ISO/IEC JTC 1/SC 25 N
1420A
Date: 2008-03-31
Replaces ISO/IEC JTC 1/SC 25 N 1420
ISO/IEC JTC 1/SC 25
INTERCONNECTION OF INFORMATION TECHNOLOGY EQUIPMENT
Secretariat: Germany (DIN)
DOC TYPE:
TITLE:
ACTION ID:
Voting report
Voting report on SC 25 N 1285: ISO/IEC FCD 24767-1: IT - Home
network security - Part 1: Security Requirements
SC 25 Secretary
25.01.15.01
The NWIP has been distributed with the SC 25 N 1065 JTC 1 N 7825. It
has been approved as recorded in SC 25 N 1086.
The 1st CD was distributed fro comment with SC 25 N 1066, two CDs for
vote with SC 25 N 1087 and N 1132, N 1132 found substantial support as
recorded in SC 25 N 1088.
The FCD was distributed with SC 25 N 1285 and found substantial
support as recorded in this document.
The document is being edited according to ISO/IEC directives part 2 and
distributed as FDIS for approval as IS.
This document includes the comments received by JTC 1/SC 27.
FYI
DUE DATE:
n/a
SOURCE:
PROJECT:
STATUS:
REQUESTED: For information
ACTION
MEDIUM:
Def
DISTRIBUTION:
ITTF, JTC 1 Secretariat
P-, L-, O-Members of SC 25
No of Pages:
12 (including cover)
Secretary - ISO/IEC JTC 1 / SC 25 - Dr.-Ing. Walter P. von Pattay
ZVEI FV 7 & FV 8, Germany
Tel.: +49/89/923 967 57, Tfx.: +49/89/923 967 59 (only on request)
EM: Walter@Pattay.com
Home page: „http://www.iec.ch/sc25“
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Title
SC 25 N 1420 voting report on SC 25 N: 1285
Approval of text of SC 25 N 1285: ISO/IEC FCD 24767-1: IT - Home network
security - Part 1: Security Requirements
APPROVED
RESULT OF VOTING not counting abstentions as votes
P-Members voting: 15 in favour out 16 of = 93,75 % (requirement >= 66,66%) of those who have voted
P- Members voting: 1 negative votes out of 16 = 6,25 % (requirement <= 25%)
P-Members voting: 16 out of 27 = 59, 26 % (requirement >= 50%)
Additional comments
Country
Member
Australia
Belgium
Canada
China
Czech Republic
Denmark
Finland
France
Germany
India
Ireland
Israel
Italy
Japan
Kazakhstan
Korea, Republic of
Mexico
Netherlands
New Zealand
Norway
Poland
Singapore
Spain
Sweden
Switzerland
United Kingdom
USA
P-Members
SAI
BEC-CEB
SCC
CESI
CSNI
DS
SESKO
AFNOR
DKE
BIS
NSAI
SII
UNI
JISC
ISO/IEC JTC 1/SC 533570423
Participation Voted
Comments received
via JTC 1/SC27
P
Disapproval Yes
9
P
P
Approval
P
Approval
P
Approval
P
Approval
P
P
Approval
S
Approval
P
P
P
P
Approval
P
Approval
KAZMEMST P
KATS
P
Approval
DGN
P
Approval
NEN
P
Approval
SNZ
P
NEK
P
PKN
P
Approval
SPRING
P
AENOR
P
Approval
SNC
P
Approval Yes
29
SNV
P
BSI
P
ANSI
P
Approval
27
Approvals 15
Abstentions: 0
Disapproval 1
Not voting: 11
9
2
7
1
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Collation of comments on SC 25 N 1285: ISO/IEC FCD 24767-1: IT - Home network security - Part 1: Security Requirements
E: editorial, G: general, T: technical
Page
Line
Clause
00
000 all
E/G/
T
ID
Comment
Proposed change
te
[AU] 1
From the scope statement in this document, it appears that the
intended users of this standard are people who develop devices
that can be used in a home network environment. However, much
of the content is of a type more appropriate to home network user
awareness. For example, the content of clause 8 is very high level
and insufficient as a basis of security specifications for networked
devices. Developers of home network devices could be
dangerously mislead if they treated this as a suitable set of
requirements.
Foreword and content of the
The intended audience
should be clarified, and document should be updated
accordingly.
the purposes for which
this standard can be
used should be clarified.
These comments are written on the assumption that the intended
audience is designers and developers of HES equipment.
There is a need for guidance for
1.
designers and implementers/installers of home networks;
and
2.
users/owners of homes that live with, operate, manage and
otherwise use HES.
However, although some of the content appears somewhat
relevant to these groups, it is assumed that these other groups are
not the intended audience of this document.
As it stands, this document is not suitable for either the assumed
target audience or any other possible audience.
ISO/IEC JTC 1/SC 533570423
This is the necessary
starting point for
determining what a
rewritten version of this
standard should contain
and how it should be
structured.
Secretary's observations
Resolution
Rejected.
Intended
audience
-> Developers,
installers, users
and service
providers of
home networks
Purpose
-> To describe
the security
requirements, not
the security
mechanisms and
services that
should be
implemented in
home networks.
These points are
obvious in the
current
documents.
2
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
E/G/
T
ID
Comment
Proposed change
00
000 all
te
[AU] 2
The standard provides a valuable concept model for home
networks and provides a good starting point for security
requirements by identifying and listing relevant threats. However,
the description of the defences against these threats make no
reference to the ISO/IEC standards that give details of how such
defences should be implemented.
The comment is valid and Australia
This standard should
is kindly invited to provide more
provide extensive
specific input
references to existing
ISO/IEC standards that
should be used when
implementing security
functionality in home
network devices. For
example, there is at
least one ISO/IEC
standard for each of the
‘defense’ entries in table
1.
00
000 all
te
[AU] 3
This standard will have no practical value unless it specifies which
security functions should be implemented in each of the different
types of devices. As drafted, it provides no information about what
functionality should be implemented in each of the devices shown
in figure 1. It also makes no mention of requirements for managing
the security functions available within a home network.
A major rewrite of the
standard is needed to
provide guidelines for
the development of
security specifications
for each type of network
device.
Page
Line
Clause
The new text needs to
include a statement of
assumptions concerning
how home networks will
be designed,
implemented and
operated because these
are relevant to the
specifications of the
network components.
ISO/IEC JTC 1/SC 533570423
Secretary's observations
Resolution
Rejected.
This document
describes the
security
requirments, not
the specific
protection
mechanisms.
More specific input would be needed Rejected.
especially at an earlier stage of the
The specific
document
defences against
each threat for
each type of
device is outside
the scope of this
document.
3
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Page
Line
00
00
0
Clause
E/G/
T
ID
Comment
Proposed change
T
AU2(S
C27)
It is not clear who is the intended audience of this standard.
Aspects of this standard appear relevant to:
Rewrite the standard for
the home owner/user of
HES as the intended
audience.

designers and developers of HES equipment;

designers and implementers/installers of home networks;
and

users/owners of homes that live with, operate, manage and
otherwise use HES.
Secretary's observations
Rejected.
Intended
audience
-> Developers,
installers, users
and service
providers of
home networks
The requirements for these different user groups are quite
different. If this document is indeed intended for all these groups,
then the requirements should indicate which class of reader they
apply to.
Purpose
-> To describe
the security
requirements, not
the security
mechanisms and
services that
should be
implemented and
who should
implement it in
home networks.
However, it is noted that most of the text seems directed to the
user/owner category (3 above). If this is the intention, the text
should be written so that a typical HES user can act on the
requirements. Thus for example, there is little point in telling a
user to use a message authentication because they usually have
no obvious way to act on this requirement. In this case the
standard should include information about requirements to look for
when selecting different types of equipment for a HES and give
advice on options or preferences to select in software packages for
information appliances.
00
000 all
ge
[AU] 4
The following comments accompany a disapproval vote.
The comments given on specific clauses are illustrative examples
of the general problems identified with this standard.
ISO/IEC JTC 1/SC 533570423
Resolution
These points are
obvious in the
current
documents.
In light of the necessary
changes, this project
should revert to WD
status. Consideration
should be given to
referring this topic to
SC27 for inclusion as a
part of the Network
Security standard for
which they are
responsible.
Noted
Rejected
The specific
defences against
the threat for
each type of
devices is outside
the scope of this
document.
4
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Page
Line
00
00
0
Clause
E/G/
T
ID
Comment
Proposed change
G
NZ1
(SC27
)
This document should be rejected in its current form.
Return to study period.
Nowhere in this document has the requirement for a standard such
as this been demonstrated. (It would not appear that there was any
obvious consultation with the manufacturers of white and brown
goods, user support groups, service providers and or software
developers)
Engage the
manufacturers of
household goods such
as white and brown
appliances, on the need
for this standard. Also
engage service
providers, end users
and support groups and
provide evidence of an
industry requirement for
this standard.
Potentially this standard may increase risks, by creating a
homogenous attack environment.
The document appears to have been drafted to establish a new
business industry with the backing of a standard without
demonstrating the actual requirements for such a standard.
00
00
0
G
NZ2
(SC27
)
ISO/IEC JTC 1/SC 533570423
The intended audience of the proposed standard is unclear and
requires clearer definition. The vagueness regarding the intended
audience distracts the reader and makes it difficult to understand
the intent and purpose of this standard.
Clearly identify the
intended audience and
draft the document with
this audience in mind.
Secretary's observations
Resolution
Rejected.
The acceptance
of this project in
SC 25 has
demonstrated the
interest in this
specification.
The experts of
SC 25 represents
many different
industries so the
concerns are
already
accomodated.
Same as
AU2(SC27)
Intended
audience are
developers,
installers, users
and service
providers of
home networks,
and the
specification
specifies security
requirements, but
is not intended to
say who should
implement it.
5
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
E/G/
T
ID
Comment
00
0
G
AU1(S
C27)
The following comments are used in justification of a disapproval
vote.
A copywriter should be
engaged to rewrite this
text so that technically
This standard contains good information about the security of the
aware but not expert
HES environment. However, as it is currently drafted, the
members of the general
information is not easily usable by an important potential audience; public can readily use it.
i.e. the home owner/user.
Rejected. Like all
standardisation
specifications
this document is
produced by the
standardisation
committee and
not by
copywriters.
Furthermoe, the
specification is
not only intended
for the home
owner/user
00
0
G
AU3(S
C27)
The vast majority of this document is a discussion of the security
problems that may be encountered in a HES. There is also some
discussion of technologies and mechanisms that may play a part in
solving these problems. However, there is precious little
information about how to solve them that is relevant to the
presumed target audience.
Rejected.
Page
Line
00
00
Clause
Proposed change
Secretary's observations
Rewrite the text so that
the intended user of this
standard is given usable
information.
Resolution
The purpose of
this document is
to describe the
security
requirements, not
the security
mechanisms and
services that
should be
implemented in
home networks.
Ten and a half pages are devoted to describing the context and
problems to be solved (clauses 4-7).
Clauses 8 and 9 (five pages) hint at how to solve the problems, but
don’t give much practically usable information.
5
137 1.1
E
SE02
The threats are not from the home environments
Change ‘coming from’ to
‘affecting’
Accept
Accepted.
5
144 1.2
E
SE03
Inconsistency with clause 2.2
Change ‘AV’ to ‘A/V’
Accept
Accepted.
5
147
G
SE01
A section on references is missing. This is normally made as section 2.
The following informal specifications have been cited in the document:
Add clause with
appropriate specifications.
Check for the normative references
and add as clause two if such
references are found.
informative references added to
bibliography.
Accept
Accepted.
ISO/IEC 17799, ISO/IEC 18028, RFC 2267
5
152 2.1.1
E
SE04
ISO/IEC JTC 1/SC 533570423
Inconsistency with clause 2.2
Change ‘AV’ to ‘A/V’
Accepted.
6
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Page
Line
Clause
6
174 2.2
192
E/G/
T
ID
Comment
Proposed change
Secretary's observations
Resolution
E
SE05
The following abbreviations are missing:
Add these to clause 2.2
Accept
Accepted.
DRM (used in clause 4.3.1)
HES (used all over)
MPEG (used in clause 7.3)
TCP (used in clause 8.6)
URL (used in clause 8.5)
VCR (used in clause 7.2)
7
217 4.1
E
SE06
Improve English
Change ‘ limit
functionality’ to ‘limited
functionality’
Accepted.
7
25 4.2
2
T
NZ3
(SC27
)
The scope of the standard as defined in 4.2 makes arbitrary
decisions as to what should be in and out of scope of the
document.
The scope should be
more clearly defined
once the intended
audience has been
identified.
Rejected.
Physical access
controls is
important for
home security,
but that was not
part of this
project.That
would reequire a
NWIP..
Physical access and access control must form part of the over all
scope of the Home Network Security (HNS) standard. Without
physical access controls it will not be possible to secure and
achieve what’s set out in the remainder of the document.
(Reference to ISO/IEC 18028 is made, however the implication
thereof to the reader should be highlighted)
Items out of scope also
need clear identification
and justification for
exclusion.
Reconsider the scope
and include physical
access controls as part
of the HES.
8
277 4.2.1
E
SE07
A standard should be time independent
Delete the word ‘recent’
Accepted.
8
304 4.2.1
E
SE09
Improve English
Change to ‘Most of these
have been …’
Accepted.
8
284 4.2.1
285
E
SE08
Improve English
Change to ‘…failures, and
human errors.’
Accepted.
9
328 4.2.1
E
SE10
Improve English
Change ‘provide’ to
‘provide:’
Accepted.
ISO/IEC JTC 1/SC 533570423
7
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Page
Line
Clause
E/G/
T
ID
Comment
Proposed change
1
0
3
4
2
4.
3
T
NZ4
(SC2
7)
The exclusion of DRM, parental control and crime reducing
products from HES scope is short-sighted as these issues are
crucial to the home/end-users. (4.3.1- 4.3.3)
Once again the intended
audience of this
document will dictate the
response but,
manufacturers and
implementers will also
be considering these
issues in relation to the
HES environment.
It’s possible to keep
them out of scope but
cross-reference specific
standards in these
spaces.
Secretary's observations
Resolution
Rejected. DRM,
parental control
and crime
reducing
products are very
important for
some home
network services.
They are,
however, not part
of the
requirements for
the home
owner/user and
thus out of scope
of this
specification.
11
38 5,
ff
8
6,
7
T
NZ5
(SC2
7)
Much discussion relates to the challenges (5) security models (6)
and threat analysis (7) without actually showing how the HNS
standard would be used to address and over come these issues.
Rewrite this section to
show how the
challenges will be
addressed in the HNS
standard. ( an attempt to
do this in section 8 falls
short once again by
describing potential
solutions without
highlighting how this will
be achieved in the HES)
Rejected. The
target of this
document is to
describe the
security
requirements, not
the security
mechanisms and
services that
should be
implemented in
home networks.
12
419 5.5
E
SE11
Improve English
Change to ‘of the
information’
Accepted.
12
419 5.5
E
SE12
Inconsistency with clause 2.2
Change ‘AV’ to ‘A/V’
Accepted.
16
596 7.3
E
SE13
Improve English
Delete the word ‘is’
Accepted.
ISO/IEC JTC 1/SC 533570423
8
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Page
Line
Clause
17
62
9
8
E/G/
T
ID
Comment
Proposed change
Secretary's observations
Resolution
T
AU4(S
C27)
Clause 8 describes two types of security requirements; i.e.
requirements for manufacturers of equipment and requirements for
users of equipment. These requirements should be clearly
distinguished. For example, in clause 8.2, requirements for access
control mechanisms should be specified for different types of home
electronic equipment. Separately, guidelines for selecting home
electronic equipment with suitable access control mechanisms and
configuring and operating such mechanisms should be given.
Rewrite clause 8 so that
it provides information
that can be practically
used by the home
owner/user of HES.
Rejected.
The target of
audience are
developers,
installers, users
and service
providers of
home networks.
17
641 8.1
E
SE14
Improve English
Change ‘dangerous’ to
‘serious’
Accepted.
17
643 8.1
E
SE15
Improve English
Change to ‘defence
mechanisms’
Accepted.
17
644 8.1
T
SE16
Trailing attacks have not been discussed in the previous section
Delete this line
Accepted.
17
644 8.1
E
SE17
The items are in arbitrary order
Order them alphabetically
after THREATS.
Accepted.
18
672 8.2
673
645 8.2
T
SE23
Incorrect statement, since a time stamp would automatically deny an old
message.
Delete the last sentence
Accepted.
te
[AU] 5
The requirements in clause 8.2 contain no hint about where in a
HES they might be implemented. For example, do we expect all
brown goods and living network components to include access
control, or is this a matter best implemented in a gateway?
Is the place where function is
This needs to be
implemented really important?
considered when the
standard is redeveloped.
Rejected.
It is not
important where
function is
implemented.
It’s natural that
the devices that
install these
functions are
different.
18
The text in clause 8.2 gives no hint about the role of a firewall, as
discussed in clause 8.6, in meeting access control needs.
When a device
needs “access
control” and “fire
wall”, a device
has to implement
clasue 8.2 and
8.6.
ISO/IEC JTC 1/SC 533570423
9
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
Page
Line
Clause
18
64
5
8.2
E/G/
T
ID
Comment
Proposed change
T
AU5(S
C27)
The requirements in clause 8.2 contain no hint about where in a
HES they might be implemented. For example, do we expect all
brown goods and living network components to include access
control, or is this a matter best implemented in a gateway?
Rewrite text so that it
provides information that
can be practically used
by the home owner/user
of HES.
Rejected. See
AU 5.
The text in clause 8.2 gives no hint about the role of a firewall, as
discussed in clause 8.6 in meeting access control needs.
Secretary's observations
Resolution
18
652 8.2
E
SE18
Improve English
Change ‘limit’ to
‘limitation of’
Accepted.
18
655 8.2
E
SE19
Improve English
Firstly, …
Accepted.
18
655 8.2
E
SE20
Improve English
Change to ‘carefully
manage’
Accepted.
18
656 8.2
E
SE21
Improve English
Change to ‘immediately
revoke’
Accepted.
18
659 8.2
E
SE22
Improve English
Secondly, …
Accepted.
AU6(S
C27)
This text gives a typical home user no guidance concerning how
they might go about ensuring that data and messages are
authenticated. Is this something that applies mainly to email, or is
there some specification that people should look for in, say, brown
goods?
Rewrite text so that it
provides information that
can be practically used
by the home owner/user
of HES.
Rejected.
Authentication is
very important.
But user doesn’t
need to know
how messages
are authenticated.
Ideally, the users
unconsciously
can use the
authentication
services.
[AU] 6
18
67
8
8.3
T
19
698 8.5
te
ISO/IEC JTC 1/SC 533570423
See Australia 7
Clause 8.5 seems to have been written with email in mind
This needs to be
(although this is not stated). Its content would be very confusing to considered when the
someone thinking about security of brown goods.
standard is redeveloped.
Rejected.
This comment is
ambiguous where
in this document
a confusing part
is.
10
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
E/G/
T
ID
Comment
8.5
T
AU7(S
C27)
Clause 8.5 seems to have been written with email in mind
Add text applicable to
(although this is not stated). Its content would be very confusing to each of the main types
someone thinking about security of their brown goods.
of equipment that is
likely to be found in a
HES, or state the scope
of applicability of the
existing text.
Rejected. See
AU 6.
19
715 8.5
E
SE24
Last sentence irrelevant
Delete the last sentence
Accepted.
19
727 8.6
E
SE26
Actually between each side of each firewall
Correct by deleting the last
part of the sentence, i.e.
let the sentence end after
‘… network traffic.’
Accepted.
19
731 8.6
E
SE27
Repetition of text
Delete the last sentence:
‘A firewall can also be
used to control outgoing
traffic.’
Accepted
19
735 8.7
te
[AU] 7
Although this clause does provide some practical information in its
last sentence, it begs the question: ‘where does one install the
virus protection package’. The answer is perhaps simple if we
considers yesterday’s network with a modem and a PC, but what
do you do if you have a network like that shown in figure 1?
Should every appliance have virus control software, should virus
control software run just in the gateway and information
appliances?
Since the draft has received
This needs to be
substantial support only specific
considered when the
standard is redeveloped. change requests could be
implemented.
Australia is invited to provide
appropriate input.
Rejected.
In this document,
it need not write
in which devices
to install the
virus detection
software.
Page
Line
Clause
19
69
8
19
73
5
8.7
T
AU8(S
C27)
ISO/IEC JTC 1/SC 533570423
Although this clause does provide some practical information in its
last sentence, it begs the question: ‘where does one install the
virus protection package’. The answer is perhaps simple if we
considers yesterday’s network with a modem and a PC, but what
do you do if you have a network like that shown in figure 1?
Should every appliance have virus control software, should virus
control software run just in the gateway?
Proposed change
Extend and rewrite this
text so that it fits the
scope described in
figure 1.
Secretary's observations
Resolution
All devices, such
as gateway,
information
appliances and so
on, can install the
virus detection
software.
Rejected. Same
as AU 7.
11
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
E/G/
T
ID
Comment
Proposed change
Secretary's observations
Resolution
716 8.5
717
E
SE25
Paragraph irrelevant
Delete the paragraph
Accept
Accepted.
74 8.8
9
T
NZ6
(SC2
7)
Protection against denial of service attack (8.8)
Rewrite the section to
provide clarity and better
address the threat and
counter measures within
the HES. ( For example
having secondary links
and or ISP’s)
Rejected.
The specific
defences against
the threat for
each type of
devices is outside
the scope of this
document.
Rejected.
The content is
completed.
Page
Line
19
20
Clause
Much discussion relates to the definition of DoS attacks but very
little is said that would indicate how HES would be able to handle,
such an attack effectively.
Effective countermeasures and controls in a home environment
are unlikely to be effective against a DoS attack. Resource
deprivation between the ISP and the HES will be the key limiting
factor in the HES ability to respond to such an attack.
The HES can actively prevent components of the HES from
participating (unwillingly due to Malware or even actively due to
rogue occupants within the HES) in a DoS attack and this should
form part of the standard. Excluding this functionality as out of
scope in 4.3.3 therefore doesn’t make any sense.
21
791 9
te
[AU] 8
Clause 9 appears to be the start of instructions to people who will
design HES components. However it seems to be incomplete.
See Australia 7
This needs to be
considered when the
standard is redeveloped.
21
791 9
te
[AU] 9
It is essential that developers of networkable home devices provide
assurance that security functionality is correctly implemented. A
range of approaches to providing assurance concerning IT security
are given in ISO/IEC TR 15443.
The redeveloped
standard should include
a discussion of
requirements for
developers of home
network devices to
provide assurance that
the security functionality
is correctly
implemented. This
should include a
discussion of how
vulnerabilities detected
for equipment in
operation should be
handled.
ISO/IEC JTC 1/SC 533570423
See Australia 7
Rejected.
In this document,
requirements for
security that is
necessary for all
devices have
aleady been
described.
12
ISO/IEC JTC 1/SC 25 N 1420A
2008-03-31
E/G/
T
ID
Comment
Proposed change
9
T
AU9(S
C27)
Clause 9 appears to be the start of instructions to people who will
design HES components. However it seems to be incomplete.
Delete this clause, and
perhaps use this as the
start of a new standard
for a different audience.
Rejected.
This
specification
provides
requirements –
not solutions.
9.
0
G
NZ7
(SC2
7)
The intent of this section is unclear. Is this addressing the
requirements of the individual components within the HES?
Remove this section.
829 A.1
E
SE28
Consistency with rest of text
Change ‘intelligent home’
to ‘HES’
Rejected.
The content is
clear.
Accepted.
22
829 Â.1
E
SE29
The bullet should be identical with those of lines 830, 837 and 840.
Amend
Accepted.
23
86
386
6
86
8
E
JP
SC27 has published ISO/IEC 10116 as a standard for mode of operation.
These references should be
replaced by ISO/IEC
10116.
Accepted.
E
JP
SC27 has published ISO/IEC 18033-3 as a standard for block ciphers.
This reference should be
replaced by ISO/IEC
18033-3.
Accepted.
Page
Line
Clause
21
79
1
2
1
7
9
1
22
23
ISO/IEC JTC 1/SC 533570423
Secretary's observations
Resolution
13