What is ISO/IEC 24760-1?

ISO/IEC 24760-1:2025 defines the core terminology and concepts essential to identity management in the context of information security, cybersecurity and privacy protection. As the foundational part of the ISO/IEC 24760 series, it provides the language and structure needed to design, implement and evaluate identity management systems across all types of digital environments.

Whether you're managing user accounts in an enterprise system or verifying components in a connected ecosystem, this standard clarifies the distinctions between identity, identifier, attributes, and other core concepts, enabling consistent and secure identity handling.

Why is ISO/IEC 24760-1 important?

As digital systems increasingly rely on identity-based decisions—from authentication to authorization and access control—a unified understanding of identity concepts becomes critical. Without a clear framework, identity management can become inconsistent, exposing organizations to privacy risks, compliance issues, and security threats.

ISO/IEC 24760-1 establishes that framework, making it easier for systems and stakeholders to communicate, integrate, and trust identity-related processes.

It also serves as a horizontal document, meaning it supports and connects a wide range of standards—such as ISO/IEC 29100 (privacy), ISO/IEC 29115 (entity authentication), and others—ensuring interoperability and compliance across sectors.

Benefits

• Improves clarity in system design, integration, and auditing
• Supports privacy-by-design through precise identity definitions
• Forms the foundation for related standards in cybersecurity and privacy
• Helps organizations assess the trustworthiness and privacy friendliness of identity systems
• Applicable to any system that processes identity information, including IT components, individuals, or organizations

FAQ