Customer Service:
Mon - Fri: 8:30 am - 6 pm EST

INCITS: Information Technology Industry Council

INCITS, the InterNational Committee for Information Technology Standards, is a nonprofit organization that develops and publishes standards for the information technology field. Headquartered in Washington, D.C., United States, INCITS standards are propagated throughout the entire world by its membership base of 1,700 organizations spread across 13 countries. INCITS also serves as the administrator for the U.S. TAGs (United States Technical Advisory Group) to ISO/JTC 1 (International Organization for Standardization/Joint Technical Committee) and to many of its subcommittees, as well as the U.S. TAG to ISO/TC 211. Standards from INCITS are available both individually, directly through the ANSI webstore, and as part of a Standards Subscription. If you or your organization are interested in easy, managed, online access to standards that can be shared, a Standards Subscription may be what you need - please contact us at: or 1-212-642-4980 or Request Proposal Price.

Below are INCITS's best-selling standards. To find additional standards, please use the search bar above.

 Back to All Publishers Home

INCITS/ISO/IEC 14882:2017 (2018)

Programming languages - C++

Specifies requirements for implementations of the C++ programming language. The first such requirement is that they implement the language, so this document also defines C++. Other requirements and relaxations of the first requirement appear at various places within this document. C++ is a general purpose programming language based on the C programming language as described in ISO/IEC 9899:2011 Programming languages ? C (hereinafter referred to as the C standard). In addition to the facilities provided by C, C++ provides additional data types, classes, templates, exceptions, namespaces, operator overloading, function name overloading, references, free store management operators, and additional library facilities.

INCITS 322-2015 (R2020)

Information Technology - Card Durability Test Methods

Since the publication of INCITS 322-2008, additional test methods and refinements of the published test methods have been proposed.

INCITS 359-2012 (R2017)

Information technology - Role Based Access Control

This standard consists of two main parts: the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The RBAC Reference Model defines sets of basic RBAC elements (i.e., users, roles, permissions, operations and objects) and relations as types and functions that are included in this standard. The RBAC System and Administrative Functional Specification specifies the features that are required of an RBAC system.

INCITS/ISO/IEC 19790:2012 (R2019)

Information technology - Security techniques - Security requirements for cryptographic modules

This International Standard specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location).

INCITS/ISO/IEC 24759:2017 (2018)

Information technology - Security techniques - Test requirements for cryptographic modules

Specifies the methods to be used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012. The methods are developed to provide a high degree of objectivity during the testing process and to ensure consistency across the testing laboratories. Also specifies the requirements for information that vendors provide to testing laboratories as supporting evidence to demonstrate their cryptographic modules' conformity to the requirements specified in ISO/IEC 19790:2012.

INCITS/ISO/IEC 17825:2016 (2018)

Information technology - Security techniques - Testing methods for the mitigation of non-invasive attack classes against cryptographic modules

Specifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790 for Security Levels 3 and 4. The test metrics are associated with the security functions specified in ISO/IEC 19790. Testing will be conducted at the defined boundary of the cryptographic module and I/O available at its defined boundary. The test methods used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790 and the test metrics specified in this International Standard for each of the associated security functions specified in ISO/IEC 19790 are specified in ISO/IEC 24759. The test approach employed in this Standard is an efficient "push-button" approach: the tests are technically sound, repeatable and have moderate costs.

INCITS/ISO/IEC 27001:2013 (R2019)

Information technology - Security techniques - Information security management systems - Requirements

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

INCITS/ISO/IEC 9899-2012

Information technology -Programming languages - C

ISO/IEC 9899:2011 specifies the form and establishes the interpretation of programs written in the C programming language.It specifies

  • the representation of C programs;
  • the syntax and constraints of the C language;
  • the semantic rules for interpreting C programs;
  • the representation of input data to be processed by C programs;
  • the representation of output data produced by C programs;
  • the restrictions and limits imposed by a conforming implementation of C.

ISO/IEC 9899:2011 does not specify

  • the mechanism by which C programs are transformed for use by a data-processing system;
  • the mechanism by which C programs are invoked for use by a data-processing system;
  • the mechanism by which input data are transformed for use by a C program;
  • the mechanism by which output data are transformed after being produced by a C program;
  • the size or complexity of a program and its data that will exceed the capacity of any specific data-processing system or the capacity of a particular processor;
  • all minimal requirements of a data-processing system that is capable of supporting a conforming implementation.

ISO/IEC 9899:2011 is designed to promote the portability of C programs among a variety of data-processing systems. It is intended for use by implementers and programmers.

INCITS 182-1990 (S2017)

Guideline for Bar Code Print Quality

Covers the optical characteristics of a printed bar code symbol. This document shall be used with the appropriate application specifications, or symbology specifications, or both. The appropriate application specifications, or symbology specifications, or both, shall take precedence over this guideline.

INCITS 501-2016

Information Technology - Security Features for SCSI Commands (SFSC)

This standard defines security features for use by all SCSI devices. This standard defines the security model that is basic to every device model and the parameter data that may apply to any device model.


As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.