Security Standards
-
X/Open Single Sign-On Service (XSSO) - Pluggable Authentication
XSSO-PAM provides a standard interface between applications and sign-on systems so that whatever the underlying technology of the application's authentication technology, they will plug-and-play with a 'coordinating primary' single sign-on system.Learn More -
Authorization (AZN) API
A generally accepted definition of authorization is the granting of access rights to a subject (for example, a user or a program).Learn More -
Common Security: CDSA and CSSM, Version 2 (with corrigenda)
CDSA is a set of layered security services that provides the infrastructure for extensible and interoperable security solutions. It provides complete flexibility through the use of plug-in security modules that use common Application Programming Interfaces (APIs).Learn More -
CDSA/CSSM Authentication: Human Recognition Service (HRS) API V2
The CDSA/HRS (Common Data Security Architecture: Human Recognition Service) API uses the EMM (Elective Module Manager) facilities provided in the CDSA CSSM (Common Security Services Manager), to provide a generic authentication service for CDSA.Learn More -
COE Security Software Requirements Specification (SSRS)
This document is based on the Defense Information Systems Agency (DISA), Common Operating Environment (COE) Platform Compliance Criteria, Security Software Requirements Specification (SSRS).Learn More -
Open Information Security Management Maturity Model (O-ISM3)
The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security.Learn MoreSuperseded by C17B
-
Open Automated Compliance Expert Markup Language (O-ACEML)
This standard enables enterprises to automate security compliance for their systems in a consistent manner, thereby assuring compliance with applicable regulations, while also achieving major cost savings.Learn More -
Dependency Modeling (O-DM)
The O-DM standard defines how to construct a data model to manage risk and build trust on organizational dependencies between enterprises, or between operational divisions in a large organization.Learn More -
Risk Taxonomy (O-RT), Version 2.0
This document provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.Learn More -
Risk Analysis (O-RA)
This document is The Open Group Standard for Risk Analysis (O-RA), which provides a set of standards for various aspects of information security risk analysis. It is a companion document to the Risk Taxonomy (O-RT) Standard (C13K).Learn More