ISO/IEC TR 6114:2023
(Main)Cybersecurity — Security considerations throughout the product life cycle
Cybersecurity — Security considerations throughout the product life cycle
This document describes security considerations throughout the product life cycle (SCLC), which is a framework that spans the entire information and communications technology (ICT) product life cycle. The aim of the framework is to align the industry and bring greater transparency to customers at every point on the ICT product life cycle. This document describes the following items for suppliers, end users (consumers), intermediaries of the ICT supply chain, service providers, and regulators: — definition of phases in the ICT product life cycle from concept to retirement; — threat vectors possible in each phase of the life cycle; — potential controls against those threat vectors. The target audiences of this document are suppliers and consumers of ICT products, including all participants throughout the supply chain such as silicon chip designers, fabricators, product assemblers, logistics providers, service providers, and information security organizations. Clauses 5 to 11 target an organization’s strategic and risk management teams. This document provides an end-to-end view of the threats in each phase to help the organization shape their plans, procedures and policies.
Cybersécurité — Considérations relatives à la sécurité tout au long du cycle de vie du produit
General Information
Buy Standard
Standards Content (Sample)
TECHNICAL ISO/IEC TR
REPORT 6114
First edition
2023-10
Cybersecurity — Security
considerations throughout the
product life cycle
Cybersécurité — Considérations relatives à la sécurité tout au long du
cycle de vie du produit
Reference number
ISO/IEC TR 6114:2023(E)
© ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC TR 6114:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 6114:2023(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Security considerations throughout the product life cycle . 3
5.1 Security considerations throughout the product life cycle overview . 3
5.2 Information and communication technology threat model . 5
5.3 Classes of threats. 5
5.4 Structure of the report . 5
6 Phase 1: Concept .6
6.1 General . 6
6.2 Summary of concept threats and controls . 6
6.2.1 Workflow toolchain tampering . 6
6.2.2 Unauthorized operations . 7
6.2.3 Integrity faults . 7
6.2.4 Theft or loss . 7
7 Phase 2: Development. 7
7.1 General .
...
FINAL
TECHNICAL ISO/IEC DTR
DRAFT
REPORT 6114
ISO/IEC JTC 1/SC 27
Cybersecurity – Security
Secretariat: DIN
considerations throughout the
Voting begins on:
2023-07-10 product life cycle
Voting terminates on:
Cybersécurité — Considérations relatives à la sécurité tout au long du
2023-09-04
cycle de vie du produit
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC DTR 6114:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC DTR 6114:2023(E)
FINAL
TECHNICAL ISO/IEC DTR
DRAFT
REPORT 6114
ISO/IEC JTC 1/SC 27
Cybersecurity – Security
Secretariat: DIN
considerations throughout the
Voting begins on:
product life cycle
Voting terminates on:
Cybersécurité — Considérations relatives à la sécurité tout au long du
cycle de vie du produit
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/IEC DTR 6114:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
© ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 2 ----------------------
ISO/IEC DTR 6114:2023(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Security considerations throughout the product life cycle . 3
5.1 Security considerations throughout the product life cycle overview . 3
5.2 Information and communication technology threat model . 5
5.3 Classes of threats. 5
5.4 Structure of the report . 5
6 Phase 1: Concept .6
6.1 General .
...
Style Definition
...
Formatted: Left: 1.5 cm, Right: 1.3 cm, Top: 1.4 cm,
ISO/IEC TR 6114:2023(E)
Bottom: 0.5 cm, Gutter: 1 cm, Section start: Odd page,
Width: 21 cm, Height: 29.7 cm, Header distance from
ISO/IEC TR 6114
edge: 1.25 cm, Footer distance from edge: 0 cm,
Different first page header
ISO/IEC JTC 1/SC 27 N-#:####(X)
Formatted: Font: 11 pt, Not Bold, English (United
Kingdom)
ISO/IEC TR 6114
ISO/IEC JTC 1/SC 27/WG 4 Formatted: zzCover, Left
Formatted
...
Date: 2023-01-3106-23
Formatted: Font: Not Bold
Secretariat: DIN Formatted: zzCover, Space After: 0 pt, Tab stops: Not
at 5.97 cm + 16.51 cm
Cybersecurity – Security considerations throughout the product life cycle
Formatted: Font: 12 pt
Cybersécurité — Considérations relatives à la sécurité tout au long du cycle de vie du produit
---------------------- Page: 1 ----------------------
ISO/IEC TR 6114:2023(E)
© ISO/IEC 2023
Formatted: Indent: Left: 0 cm, Right: 0 cm, Space
Before: 0 pt, No page break before, Adjust space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
between Latin and Asian text, Adjust space between
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
Asian text and numbers, Border: Top: (No border), Left:
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission
(No border), Right: (No border)
can be requested from either ISO at the address below or ISO’sISO's member body in the country of the requester.
ISO copyright officeCopyright Office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Formatted: Indent: Left: 0 cm, First line: 0 cm, Right: 0
cm, Adjust space between Latin and Asian text, Adjust
Phone: + 41 22 749 01 11
space between Asian text and numbers, Border: Left:
(No border), Right: (No border)
Fax: +41 22 749 09 47
Formatted: English (United Kingdom)
Email: copyright@iso.org
Formatted: English (United Kingdom)
Formatted: English (United Kingdom)
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org
Formatted: Indent: Left: 0 cm, First line: 0 cm, Right: 0
cm, Adjust space between Latin and Asian text, Adjust
Published in Switzerland.
space between Asian text and numbers, Border: Bottom:
(No border), Left: (No border), Right: (No border)
ii © ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 6114:2023(E)
Formatted: Font: Not Bold
Contents Page
Foreword . 5
Introduction . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Acronyms . 7
5 Security consideration throughout the product life cycle . 8
5.1 Security consideration throughout the product life cycle overview. 8
5.2 Information and communication technology threat model . 10
5.3 Classes of threats . 10
5.4 Structure of the report . 10
6 Phase 1: Concept . 11
6.1 General . 11
6.2 Summary of concept threats and controls . 11
6.2.1 Workflow toolchain tampering . 11
6.2.2 Unauthorized Operations .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.