This Technical Committee was established on 14.02.2002 and covers the development of standards for strengthening the interoperability and security of personal identification and related devices, systems, operations and personal privacy in a multi-sectoral environment. It covers:
- Operations such as applications and services such as electronic identification, electronic signature, payment and charging, access and border control;
- Personal devices with secure elements, regardless of their form factor, such as cards, mobile devices and their respective interfaces;
- Security services including authentication, confidentiality, integrity, biometrics, protection of personal and sensitive data;
- System components such as receiving devices, servers, cryptographic modules;
The multi-sector environment of this Technical Community includes sectors such as Government/Citizen, Transport, Banking, eHealth, as well as Consumers and supply-side providers such as card manufacturers, security technology, conformity assessment bodies, software manufacturers .
Standardization of data carriers for the identification and automatic capture of data, of the architecture of the data element, therefore of the necessary test specifications and of the technical features for the harmonization of cross-sectoral applications. Establishing an appropriate system of registration authorities and tools to ensure the necessary maintenance of standards.
Standardization in the field of Health Information and Communication Technology (ICT) to achieve compatibility and interoperability between independent systems and to enable modularity. This includes requirements for health information structure to support clinical and administrative procedures, technical methods to support interoperable systems as well as requirements regarding safety, security and quality.
Developing cybersecurity and data protection standards that cover all aspects of the evolving information society, including but not limited to:
- Management systems, frameworks, methodologies
- Data protection and privacy
- Service and product evaluation standards suitable for security evaluation for large companies and small and medium-sized enterprises (SMEs)
- Competency requirements for cyber security and data protection
- Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices
Included in the scope is the identification and possible adoption of documents already published or under development by ISO/IEC JTC 1 and other SDOs and international bodies such as ISO, IEC, ITU-T and industry forums. Where not developed by other SDOs, the development of CEN/CENELEC cybersecurity and data protection publications for information storage such as organizational frameworks, management systems, techniques, guidelines and products and services, including those in support of the Market Unique EU Digital.