On August 29, 2023, the International Organization for Standardization and the International Electrotechnical Commission published ISO/IEC 23837-1:2023, the first part of a two-part international standard specifying security requirements for quantum key distribution (QKD) modules. The standard was developed by JTC 1/SC 27, the subcommittee responsible for information security, cybersecurity, and privacy protection.
ISO/IEC 23837-1 specifies a general framework for the security evaluation of QKD according to the ISO/IEC 15408 series (Common Criteria). It defines a baseline set of common security functional requirements (SFRs) for QKD modules, covering conventional network components, quantum optical components, and the full implementation of QKD protocols. Development work on the standard began in April 2019, with six drafts reviewed during the process.
A companion standard, ISO/IEC 23837-2:2023, specifying test and evaluation methods for QKD security, was published on September 25, 2023. Together, the two parts provide manufacturers with standard procedures for designing QKD products and evaluators with methods for testing QKD module security.