionalities, procedures, and interfaces of
each functional entity for countering VoIP spam. It a) defines the functional architecture for countering
VoIP spam, b) defines the four functional entities: VSPS, VSPPS, VSP-RBL, and URS in the framework,
c) describes the procedures and interfaces associated with the functional entities. Compliance with all
relevant laws and regulations should be considered before adopting the anti-spam methods described in
this Supplement.
Describes the basic concept and characteristics of mobile messaging spam, and introduces and
analyses current technologies on countering mobile messaging spam. In addition, this Sup. proposes a
general implementation framework for countering mobile messaging spam. The relative activities in
different organizations are introduced in Appendix I.
Based on the framework set forth in Rec. ITU-T Y.140, this Rec. concentrates on one of the
interconnection scenarios relevant to Global Information Infrastructure (GII), the interconnection between
operators of public telecommunication networks (PTNOs) and service providers (SPs). After looking at
the situation before and during transition to a full implementation of the so-called enterprise model,
attributes of reference points for interconnection between PTNOs and SPs are dealt with in some detail.
Separate clauses treat the various aspects of these attributes, in particular, security, service interaction,
charging/billing, service availability, access to a network address and management. The content of this
Rec. should be seen as a guideline for consideration by involved parties when implementing the GII
concept within a Next Generation Network.
Presents an overview of the basic requirements, features, and concepts for emergency
telecommunications that evolving networks are capable of providing. The purpose of emergency
telecommunications is to facilitate emergency recovery operations with the goal for restoring the
community infrastructure and for returning the population to normal living conditions after serious
disasters. Responders need to assess the damage, coordinate rescue and medical assistance,
harmonize restoration endeavours, etc. For supporting this purpose, emergency telecommunications
may be provided through shared resources from the public telecommunications infrastructure that is
evolving from a basic circuit-switched to packet-switched networks with a variety of telecommunication
capabilities.
Rec. ITU-T G.8031/Y.1342 see Rec. ITU-T G.8031
Rec. ITU-T G.8032/Y.1344 see Rec. ITU-T G.8032
Provides terms, definitions, and abbreviations used in synchronous digital hierarchy (SDH) Recs.
Physical layer terminology, synchronization-related terminology, and terms applicable to multiple
technologies in addition to SDH are not included (however protection swithing is included). The goal of
this Rec is to be a single normative source for terms in this subject area.
Provides terms, definitions and abbreviations used in optical transport network (OTN) Recs. It contains a
list of the definitions and abbreviations introduced in Recs associated with optical transport networks,
and can be considered a companion Rec to Rec. ITU-T G.780/Y.1351 and Rec. ITU-T G.8081/Y.1353.
This Rec does not include terms specific to the physical layer or synchronization. The goal of this Recis
to be a single normative source for terms in this subject area.
document to Rec. ITU‑T G.780/Y.1351 and Rec.ITU ‑T G.870/Y.1352. The goal of this Recommendation
is to be a single normative source for terms in this subject area.
Provides definitions and abbreviations used in Ethernet frames over Transport (EoT).
document to Rec. ITU‑T G.780/Y.1351 and Rec.ITU ‑T G.870/Y.1352.. The goal of this Recommendation
is to be a single normative source for terms in this subject area.
Rec. ITU-T G.8131/ Y.1382 see Rec. ITU-T G.8131
Provides requirements and mechanisms for 1+1, 1:1, shared mesh, and packet 1+1 protection switching
functionality for the user-plane in MPLS networks. The mechanism defined herein is designed to support
end-to-end point-to-point LSPs. Protection switching functionality for multipoint-to-point and point-to-
multipoint LSP are for further study. The m:n protection switching is for further study. Hitless protection
switching is outside the scope of this Rec.
Specifies the high level requirements to support IPTV services. These include IPTV requirements for
service offering, network aspects, QoS and QoE, service and content protection, end system,
middleware and content. Security aspects, including service and content protection, are defined in the
form of architecture requirements, of architecture recommendations and of architecture options for IPTV
general security, for network security, for terminal device security and for subscriber security.
Describes the IPTV functional architecture intended to support IPTV services based on the IPTV service
requirements and definitions. Starting from a basic description of IPTV roles and services, a high level
IPTV functional model is outlined. This model is then developed into a set of functional architectures
which support NGN and non-NGN transport networks, as well as operation modes with or without IMS.
The main security aspects are content protection and security protection.
Is used as background information to assist the development of Rec.s, standards and of implementation
guidelines for the realization of Next Generation Networks.Considering new market realities [open
competition among operators due to deregulation of markets, explosion of digital traffic, due to the
increasing use of "the Internet", increasing demand for new multimedia services, increasing demand for
a general mobility, convergence of networks and services, etc.] the NGN (Next Generation Network) is
conceived as a concrete implementation of the GII (Global Information Infrastructure). Rec.s in the Y
series provide the foundation of the Next Generation Networks (NGN). However, implementation issues
were not adequately addressed in GII. As a consequence, the NGN should be understood as the further
step in the realization of GII concept. The target of NGN is to ensure that all elements required for
interoperability and network capabilities support applications globally across the NGN while maintaining
the concept of separation between transport, services and applications.
Describe the functional requirements and architecture of the next generation network (NGN), taking into
account the requirements and capabilities for ITU-T NGN as described in Rec. ITU-T Y.2201. The
functional architecture provided in this Rec. allows a clear distinction between the definition and
specification aspects of services provided by the NGN, and the actual specification of the network
technologies used to support those services. In line with Rec. ITU-T Y.2011 principles, an
implementation-independent approach is adopted.
Describes the network attachment control functions (NACF) component of the NGN functional
architecture as defined in Rec. ITU-T Y.2012, and also identifies relevant access scenarios related to the
NACF, and includes extensions to Rec. ITU-T Y.2014 (version 2008-05) to address the issues related to
multicast and mobility in support of IPTV service and mobility service, respectively, and includes the
reference points for the interactions with other NGN components (RACF, MMCF, and SCF) in order to
provide the network attachment functions for the fixed, nomadic and mobile terminal/user.
Describes functional requirements, functional architecture and functional entities of the NGN in order to
support applications and services using tag-based identification, is based on the capabilities defined in
Rec. ITU-T Y.2213 (based on Rec. ITU-T Y.2012).
Describes an architecture of mobility management and control functions (MMCFs) for the NGN transport
stratum. This architecture includes the definitions of the functional entities of MMCF and the scenarios
for interactions with the other NGN functional components: NACF, RACF, SCF and the access and core
transport functional blocks within the forwarding plane. This Rec. specifies the architecture and
functional requirements for the management of logical location information (as defined in Rec. ITU-T
Q.1707) and control of mobility in the NGN transport stratum. It addresses all types of device mobility
(defined in Rec. ITU-T Q.1706). It draws heavily from Rec. ITU-T Q.1707, Rec. ITU-T Q.1708, and Rec.
ITU-T Q.1709, but maps their content into the framework provided by Rec. ITU-T Y.2012. This Rec.
considers the types of mobility management described in Rec. ITU-T Q.1706. This Rec. is limited to
mobility of a single device, as opposed to the movement of sessions from one device to another (session
mobility). It is further limited, to support of IP-based mobility in the transport stratum [For the support of
mobility in the service stratum see Rec. ITU-T Q.1707]. This Rec. provides mechanisms to achieve
seamless mobility if network conditions permit, but does not provide any mechanism to deal with service
Describes the functional architecture of the open service environment (OSE) for NGN. The OSE
functional architecture is based on the capabilities described in Rec. ITU-T Y.2234 to enable enhanced
flexible service creation and provisioning.
Contains terms and definitions and a framework relevant to providing a general understanding of Next
Generation Networks and a guide for the development of NGN documents in the ITU. This Rec. is not
simply a compendium of terms and definitions. The primary purpose is to provide a context for the use of
certain terms and definitions to avoid misunderstandings in NGN activities. Thus, the definitions are
arranged in a specific order and certain necessary relationships are illustrated. Additionally, explanatory
notes are also included where deemed appropriate. This Rec. uses terms and definitions, which are
considered particularly suitable and applicable to NGN work and that have already been defined in
published ITU-T Rec.s. Section 10 defines terms for node-identification, in particular ID and locator
separation and mapping. Section 16 defines terms for identification (numbering, naming, addressing
etc.). Security is defined in Section 17, identity management in Section 18, authentication, authorization,
accounting (AAA) in Section 19.
Proposes three levels for admission control priority for services seeking entry into Next Generation
Networks. The admission control priority indicator is intended as a guidance in the development of
appropriate signalling protocol extensions, and in the development of the necessary priority enabling
mechanisms. According to Rec. ITU-T Y.1271, enhanced priority treatment is an essential requirement
for the assured capabilities needed for emergency telecommunications. A critical component of
enhanced priority treatment is admission control for telecommunications services seeking entry into a
network particularly during emergency conditions when network resources may be depleted.
Proposes three levels of restoration priority for services in Next Generation Networks. This indicator is
intended as a guidance for the development of appropriate signalling protocol extensions and the
restoration/re-route mechanisms. According to Rec. ITU-T Y.1271, enhanced priority treatment is an
essential requirement for the assured capabilities needed for emergency telecommunications. One
critical component is admission control and associated priorities as described in Rec. ITU-T Y.2171.
Another critical component is service restoration particularly during emergency conditions with potentially
reduced network bandwidth/resources. Under such conditions, emergency telecommunications
interrupted by network failures require preferential restoration treatment.
Specifies high-level requirements for the development of a set of ITU-T Rec.s which constitute NGN
release 1. The high-level requirements and related capabilities specified in this Rec. are aligned with the
general goals and objectives captured in Rec. ITU-T Y.2001 and are based on the objectives of NGN
release 1 identified in Y-Sup.1. NGN is required to provide at least one level of service that offers
capabilities that are the same or better than those provided by circuit-switched networks. It is recognized
that a specific realization of NGN may be constituted by a set (or superset) of services supported in NGN
release 1 and of capabilities as specified in this Rec. Administrations may require providers to take into
account national regulatory and national policy requirements in implementing this Rec.
Specifies technical considerations that can optionally be applied within the Next Generation Network
(NGN) to enable emergency telecommunications (ET). In addition, the Rec.also outlines the underlying
technical principles involved in supporting ET. It specifies requirements and capabilities for ET beyond
the ones specified in Rec. ITU-T Y.2201 in the context of NGN, as defined in Rec. ITU-T Y.2001 and
outlined in Rec. ITU-T Y.2011. Some requirements and capabilities for early warning are also specified.
Emergency telecommunications include: (a) individual-to-authority emergency telecommunications,
e.g., calls to emergency service providers; (b) authority-to-authority emergency telecommunications;
(c) authority-to-individual emergency telecommunications, e.g., community notification services
including support of some aspects of early warning; (d) individual-to-individual emergency
telecommunications.
Describes high-level service requirements and NGN capability requirements needed to support
applications and services using tag-based identification. Several examples of applications and services
using tag-based identification are also described with scenarios. The scope of this Rec. is limited to
applications and services using tag-based identification and they are distinguished by the following three
mandatory elements: ID tag, ID terminal and identifier.
Provides a description and general characteristics of ubiquitous sensor network (USN) and USN
applications and services. It also analyses the service requirements of USN applications and services,
and specifies the extended or new NGN capability requirements based on the service requirements.
These requirements include Security (see §.7.8, 8.2.6 10, and §6 in appendix II), Identification,
authentication and authorization (see §.7.9 and 8.2.7), and Privacy (see §.7.10 and 8.2.7).
Provides security requirements for Next Generation Networks (NGNs) and its interfaces (e.g., UNIs,
NNIs and ANIs) by applying Rec. ITU-T X.805, Security architecture for systems providing end-to-end
communications to Rec. ITU-T Y.2201, NGN release 1 requirements and Rec. ITU-T Y.2012, Functional
requirements and architecture of the NGN. The requirements are to provide network-based security of
end user communications across multiple-network administrative domains. Security of customer assets
and information in the customer domain (e.g., user network), and the use of peer-to-peer application
capabilities on customer equipment are not within the scope of this Rec. This Rec. uses trust model
based on network elements (physical boxes). NGN providers will be deploying network elements that
support the functional entities defined in Rec. ITU-T Y.2012. The bundling of these functional entities to a
given network element will vary, depending on the vendor. Therefore, this Rec. will not attempt to show a
strict and fixed bundling between logical functional entities and physical network elements. The
requirements in this Rec. should be treated as a minimum set of security requirements, and NGN
providers are encouraged to take additional measures beyond those specified in Recommendations for
NGN security.
Provides authentication and authorization requirements for Next Generation Network (NGN) based on
Rec. ITU-T Y.2012: Functional requirements and architecture of the NGN release 1, and includes
requirements for one-way and mutual authentication and authorization across the user-to-network
Interface (UNI), the network-to-network interface (NNI) and the application-to-network interface (ANI) as
well as any entities internally with a network that may require authentication and authorization. This
scope includes: 1. Authentication and authorization of user for network access (e.g., authentication and
authoriza¬tion of an end user device, a home network gateway, or an enterprise gateway to obtain
access or attachment to the network; 2. Service provider authentication and authorization of user for
access to service/application (e.g., authentication and authori¬zation of an user, a device or a combined
user/device where the authentication and authorization apply to NGN service/ application access); 3.
User authentication and authorization of Network (e.g., user authenticating the identity of the connected
NGN network or of the service provider); 4 User peer-to-peer authentication and authorization (e.g.,
authentication and authorization of the called user (or terminating entity), authentication and
authorization of the originating entity, or data origin authentication as network functions); 5. Mutual
network authentication and authorization (e.g., authentication and authorization across NNI interface at
the transport level, or service/application level); 6. Authentication and authorization of
service/application provider; 7. Use of 3rd party authentication and authorization service.; 8.
Authentication of objects (e.g., application process, message content and data content identifiers).
NOTE: NGN authentication and authorization is viewed as part of the broader topic of NGN identity
management (IdM). Specifically, the authentication and authorization functions and capabilities
described in this Recommendation should be used to support identity assurance capabilities for NGN
IdM.
Describes an application for authentication, authorization and accounting (AAA) for Next Generation
Networks (NGNs) based on Rec. ITU-T Y.2201 - NGN Release 1 Requirements, Rec. ITU-T Y.2012 -
Functional Requirements and Architecture of the NGN Release 1 (FRA), Rec. ITU-T Y.2701 - Security
Requirements for NGN Release 1 and Rec. ITU-T Y.2702 - NGN Authentication. This Rec. applies to the
authentication, authorization and accounting(AAA) process in accessing an NGN using the AAA client
and AAA server. In particular, this Rec. addresses the accounting function only from the standpoint of its
contribution to security accounting.
Describes some security mechanisms that can be used to fulfil the requirements described in Rec ITU-T
Y.2701 and specifies the suite of options for each selected mechanism. Specifically, this Rec. describes
identification, authentication and authorization mechanisms; then it discusses transport security for
signalling and OAMP, and media security. It then describes audit-trail-related mechanisms and finally
describes the provisioning. The security mechanisms described in this Rec. are based on use of the trust
model defined in Rec. ITU-T Y.2701. The list of security mechanisms described in this Rec. is not
exhaustive.NGN providers are encouraged to support additional security tools, capabilities and
operational measures as needed beyond the mechanisms specified in this Rec. for NGN security
protection.
Provides a framework for Identity Management (IdM) in Next Generation Networks (NGN). The primary
purpose of this framework is to describe a structured approach for designing, defining, and implementing
IdM solutions and for facilitating interoperability in a heterogeneous environment. The management of
entity identity information (e.g., identifiers, credentials and attributes) is not new. However, as we move
towards a converged network environment where services are based on contexts and roles and may be
accessed anywhere, anytime, the assurance, security and management of identity information becomes
more complex. Additionally, there may be different and independent solutions resulting in the need for
interoperability. Therefore new, enhanced, automated and interoperable capabilities are needed for the
following reasons: a) end users are increasingly using multiple identities, b) these identities may be
associated with different contexts and service privileges, c) the identities may only partially identify the
end user, d) the identities may be used anywhere and at anytime, and e) the identities may not be
interoperable between providers. IdM addresses this situation, and is a set of functions and
capabilities (e.g. administration, management and maintenance, discovery, communication exchanges,
correlation and binding, policy enforcement, authentication and assertions) used for: a) assurance of
identity information (e.g., identifiers, credentials, attributes), b) assurance of the identity of an entity
(e.g., users/subscribers, groups, user devices, organizations, network and service providers, network
elements and objects, and virtual objects), and c) enabling business and security applications. This
framework is intended to be used as a foundation to develop and specify specific aspects of IdM, such
as detailed requirements, mechanisms and procedures, as needed. It also provides a clear and coherent
overview of the totality of IdM in NGNs. The framework provided in this Rec. is intended for NGN (i.e.,
managed packet networks) as defined in Rec. ITU-T Y.2001, General Overview of NGN. However, it
could be applied as appropriate to other types of networks (e.g., corporate and enterprise networks).
Provides Identity Management (IdM) example use cases and requirements for the Next Generation
Network (NGN) and its interfaces. IdM functions and capabilities are used to increase confidence in
identity information and support and enhance business and security applications including identity-based
services. The requirements provided in this Rec. are intended for NGN (i.e., managed packet networks)
as defined in ITU-T Rec. Y.2001. The objectives and requirements in this Rec. are based on the IdM
framework provided in ITU-T Rec. Y.2720 and an analysis of use case examples relevant to NGN. The
example use cases are informative and are documented in the Appendices of this Rec.
Describes the specific IdM mechanisms and suites of options that should be used to meet the
requirements specified in Rec. ITU-T Y.2721. In addition, it provides best practices and guidelines to
support interoperability and other needs.
Within the last few years, a great variety of remote payment networks using mobile networks have been
established. While implementing different approaches, quite often they lack of security. At the same time
communication networks, including mobile networks, yield substantial changes undergoing transition to
the next generation networks (NGN). This Rec. elaborates approaches to develop system security for
mobile commerce and mobile banking in the next generation networks (NGN). It describes security risks
associated with remote mobile financial transactions supported by the next generation network (NGN)
application services and the risk mitigation and counter measures based on four security levels. This
Rec. also specifies the minimum requirements for protecting the privacy of an individual's personal data
regarding remote mobile financial transactions.
Specifies the general architecture of a security solution for mobile commerce and mobile banking in the
context of NGN, i.e. defines the security architecture pertaining to remote mobile financial transactions
for NGN. . It describes the key participants, their roles, and the operational scenarios of the mobile
commerce and mobile banking systems. It also provides examples of the implementation models of
mobile commerce and mobile banking systems. Its scope excludes all other financial transactions, as
well as transactions that use monetary or non-monetary tokens for transfer of value. By organizing a
wide range of services with a flexible management and personalization functions, NGN can provide
convenient access to Mobile Payment System (MPS) services.
Specifies the mobility security framework in NGN transport stratum; considers the security requirements
in Rec. ITU-T Y. 2018; includes authentication and key management, security context establishment, IP
mobility security, security of mobility management, control and transport in the transport stratum; and
also addresses the scenarios including intra- and inter-technology mobility, intra- and inter-domain
mobility as well as addresses the security requirements, security mechanisms and procedures for
mobility management and control in NGN.
Rec. ITU-T Y.2801/Q.1706 describes the requirements for mobility management (MM) for Next
Generation Networks (NGN). For this purpose, describes the considerations for mobility management in
the NGN, classifies the types of mobility management for NGN environment, and identifies a set of the
MM requirements for NGN.
Describes objectives and design goals for Future Networks (FNs). In order to differentiate FNs from
existing networks, four objectives were identified, which are service-, data-, environment-, and social and
economic awareness. In order to realize the objectives, twelve design goals were identified, which are
service diversity, functional flexibility, virtualization of resources, data access, energy consumption,
service universalization, economic incentives, network management, mobility, optimization, identification,
reliability and security. This Rec. assumes that the target timeframe for FNs fall approximately between
2015 and 2020. In the appendix, this Rec. describes technologies elaborated in recent research efforts
that are likely to be used as an enabling technology of each design goal.
Question
Q.3/2
Q.3/2
Q.5/2
Q.3/17
Q.15/17
Q.15/17
Q.25/16
Q.22/16
SG2
Q.9/15
Q.9/15
Q.9/15
Q.9/15
Q.9/15
Q.9/15
Q.9/15
Q.9/15
Q.6/15
Q.3/15
Q.9/15
Q.9/15
Q.3/15
Q.3/15
Q.9/15
Q.9/15
Q.2/16
Q.1/16
Q.1/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.3/16
Q.3/16
Q.2/16
Q.2/16
Q.4/16
Q.4/16
Q.4/16
Q.4/16
Q.4/16
Q.4/16
Q.4/16
Q.4/16
Q.2/16
Q.2/16
Q.2/16
Q.2/16
Q.29/16
Q.29/16
Q.29/16
Q.2/16
Q.3/16
Q.1/9
Q.3/9
Q.3/9
Q.3/9
Q.3/9
Q.7/9
Q.7/9
Q.8/9
Q.8/9
Q.9/9
Q.9/9
Q.9/9
Q.8/9
Q.8/9
Q.8/9
Q.8/9
Q.8/9
Q.3/9
Q.15/5
Q.19/15
Q.11/2
Q.11/2
Q.11/2
Q.11/2
Q.11/2
Q.11/2
Q.9/2
Q.11/2
Q.11/2
Q.11/2
Q.11/2
Q.11/2
Q.11/2
SG11
Q.3/11
Q.3/11
Q.3/11
Q.3/11
Q.3/11
Q.11/2
Q.11/2
Q.11/2
Q.9/2
Q.9/2
Q.9/2
Q.11/2
Q.10/2
Q.10/2
SG11
Q.6/13
Q.6/13
Q.6/13
Q.8/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.10/13
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.13/11
Q.7/11
Q.7/11
Q.13/11
SG13
Q.13/11
Q.2/11
Q.3/11
Q.7/11
Q.14/16
Q.14/16
Q.14/16
Q.14/16
Q.14/16
Q.1/16
Q.13/16
Q.14/16
Q.14/16
Q.14/16
SG16
Q.6/16
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.12/13
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.15/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.11/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.12/17
Q.11/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.9/2
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.12/17
Q.13/17
Q.13/17
Q.13/17
Q.13/17
Q.13/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.2/17
Q.3/17
Q.3/17
Q.3/17
Q.3/17
Q.3/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.9/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.7/17
Q.7/17
Q.7/17
Q.7/17
Q.7/17
Q.7/17
Q.7/17
Q.7/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.6/17
Q.4/17
Q.4/17
Q.4/17
Q.4/17
Q.5/17
Q.5/17
Q.5/17
Q.5/17
Q.5/17
Q.5/17
Q.5/17
Q.10/17
Q.10/17
Q.10/17
Q.10/17
Q.10/17
Q.4/17
Q.6/17
Q.6/17
Q.4/17
Q.4/17
Q.4/17
Q.4/17
Q.4/17
Q.4/17
Q.2/17
Q.2/17
Q.5/17
Q.10/17
Q.4/17
Q.4/17
Q.4/17
Q.5/17
Q.5/17
SG13
Q.5/13
Q.9/15
Q.9/15
Q.9/15
Q.9/15
Q.3/15
Q.3/15
Q.3/15
Q.9/15
Q.9/15
Q.3/13
Q.3/13
Q.5/13
Q.5/13
Q.5/13
Q.5/13
Q.5/13
Q.5/13
Q.25/13
Q.5/13
Q.5/13
Q.3/13
Q.5/13
Q.3/13
Q.3/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.16/13
Q.8/13
Q.21/13

Rec Date Temp Title E.106

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Rec Date Temp Title E.106

Încărcat de

Drepturi de autor:

Formate disponibile

Rec Date Temp Title

E.106 (2003-10) E.ieps International Emergency

E.107 (2007-02) E.ETS Emergency

E.408 (2004-05) Telecommunication networks

E.409 (2004-05) Incident Organization and

F.400/ (1999-06) Message Handling System and

F.744 (2009-12) F.USN-MW (Audiovisual services) Service

F.771 (2008-08) Service description and

G.780/ (2010-07) Terms and definitions for

G.808.1 (2010-02) G.gps.1 Generic protection switching –

G.827 (2003-09) I.35x Availability performance

G.842 (1997-04) G.SHR-2 Interworking of SDH network

G.870/ (2012-02) G.termOTN, Terms and definitions for

G.873.1 (2011-07) G.otnprot.1 Optical Transport Network

G.873.2 (2012-04) G.otnprot.2 ODUk Shared Ring Protection

G.911 (1997-04) Parameters and calculation

G.8001/ (2012-06) G.vcoeth Terms and definitions for

G.8031/ (2011-06) Y.17ethps Ethernet linear protection

G.8032/ (2012-02) Ethernet ring protection

G.8081/ (2012-02) G.termASON Terms and definitions for

G.8101/ (2010-07) Terms and definitions for MPLS

G.Sup51 (2012-05) Passive optical network (PON)

H.225.0 (2009-12) Call signalling protocols and

H.233 (2002-11) Confidentiality system for

H.234 (2002-11) Encryption key management

H.235.1 (2005-09) H.323 security: Baseline

H.235.2 (2005-09) H.323 security: Signature

H.235.4 (2005-09) H.323 security: Direct and

H.235.5 (2005-09) H.323 security: Framework for

H.235.7 (2005-09) H.323 security: Usage of the

H.235.8 (2005-09) H.323 security: Key exchange

H.245 (2011-05) Control protocol for multimedia

H.248.77 (2010-09) H.248.SRTP Gateway control protocol:

H.248.81 (2011-05) H.248.ETS Gateway Control Protocol:

H.323 (2009-12) Packet-based multimedia

H.350 (2011-05) Directory services architecture

H.350.1 (2011-05) Directory services architecture

H.350.5 (2011-05) Directory services architecture

H.350.6 (2011-05) Directory services architecture

H.350.7 (2007-01) Directory services architecture

H.460.18 (2005-09) Traversal of H.323 signalling

H.460.19 (2005-09) Traversal of H.323 media

H.510 (2002-03) Mobility for H.323 multimedia

H.530 (2002-03) H.235 Annex G Symmetric security procedures

H.621 (2008-08) Architecture of a system for

H.Sup 9 (2008-05) Gateway control protocol:

J.89 (1999-09) J.mpp Transport Mechanism for

J.91 (1994-08) Technical methods for ensuring

J.93 (1998-03) J.ca Requirements for conditional

J.96 (2002-07) J.encryp Technical Method for Ensuring

J.125 (2007-12) J.bpi Link privacy for cable modem

J.160 (2005-11) J.arch Architectural framework for the

J.170 (2005-11) J.sec IPCablecom security

J.190 (2007-07) J.hna Architecture of MediaHomeNet

J.197 (2005-11) J.drm High level requirements for a

J.366.7 (2010-08) J.ims.7 IPCablecom2 Access Security

J.366.8 (2006-11) J.ims.8 IPCablecom2 IP Multimedia

K.87 (2011-11) K.sec Guide for the application of

L.20 (1996-10) L.fsc Creation of a fire security code

M.3010 (2000-02) Principles for a

M.3016.0 (2005-05) Security for the management

M.3016.3 (2005-04) Security for the management

M.3016.4 (2005-04) Security for the management