ISO 15292, "Information technology – Security techniques – Protection Profile registration procedures" establishes an international registry (operated by AFNOR) for Protection Profiles and packages used in computer security evaluation under the Common Criteria framework. The format of these profiles and packages is as specified in ISO 15408.
ISO 15292 assigns registered Protection Profiles and packages labels of the form: "Entry Type-registration Year-registration Number", for example PP-2003-0001.
Registration authorities exist for many standards organizations, such as ANNA (Association of National Numbering Agencies for ISIN), the Object Management Group, W3C, IEEE and others. In general, registration authorities all perform a similar function, in promoting the use of a particular standard through facilitating its use. This may be by applying the standard, where appropriate, or by verifying that a particular application satisfies the standard's tenants. Maintenance agencies, in contrast, may change an element in a standard based on set rules – such as the creation or change of a currency code when a currency is created or revalued (i.e. TRL to TRY for Turkish lira). The Object Management Group has an additional concept of certified provider, which is deemed an entity permitted to perform some functions on behalf of the registration authority, under specific processes and procedures documented within the standard for such a role.
An ISO registration authority (RAs) is not authorized to update standards but provides a registration function to facilitate implementation of an International Standard (e.g. ISBN number for books). Frequently, facilitating the implementation of an ISO standard’s requirements is best suited, by its nature, to one entity, an RA. This, de facto, creates a monopoly situation and this is why care needs to be taken with respect to the functions carried out and the fees charged to avoid an abuse of such a situation. In most cases, there is a formal legal contract in place between the standards body, such as the ISO General Secretariat, and the selected registration authority.
ISO registration authorities differ from a maintenance agency. Maintenance agencies are authorized to update particular elements in an International Standard and as a matter of policy, the secretariats of MAs are assigned to bodies forming part of the ISO system (member bodies or organizations to which a member body delegates certain tasks in its country). The membership of MAs and their operating procedures are subject to approval by the Technical Management Board.
While registration authorities for a particular standard typically do not change, the position is not formally guaranteed and is subject to review and reassignment to a different firm or organization. In some cases, the concept of a registration authority may not exist for a standard at all.
By further example, the equivalent registration authority organization for Internet standards is the Internet Assigned Numbers Authority.
ISO standards by standard number