on 2009 activity of the Technical Committee on Standardization of "Information and Communications Technology
In 2009, Technical Committee on Standardization of "Information and Communications Technology (TC 05) continued its activity for the development of national ITC standards in conformity with international and regional standards, and for raising their efficiency.
As consistent with the Work plan accepted for 2009, activity in the field of the development of national information security standard is implemented. New draft national standards were worked out on the basis of the standards ISO x.509 and ISO/IEC 15408-2008 consisting of 3 parts, confirmed by appropriate organizations and applied after registration by the State Committee for Standardization, Metrology and Patent.
1. AZS 325-2008. Information technology -- Open Systems Interconnection -- The Directory: Public-key and attribute certificate frameworks
2. Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1:
3. AZS 356.2-2009. Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2
4. AZS 356.3-2009 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3
Published in form of a book, each of these standards is presented to SCSMP, related state organizations and TC 05 member organizations. It should be mentioned that, Azerbaijani national standard on information security AZS 324-2008 (ISO/IEC27002-2005) is developed by TC 05 and it is efficient as of January 2009.
With the view of extending national standards package, on the basis of 2009 work plan, the following four international security standards are identically translated and their conformity is checked by experts:
1. ISO/IEC 27001-2005. Information technology -- Security techniques -- Information security management systems
2. ISO/IEC 27005-2007. Information technology -- Security techniques -- Information security risks management systems
3. ISO/IEC TR 18044-2007. Information technology -- Security techniques -- Information security incident management
4. ISO/IEC 11770-1-2007 Information technology -- Security techniques -- Key management -- Part 1
At present comments received from related organizations on these standards are under consideration. After adoption in TC 05 standards shall be submitted to SCSMP for state registration.
At the same time for the purpose of forming a single terminology base in the field of information technology, on the basis of 6 important parts of 36 part ISO/IEC 2382 standard on IT terminology, draft national terminology standards are developed:
1. ISO/IEC 2382-1:1993. Information technology -- Vocabulary -- Part 1: Fundamental terms
2. ISO/IEC 2382-8:1998. Information technology -- Vocabulary -- Part 8: Security
3. ISO/IEC 2382-9:1995Information technology -- Vocabulary -- Part 9: Data communication
4. ISO/IEC 2382-17:1999. Information technology -- Vocabulary -- Part 17: Databases
5. ISO/IEC 2382-25:1992 Information technology -- Vocabulary -- Part 25: Local area networks
6. ISO/IEC 2382-27:1994 Information technology -- Vocabulary -- Part 27: Office automation
These standards were considered by related organizations. At present received comments are under examination.
Entry into force of the above-mentioned 4 security standards is to be an important contribution to the works for the establishment of CERT national centre, application of electronic signatures, provision of information security in different information systems. And national terminology standards will be used in the preparation of textbooks and dictionaries, as well as in translation of standards and classifications related to the field. During the reporting period, works for the update of TC website (www.tk05.org.az) were carried out. At present the works are on the point of finalization and materials about relevant divisions are being published on the website.
For information it should be mentioned that, 2010 work plan of TC 05 is accepted. According to the plan, the works for the development of security standards and national IT terminology is to continue this year as well. At the same time it is planned to take measures for the adjustment of TC 05 activity to the requirements of the standard AZS 1.1-2009 "Technical committees on standardization. Guidelines of creation and actions". Being in conformity with this standard, TC 05 activity will enable its representation in ISO JTC 1 Technical Committee on information technology, commenting on international standards and participation in the voting.
on 2008 activity of the Technical Committee on Standardization of "Information and Communications Technology
Committee on Standardization of "Information and Communications Technology" (TC 05) is established by the Ministry of Communication and Information Technology of the Republic of Azerbaijan (CITM) and the State Committee for Standardization Metrology and Patent of the Republic of Azerbaijan (SCSMP) with view of preparing suggestions for the development and review of draft national standards of the Republic of Azerbaijan in the field ICT, their adjustment to the requirements of international standards, forming single scientific and technical policy on the standardization of the field, and application of international standards in the country. Information Computing Centre of CITM is defined as the back-up organization of TC 05. Seven meetings of TC 05 were held and the structure, statute, member organizations and their representatives are approved during half a year. TC includes leading state, private, scientific and educational enterprises as well as Ministry of National Security, Baku State University, Azerbaijan State Oil Academy, Azerbaijan Technical University, Information Technology and Cybernetics Institute of Azerbaijan National Academy of Sciences, "Sinam", "Ultra" "R.I.S.K." and "Microsoft Azerbaijan" companies. After finalization of the works related to the organization of TC 05 activity, work plan intended till the end of 2008 was adopted. According to the plan, draft national standards were developed and negotiated accordingly by TC 05 on the basis of 3 international standards on information security (ISO/IEC 27002-2005, x.509 and ISO/IEC 15408 (all three parts). One of them, international standard ISO/IEC 27002-2005 was registered by SCSMP as national standard of the Republic of Azerbaijan under the number AZS 324-2008 and applied as of 01.01.2009. At present relevant measures are being taken for the state registration of the remaining two standards. For information it should be mentioned that, 2009 work plan of TC 05 is approved. 4 standards are included into the plan in order to extend the package of standards on information security. These standards will be necessary for the application of electronic signatures, establishment of "CERT" national centre, risk management etc. 6 important parts of 36 part standard on IT terminology ISO/IEC 2382 is included into the work plan to be used in the translation of standards. Test- version of TC 05 website (www.tk05.org.az) is prepared as well. Information about the structure, composition, members and activity directions of the Committee is in the process of publication on the website.