International Standard
ISO/IEC 24760-2:2025
Information security, cybersecurity and privacy protection — A framework for identity management — Part 2: Reference architecture and requirements
Reference number
ISO/IEC 24760-2:2025
Edition 2
2025-09
© ISO 2026
Read sample
Published (Edition 2, 2025)

ISO/IEC 24760-2:2025

Language
Format
CHF 181
* Shipping costs not included
Convert Swiss francs (CHF) to your currency

What is ISO/IEC 24760-2:2025?

ISO/IEC 24760-2:2025 defines the reference architecture and system requirements for implementing identity management frameworks in information systems. As part of the broader ISO/IEC 24760 series, this document builds on the core concepts defined in Part 1 and offers detailed architectural models to help organizations manage identity data securely and consistently.

It outlines the components, functions, and interactions needed for a robust identity management system—across individuals, organizations, devices, and software—while also addressing privacy considerations and the growing relevance of mobile identity.

Why is ISO/IEC 24760-2 important?

Modern digital ecosystems depend on effective identity-based decision-making—from logging in users to managing access rights and enforcing privacy rules. Without a common architecture and guidance, identity management systems can become fragmented, inconsistent, or vulnerable to attack.

This standard provides a consistent blueprint that helps organizations design, evaluate, and evolve identity systems in a way that respects both security needs and privacy obligations. It also serves as a horizontal standard, meaning it applies across sectors and supports alignment with related frameworks like ISO/IEC 29100 (privacy framework), ISO/IEC 29115 (entity authentication assurance), and ISO/IEC 29146 (identity management governance).

Benefits

  • Offers a clear reference architecture for identity management system design
  • Supports integration across diverse identity management models and deployments
  • Enables risk-based decision making in access control and identity governance
  • Reflects current realities of digital identity, including mobile identity support
  • Enhances interoperability with other identity and privacy standards

 

FAQ

The second edition introduces architectural refinements, includes mobile identity concepts (like the principal’s private IMS), and reorganizes content for better clarity. It reflects updated practices in decentralized and federated identity models.

While Part 1 focuses on terminology and conceptual foundations, Part 2 goes further by providing a structured reference architecture and implementation requirements. Together, they enable both clarity and technical application of identity management practices.

General information

  • Status
     : Published
    Publication date
     : 2025-09
    Stage
    : International Standard published [60.60]
  • Edition
     : 2
    Number of pages
     : 46
  • Technical Committee :
    ISO/IEC JTC 1/SC 27
    ICS :
    35.030 
  • RSS updates

Buy together

Package - 10% discount
ISO/IEC 24760 identity management essentials package

Secure identities, build trust

  • ISO/IEC 24760-1: Core concepts and terminology.
  • ISO/IEC 24760-2: Reference architecture and requirements. 
  • ISO/IEC 24760-3: Practice
English | PDF
CHF 475CHF 427

Life cycle

Got a question?

Check out our Help and Support

  2. Store
  3. Store
  4. ICS
  5. 35
  6. 35.030
  7. ISO/IEC 24760-2:2025