This document defines an information security framework for all organizational and technical entities of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573‑1. The security framework describes a set of security requirements and associated security measures.

Annex D contains a list of potential threats to EFC systems and a possible relation to the defined security requirements. These threats can be used for a threat analysis to identify the relevant security requirements for an EFC system.

The relevant security measures to secure EFC systems can then be derived from the identified security requirements.