Navigate to content

Opportunity to participate in Cyber Security Standards Development

The INCITS/Cyber Security Technical Committee represents the US in the development of International Standards within ISO/IEC JTC 1/Subcommittee 27 (SC 27) Information security, cybersecurity, and privacy protection as well as all SC 27 Working Groups.   In general, work in the US coincides closely with that of SC 27 and encompasses generic methods, techniques and guidelines to address both security and privacy aspects, such as:

  1. Security requirements capture methodology;
  2. Management of information and ICT security; in particular information security management system (ISMS) standards, security processes, security controls and services;
  3. Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information
  4. Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  5. Security aspects of identity management, biometrics and privacy;
  6. Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
  7. Security evaluation criteria and methodology.

Now is a great opportunity to join the committee whose member organizations are from the US industry, government, and academia. See what is under development and understand what it means to your organization. Collaborate with your peers both here in the US as well as in the international arena to address security and privacy concerns and issues. Champion and lead new standards that address current and future security and privacy needs. There are currently about 200 published standards and over 85 projects under development that include:

  1. Revision of ISO/IEC 27002 which is a signature standard in the ISO/IEC 27000 family that gives guidelines for organizational information security standards and information security management practices as well as exploring machine readable versions of the standard
  2. New cryptographic standards to address fully Homomorphic encryption, format preserving encryption, and quantum-resilient algorithms
  3. Revision of the multi-part ISO/IEC 27036 supply chain security standard
  4. Exploring the use of the new ISO/IEC 15408 (Common Criteria for Information Technology Security Evaluation) with complex systems as well as with cloud computing
  5. Security and privacy standards for IoT
  6. New privacy guidelines for fintech services
  7. Exploring the impact of artificial intelligence (AI) on security and privacy

INCITS/Cyber Security meetings are typically held no more than once a month with virtual access as an option. Participation can range from simple monitoring of the activities to full technical engagement with contributions and comments on draft standards. In the case of the latter, standing ad hoc groups have been established to facilitate technical dialogue and collaboration. In addition, all members are eligible to attend the SC 27 international meetings.

To learn more about membership in INCITS/CS1, visit or contact Lynn Barra at