CEN ISO/TS 19299:2015

Electronic fee collection - Security framework (ISO/TS 19299:2015)

Publication date:   Nov 16, 2015

General information

99.60 Withdrawal effective   Sep 9, 2020

CEN

CEN/TC 278 Intelligent transport systems

Technical Specification

03.220.20   Road transport | 35.240.60   IT applications in transport

Buying

  Withdrawn

PDF - €152.15

  English  



Buy

Scope

The overall scope of ISO/TS 19299:2015 is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them, based on the system architecture defined in ISO 17573. The security framework describes a set of requirements and associated security measures for stakeholders to implement and thus ensure a secure operation of their part of an EFC system as required for a trustworthy environment according to its security policy.
The scope of ISO/TS 19299:2015 comprises the following:
definition of a trust model;
Basic assumptions and principles for establishing trust between the stakeholders.
security requirements;
security measures - countermeasures;
Security requirements to support actual EFC system implementations.
security specifications for interface implementation;
These specifications represent an add-on for security to the corresponding standards.
key management;
Covering the (initial) setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.
security profiles;
implementation conformance statement provides a checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to ISO/TS 19299:2015;
general information security objectives of the stakeholders which provide a basic motivation for the security requirements;
threat analysis on the EFC system model and its assets using two different complementary methods, an attack-based analysis, and an asset-based analysis;
security policy examples;
recommendations for privacy-focused implementation;
proposal for end-entity certificates.

Related legislation

Legislation related to this standard

2004/52/EC

Directive 2004/52/EC of the European Parliament and of the Council of 29 April 2004 on the interoperability of electronic road toll systems in the Community (Text with EEA relevance)

Life cycle

PREVIOUSLY

WITHDRAWN
CEN/TS 16439:2013

NOW

WITHDRAWN
CEN ISO/TS 19299:2015
99.60 Withdrawal effective
Sep 9, 2020

REVISED BY

PUBLISHED
EN ISO 19299:2020