1

Scope

1.1

General ISO/IEC ISP 10608 is applicable to End Systems concerned with operating in the Open Systems Interconnection (OSI) environment. It specifies a combination of OSI standards which collectively provide the connection-mode Transport Service using the connection-mode Network Service.

ISO/IEC ISP 10608-5 specifies subnetwork type dependent requirements for end system operation when the end system is attached to an X.25 packet switched data network by a dedicated (permanent) access line and using virtual calls.

This part of ISO/IEC 10608 specifies the profile requirements for th e provision of security services using cryptographic techniques with Network Layer Security Protocol connection-mode and SDT-PDU based protection for use with X.25 packet switched data networks as specified in ISO/IEC 10608-5.

1.2 Position within the Taxonomy The taxonomy of profiles is specified in ISO/IEC TR 10000-2. This part of ISO/IEC ISP 10608 supports security services for TA1111 and TA1121 profiles as specified in ISO/IEC ISP 10608-5.

Note: ISO/IEC TR 10000 currently does not identify security sub- profiles. Profiles based on this part of ISO/IEC ISP 10608 may be referred to as TA11n1S2, or TA11n1S2C if confidentiality is selected.

1.4 Security Services The following security services are within the scope of this part of ISO/IEC ISP 10608:

a) Peer entity authentication b) Connection integrity without recovery (including replay protection) c) Access control using security labels Note: Where label based access control is not enforced by a system a null label may be employed. d) Connection confidentiality (optional) e) Traffic flow confidentiality (optional)

1.5 Security Mechanisms This part of ISO/IEC ISP 10608 provides no assurance as to the strength of the security mechanisms employed.

This part of ISO/IEC ISP 10608 does not specify the cryptographic algorithms to be employed.