ISO IEC 20648:2016 pdf free
ISO IEC 20648:2016 pdf free.Information technology一TLS specification for storage systems
This specification details the requirements for use of the Transport Layer Security (TLS) protocol in conjunction with data storage technologies. The requirements set out in this specification are intended to facilitate secure interoperability of storage clients and servers as well as non-storage technologies that may have similar interoperability needs.
This specification is relevant to anyone involved in owning, operating or using data storage devices.
This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security and/or storage security, storage operation, or who are responsible for an organization’s overall security program and security policy development. It is also relevant to anyone involved in the planning, design and implementation of the architectural aspects of storage security.
Data storage systems and infrastructure increasingly use technologies such as protocols over TCP/IP to manage the systems and data as well as to access the data. In many situations, the historical reliance on isolated connectivity, specialized technologies, and the physical security of data centers are not sufficient to protect data, especially when the data is considered sensitive and/or high value. Thus,there is a need to include security at the transport layer and at the same time, ensure interoperability.
The Transport Layer Security (TLS) and its predecessor, the Security Socket Layer (SSL), have been used successfully to protect a wide range of communications over TCP/IP. Recognizing this fact, the storage industry has mandated the use of TLS/SSL in conjunction with the Hypertext Transfer Protocol (HTTP) for multiple specifications (see 5.2). Unfortunately, these storage specifications tend to be lengthy and complex, resulting in long development cycles that don’t allow for rapid requirements changes due to security vulnerabilities or new attacks.
The objectives for this specification are to:
一Specify the TLS elements necessary to secure storage management and data access
一Facilitate timely updates and enhancements to the security for the storage specifications
一Ensure storage clients and systems can interoperate securely
一Support non-storage technologies that may have similar TLS interoperability needs.ISO IEC 20648 pdf download.