naSRPS EN ISO/IEC 24760-2:2025

Information security, cybersecurity and privacy protection - A framework for identity management - Part 2: Reference architecture and requirements (ISO/IEC 24760-2:2025)

Scope

This document:
- provides guidelines for the implementation of systems for the management of identity information;
- specifies requirements for the implementation and operation of a framework for identity management;
- is applicable to any information system where information relating to identity is processed or stored;
- is considered to be a horizontal document for the following reasons:
- it applies concepts such as distinguishing the term "identity" from the term "identifier" on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management,
- it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management