ITU-T Recommendation X.805 Overview
Last updated
Last updated
The Security Assurance Framework uses the ITU-T Recommendation X.805 as its foundation for applying security control measures to achieve end-to-end network security, it also largely suggests controls based on the recommendations in the technical report “Security Aspects of Digital Financial Services”[1] by the ITU-T Focus group Digital Financial Services.
The end-to-end communications environment of the DFS ecosystem is considered in terms of the ITU-T Recommendation X.805 and provides a useful reference framework for security management. The ITU-T Recommendation X.805 security architecture has eight ‘security dimensions’, which are measures designed to address a particular aspect of network security.
The eight security dimensions that provide a systematic way of encountering network threats are as follows.
Access control: Protection against unauthorized use of network resources.
Authentication: Methods of confirming the identities of communicating entities.
Non-repudiation: Methods to prevent an individual or entity from denying cause of an event or action.
Data confidentiality: Protection of data from unauthorized disclosure.
Communication security: Assurance that information only flows between authorized endpoints without being diverted or intercepted.
Data integrity: Protection of the correctness and accuracy of data.
Availability: Prevention of denial of authorized access to network elements and data.
Privacy: Protection of data information that might be derived from observing network activity.
Figure 1 - ITU-T Recommendation X.805 Security Dimensions
ITU-T Recommendation X.805 defines a hierarchy of network equipment and facility groupings into three security layers. These security layers provide comprehensive, end-to-end security solutions and identify where security must be addressed in products and solutions because each layer may be exposed to different types of threats and attacks.
The security layers are as follows:
Infrastructure Security Layer: consists of the basic building blocks used to build telecommunications networks, services and applications, and consists of individual transmission links and network elements including their underlying hardware and software platforms.
Services Security Layer: consists of services that customers/end-users receive from networks. These services range from basic connectivity and transport.h
Applications Security Layer: focuses on network-based applications that are accessed by customers/end-users.
[1]ITU-T Focus Group Digital Financial Services, Security Aspects of Digital Financial Services, January 2017, https://www.itu.int/en/ITU-T/studygroups/2017-2020/09/Documents/ITU_FGDFS_SecurityReport.pdf