Information technology — Application security — Part 7: Assurance prediction framework

This document describes the minimum requirements when the required activities specified by an Application Security Control (ASC) are replaced with a Prediction Application Security Rationale (PASR). The ASC mapped to a PASR define the Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated ASC to achieve an Actual Level of Trust. The use of Prediction Application Security Rationales (PASRs), defined by this document, is applicable to project teams which have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust. Predictions relative to aggregation of multiple components or the history of the developer in relation to other applications is outside the scope of this document.

Technologies de l'information — Sécurité des applications — Partie 7: Cadre de l'assurance d'une prédiction

General Information

Status
Published
Publication Date
21-May-2018
Current Stage
9093 - International Standard confirmed
Completion Date
27-Oct-2023
Ref Project

Buy Standard

Standard
ISO/IEC 27034-7:2018 - Information technology -- Application security
English language
29 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 27034-7
First edition
2018-05
Information technology — Application
security —
Part 7:
Assurance prediction framework
Technologies de l'information — Sécurité des applications —
Partie 7: Cadre de l'assurance d'une prédiction
Reference number
ISO/IEC 27034-7:2018(E)
©
ISO/IEC 2018

---------------------- Page: 1 ----------------------
ISO/IEC 27034-7:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27034-7:2018(E)

Contents Page
Foreword .v
0 Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Prediction concepts . 3
5.1 Goal of prediction . 3
5.2 Prediction framework . 4
5.3 Expected Level of Trust . 4
5.3.1 Concept . 4
5.3.2 Expected level of trust in the ONF . 5
5.3.3 Expected level of trust in the ANF . 6
5.3.4 ASC data in the ANF . 7
5.3.5 Expected level of trust over sequence of application versions . 8
5.4 Principles .10
5.4.1 ISO/IEC 27034-1 principles .10
5.4.2 Appropriate investment for application security principle .10
5.4.3 Application security should be demonstrated principle .10
5.5 Prediction authorization .10
5.5.1 Prediction
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.