scope:

The overall scope of this Technical Specification is aninformation security framework for all organizational and technicalentities of an EFC scheme and in detail for the interfaces betweenthem, based on the system architecture defined in ISO 17573. Thesecurity framework describes a set of requirements and associatedsecurity measures for stakeholders to implement and thus ensure asecure operation of their part of an EFC system as required for atrustworthy environment according to its security policy. The scopeof this Technical Specification comprises the following: ?definition of a trust model (Clause 5); Basic assumptions andprinciples for establishing trust between the stakeholders. ?security requirements (Clause 6); ? security measures ?countermeasures (Clause 7); Security requirements to support actualEFC system implementations. ? security specifications for interfaceimplementation (Clause 8); These specifications represent an add-onfor security to the corresponding standards. Figure 5 above showsthe relevant interfaces and the corresponding relevant interfacestandards, as illustrated in Figure 6. ? key management (Clause 9);Covering the (initial) setup of key exchange between stakeholdersand several operational procedures like key renewal, certificaterevocation, etc. ? security profiles (Annex A); ? implementationconformance statement (Annex B) provides a checklist to be used byan equipment supplier, a system implementation, or an actor of arole declaring his conformity to this Technical Specification; ?general information security objectives of the stakeholders (AnnexC) which provide a basic motivation for the security requirements;? threat analysis (Annex D) on the EFC system model and its assetsusing two different complementary methods, an attack-basedanalysis, and an asset-based analysis; ? security policy examples(Annex E and Annex F); ? recommendations for privacy-focusedimplementation (Annex G); ? proposal for end-entity certificates(Annex H). The following are outside the scope of this TechnicalSpecification: ? a complete risk assessment for an EFC system; ?security issues rising from an EFC application running on an ITSstation; NOTE Security issues associated with an EFC applicationrunning on an ITS station are covered in CEN/TR 16690. ? entitiesand interfaces of the interoperability management role; ? thetechnical trust relation between TSP and service user; ? concreteimplementation specifications for implementation of security forEFC system [e.g. European electronic toll service (EETS)]; ?detailed specifications required for privacy-friendly EFCimplementations; ? any financial transactions between the paymentservice provider and the payment medium issued by the latter (e.g.ICC).