Industry Standards and Associations
International Organization for Standardization (ISO)
The ISO has members from organizations in 159 countries, and they create standards for the computing industry. The following is a list of published standards from the 27000 series, which relates to information security:
- ISO/IEC 27001:2005. Specification for information security management systems
- ISO/IEC 27002:2005. Code of practice information security
- ISO/IEC 27005:2008. Information security risk management
- ISO/IEC 27006:2007. Guidelines for accrediting organizations that certify/register of information security management systems
Institute of Electrical and Electronics Engineers (IEEE)
The IEEE is an international organization that creates standards for IT and other engineering fields, including the following:
- 802.11-2007: Combines 802.11a, b, d, e, g, h, i, and j with the base 802.11 standard
- 802.11i: Created scalable security based on EAP-based authentication and Advanced Encryption Standard (AES) encryption
- 802.11r: Draft standard for fast secure roaming intended to support voice
- 802.11u: Draft standard for internetworking with non-802.11 networks
- 802.11w: Draft standard for implementing management frame protection
Internet Engineering Task Force (IETF)
An international group interested in the continued growth and smooth operation of the Internet. They have created multiple RFCs affecting the wireless industry, including the following:
- RFC 3579: RADIUS Support for EAP
- RFC 4017: EAP Method Requirements for WLANs
- RFC 4346: TLS v1.1
- RFC 4851: EAP-FAST
- RFC 5169: Handover Key Management and Re-authentication Statement
Payment Card Industry Data Security Standard for Wireless Networks
An international standard designed to protect credit card information, personal data, and cardholder identities.
Wi-Fi Alliance
International nonprofit organization made up of Wi-Fi manufacturers. They test interoperability of Wi-Fi gear and create interim support measures for customers while waiting for a needed standard. The Wi-Fi Alliance created the following:
-
Wi-Fi Protected Access (WPA)
Authentication via EAP or WPA-PSK
Encryption using Temporal Key Integrity Protocol (TKIP)
-
Wi-Fi Protected Access 2 (WPA2)
Authentication via EAP or WPA-PSK
Encryption using AES
Cisco Compatible Extensions (CCX)
Cisco has written extensions enhancing client performance with Cisco wireless equipment and has made these extensions available to Wi-Fi manufacturers.
Table 1-1. CCX enhancements
CCX Version |
V1 |
V2 |
V3 |
V4 |
V5 |
Security enhancements |
Static WEP 802.1X LEAP Cisco TKIP |
PEAP-GTC WPA |
WPA2 EAP-FAST |
NAC EAP-TLS PEAP-MSCHAPv2 MFP-v1 |
MFP-v2 |
Mobility and management enhancements |
CCKM w/ LEAP Proxy ARP |
CCKM w/ EAP-FAST SSO w/ LEAP, EAP-FAST |
CCKM w/ PEAP-GTC, PEAP-MSCHAPv2, EAP-TLS |