1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 24760-2-2015

ISO IEC 24760-2-2015 PDF

St ISO IEC 24760-2-2015

Name in English:
St ISO IEC 24760-2-2015

Name in Russian:
Ст ISO IEC 24760-2-2015

Description in English:

Original standard ISO IEC 24760-2-2015 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 24760-2-2015 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25835
Choose Document Language:
€25

Full title and description

Information technology — Security techniques — A framework for identity management — Part 2: Reference architecture and requirements (ISO/IEC 24760-2:2015). This part provides a reference architecture and specifies requirements and guidelines for implementing and operating a framework for the management of identity information in information systems.

Abstract

ISO/IEC 24760-2:2015 defines a reference architecture and system-level requirements for identity management. It provides guidance for the implementation of systems that process identity information and sets requirements for implementing and operating an identity management framework. The standard is applicable to any information system where identity-related information is created, processed, stored or exchanged and addresses concepts such as identifiers, attributes, roles, lifecycle management, privacy and interoperability.

General information

  • Status: Withdrawn (replaced by ISO/IEC 24760-2:2025).
  • Publication date: June 2015 (published as Edition 1).
  • Publisher: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), prepared by JTC 1/SC 27.
  • ICS / categories: 35.030 (Information technology — Security techniques).
  • Edition / version: Edition 1 (2015).
  • Number of pages: 47 pages.

Scope

This part of ISO/IEC 24760 provides guidelines and specifies requirements for the implementation and operation of an identity management framework. It is intended to be horizontal (sector‑agnostic) and applies to any information system in which identity information (identifiers, attributes, credentials, relationship data) is processed, stored or exchanged. The scope covers architectural components, functional roles, data flows, lifecycle concerns and privacy considerations necessary to design, assess or operate identity management systems.

Key topics and requirements

  • Reference architecture for identity management components and interactions (actors, repositories, brokers, authorities).
  • Definitions and distinctions between identity, identifier, attribute, credential and principal.
  • Functional and system-level requirements for implementing an identity management framework.
  • Identity lifecycle management (creation, maintenance, linkage, resolution, retirement).
  • Privacy and data protection considerations for identity information handling.
  • Authentication, authorization and assurance-level guidance to support identity-based decisions.
  • Interoperability and federation considerations between identity domains and systems.
  • Roles and responsibilities (identity providers, relying parties, attribute authorities, registries).
  • Security controls and risk-based requirements for protecting identity data.

Typical use and users

Intended users include identity and access management architects, security architects, system integrators, IT security managers, privacy officers, standards developers and auditors. Typical uses are designing or evaluating identity management solutions, defining organizational identity frameworks, aligning deployments with common terminology and reference architecture, and supporting procurement or compliance assessments.

Related standards

ISO/IEC 24760-1 (core concepts and terminology) and ISO/IEC 24760-3 (practice) form the companion parts of the 24760 series. Other closely related standards and frameworks include ISO/IEC 29100 (privacy framework), ISO/IEC 29115 (entity authentication assurance), ISO/IEC 29146 (identity management governance), and national guidance such as NIST identity and authentication guidance. Implementers commonly use these documents together to cover terminology, architecture, assurance and operational practices.

Keywords

identity management, identity framework, reference architecture, identifier, attribute, lifecycle management, privacy, authentication, authorization, identity assurance, federation, IAM.

FAQ

Q: What is this standard?

A: ISO/IEC 24760-2:2015 is Part 2 of a multi-part international standard that provides a reference architecture and specifies requirements for implementing and operating an identity management framework.

Q: What does it cover?

A: It covers architectural components, functional roles, data and lifecycle management of identity information, privacy considerations, interoperability and system-level requirements for identity management systems.

Q: Who typically uses it?

A: Identity and access management architects, security and privacy officers, system integrators, auditors and standards developers use it to design, assess and align identity management solutions.

Q: Is it current or superseded?

A: The 2015 edition (ISO/IEC 24760-2:2015) has been withdrawn and subsequently superseded by a later edition (ISO/IEC 24760-2 published in 2025). Users should reference the most recent edition for current requirements and guidance.

Q: Is it part of a series?

A: Yes — it is Part 2 of the ISO/IEC 24760 series. Part 1 covers terminology and core concepts and Part 3 covers practice; together they provide a complete framework for identity management.

Q: What are the key keywords?

A: Identity management, reference architecture, identifier, attribute, lifecycle, privacy, IAM, assurance, federation.