iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC TR 6114:2023

(Main)

Cybersecurity — Security considerations throughout the product life cycle

Cybersecurity — Security considerations throughout the product life cycle

This document describes security considerations throughout the product life cycle (SCLC), which is a framework that spans the entire information and communications technology (ICT) product life cycle. The aim of the framework is to align the industry and bring greater transparency to customers at every point on the ICT product life cycle. This document describes the following items for suppliers, end users (consumers), intermediaries of the ICT supply chain, service providers, and regulators: — definition of phases in the ICT product life cycle from concept to retirement; — threat vectors possible in each phase of the life cycle; — potential controls against those threat vectors. The target audiences of this document are suppliers and consumers of ICT products, including all participants throughout the supply chain such as silicon chip designers, fabricators, product assemblers, logistics providers, service providers, and information security organizations. Clauses 5 to 11 target an organization’s strategic and risk management teams. This document provides an end-to-end view of the threats in each phase to help the organization shape their plans, procedures and policies.

Cybersécurité — Considérations relatives à la sécurité tout au long du cycle de vie du produit

General Information

Status
Published
Publication Date
09-Oct-2023
ICS
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Current Stage
6060 - International Standard published
Start Date
10-Oct-2023
Due Date
03-Nov-2023
Completion Date
10-Oct-2023
Ref Project

Buy Standard

ISO/IEC TR 6114:2023 - Cybersecurity — Security considerations throughout the product life cycle Released:10. 10. 2023ISO/IEC TR 6114:2023 - Cybersecurity — Security considerations throughout the product life cycle Released:10. 10. 2023
PreviousNext
Technical report
ISO/IEC TR 6114:2023 - Cybersecurity — Security considerations throughout the product life cycle Released:10. 10. 2023
English language
44 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC DTR 6114 - Cybersecurity – Security considerations throughout the product life cycle Released:26. 06. 2023ISO/IEC DTR 6114 - Cybersecurity – Security considerations throughout the product life cycle Released:26. 06. 2023
PreviousNext
Draft
ISO/IEC DTR 6114 - Cybersecurity – Security considerations throughout the product life cycle Released:26. 06. 2023
English language
46 pages
sale 15% off
Preview
sale 15% off
Preview
REDLINE ISO/IEC DTR 6114 - Cybersecurity – Security considerations throughout the product life cycle Released:26. 06. 2023REDLINE ISO/IEC DTR 6114 - Cybersecurity – Security considerations throughout the product life cycle Released:26. 06. 2023
PreviousNext
Draft
REDLINE ISO/IEC DTR 6114 - Cybersecurity – Security considerations throughout the product life cycle Released:26. 06. 2023
English language
46 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/IEC TR
REPORT 6114
First edition
2023-10
Cybersecurity — Security
considerations throughout the
product life cycle
Cybersécurité — Considérations relatives à la sécurité tout au long du
cycle de vie du produit
Reference number
ISO/IEC TR 6114:2023(E)
© ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC TR 6114:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 6114:2023(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Security considerations throughout the product life cycle . 3
5.1 Security considerations throughout the product life cycle overview . 3
5.2 Information and communication technology threat model . 5
5.3 Classes of threats. 5
5.4 Structure of the report . 5
6 Phase 1: Concept .6
6.1 General . 6
6.2 Summary of concept threats and controls . 6
6.2.1 Workflow toolchain tampering . 6
6.2.2 Unauthorized operations . 7
6.2.3 Integrity faults . 7
6.2.4 Theft or loss . 7
7 Phase 2: Development. 7
7.1 General .
...

FINAL
TECHNICAL ISO/IEC DTR
DRAFT
REPORT 6114
ISO/IEC JTC 1/SC 27
Cybersecurity – Security
Secretariat: DIN
considerations throughout the
Voting begins on:
2023-07-10 product life cycle
Voting terminates on:
Cybersécurité — Considérations relatives à la sécurité tout au long du
2023-09-04
cycle de vie du produit
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC DTR 6114:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC DTR 6114:2023(E)
FINAL
TECHNICAL ISO/IEC DTR
DRAFT
REPORT 6114
ISO/IEC JTC 1/SC 27
Cybersecurity – Security
Secretariat: DIN
considerations throughout the
Voting begins on:
product life cycle
Voting terminates on:
Cybersécurité — Considérations relatives à la sécurité tout au long du
cycle de vie du produit
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC DTR 6114:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 2 ----------------------
ISO/IEC DTR 6114:2023(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Security considerations throughout the product life cycle . 3
5.1 Security considerations throughout the product life cycle overview . 3
5.2 Information and communication technology threat model . 5
5.3 Classes of threats. 5
5.4 Structure of the report . 5
6 Phase 1: Concept .6
6.1 General .
...

Style Definition

...
Formatted: Left: 1.5 cm, Right: 1.3 cm, Top: 1.4 cm,
ISO/IEC TR 6114:2023(E)
Bottom: 0.5 cm, Gutter: 1 cm, Section start: Odd page,
Width: 21 cm, Height: 29.7 cm, Header distance from
ISO/IEC TR 6114
edge: 1.25 cm, Footer distance from edge: 0 cm,
Different first page header
ISO/IEC JTC 1/SC 27 N-#:####(X)
Formatted: Font: 11 pt, Not Bold, English (United
Kingdom)
ISO/IEC TR 6114
ISO/IEC JTC 1/SC 27/WG 4 Formatted: zzCover, Left
Formatted
...
Date: 2023-01-3106-23
Formatted: Font: Not Bold

  Secretariat: DIN Formatted: zzCover, Space After: 0 pt, Tab stops: Not
at 5.97 cm + 16.51 cm

Cybersecurity – Security considerations throughout the product life cycle
Formatted: Font: 12 pt
Cybersécurité — Considérations relatives à la sécurité tout au long du cycle de vie du produit

---------------------- Page: 1 ----------------------
ISO/IEC TR 6114:2023(E)
© ISO/IEC 2023
Formatted: Indent: Left: 0 cm, Right: 0 cm, Space
Before: 0 pt, No page break before, Adjust space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
between Latin and Asian text, Adjust space between
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
Asian text and numbers, Border: Top: (No border), Left:
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission
(No border), Right: (No border)
can be requested from either ISO at the address below or ISO’sISO's member body in the country of the requester.
ISO copyright officeCopyright Office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Formatted: Indent: Left: 0 cm, First line: 0 cm, Right: 0
cm, Adjust space between Latin and Asian text, Adjust
Phone: + 41 22 749 01 11
space between Asian text and numbers, Border: Left:
(No border), Right: (No border)
Fax: +41 22 749 09 47
Formatted: English (United Kingdom)
Email: copyright@iso.org
Formatted: English (United Kingdom)
Formatted: English (United Kingdom)
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org
Formatted: Indent: Left: 0 cm, First line: 0 cm, Right: 0
cm, Adjust space between Latin and Asian text, Adjust
Published in Switzerland.
space between Asian text and numbers, Border: Bottom:
(No border), Left: (No border), Right: (No border)
ii © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 6114:2023(E)
Formatted: Font: Not Bold
Contents Page
Foreword . 5
Introduction . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Acronyms . 7
5 Security consideration throughout the product life cycle . 8
5.1 Security consideration throughout the product life cycle overview. 8
5.2 Information and communication technology threat model . 10
5.3 Classes of threats . 10
5.4 Structure of the report . 10
6 Phase 1: Concept . 11
6.1 General . 11
6.2 Summary of concept threats and controls . 11
6.2.1 Workflow toolchain tampering . 11
6.2.2 Unauthorized Operations .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 23837-2:2023(Main)
Information security — Security requirements, test and evaluation methods for quantum key distribution — Part 2: Evaluation and testing methods

This document specifies test and evaluation methods for the security evaluation of quantum key distribution (QKD). It also describes evaluation activities that constitute the test and evaluation methods for the security functional requirements on the implementation of QKD protocols, the quantum optical components and conventional network components in QKD modules. Moreover, supplementary evaluation activities for security assurance requirements are provided to support the security evaluation of QKD with appropriate assurance levels.

  • Standard
    106 pages
    English language
    sale 15% off
  • Draft
    106 pages
    English language
    sale 15% off
  • Draft
    106 pages
    English language
    sale 15% off
ISO
ISO/IEC 23837-1:2023(Main)
Information security — Security requirements, test and evaluation methods for quantum key distribution — Part 1: Requirements

This document specifies a general framework for the security evaluation of quantum key distribution (QKD) according to the ISO/IEC 15408 series. Specifically, it specifies a baseline set of common security functional requirements (SFRs) for QKD modules, including SFRs on the conventional network components and the quantum optical components, and the entire implementation of QKD protocols. To facilitate the analysis of SFRs, security problems that QKD modules can face in their operational environment are analysed based on a structural analysis of the security functionality of QKD modules and the classification of QKD protocols. The SFRs on conventional network components of QKD modules are mainly characterized under the framework of the ISO/IEC 15408 series and also refer to the methodology of ISO/IEC 19790 and relevant standards on testing of cryptographic modules and network devices.

  • Standard
    52 pages
    English language
    sale 15% off
ISO
ISO/IEC 9797-1:2011/Amd 1:2023(Amendment)
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher — Amendment 1
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 27560:2023(Main)
Privacy technologies — Consent record information structure

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the: — provision of a record of the consent to the PII principal; — exchange of consent information between information systems; — management of the life cycle of the recorded consent.

  • Technical specification
    52 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off
ISO
ISO/IEC 27071:2023(Main)
Cybersecurity — Security recommendations for establishing trusted connections between devices and services

This document provides a framework and recommendations for establishing trusted connections between devices and services based on hardware security modules. It includes recommendations for components such as: hardware security module, roots of trust, identity, authentication and key establishment, remote attestation, data integrity and authenticity. This document is applicable to scenarios that establish trusted connections between devices and services based on hardware security modules. This document does not address privacy concerns.

  • Standard
    24 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC 4922-1:2023(Main)
Information security — Secure multiparty computation — Part 1: General

This document specifies definitions, terminology and processes for secure multiparty computation and related technology, in order to establish a taxonomy and enable interoperability. In particular, this document defines the processes involved in cryptographic mechanisms which compute a function on data while the data are kept private; the participating parties; and the cryptographic properties. The terminology contained in this document is common to the ISO/IEC 4922 series.

  • Standard
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC 24392:2023(Main)
Cybersecurity — Security reference model for industrial internet platform (SRM- IIP)

This document presents specific characteristics of industrial internet platforms (IIPs), including related security threats, context-specific security control objectives and security controls. This document covers specific security concerns in the industrial context and thus complements generic security standards and reference models. In particular, this document includes secure data collection and transmission among industrial devices, data security of industrial cloud platforms, and secure collaborations with various industry stakeholders. The users of this document are organizations who develop, operate, or use any components of IIPs, including third parties who provide services to the abovementioned stakeholders. This document provides recommendations for users on how to protect IIPs against IIP-specific threats.

  • Standard
    34 pages
    English language
    sale 15% off
  • Draft
    33 pages
    English language
    sale 15% off
ISO
ISO/IEC 27032:2023(Main)
Cybersecurity — Guidelines for Internet security

This document provides: — an explanation of the relationship between Internet security, web security, network security and cybersecurity; — an overview of Internet security; — identification of interested parties and a description of their roles in Internet security; — high-level guidance for addressing common Internet security issues. This document is intended for organizations that use the Internet.

  • Standard
    28 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC 27036-3:2023(Main)
Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security

This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding: a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains; b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services; c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002. This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.

  • Standard
    35 pages
    English language
    sale 15% off
  • Draft
    35 pages
    English language
    sale 15% off
  • Draft
    35 pages
    English language
    sale 15% off
ISO
ISO/IEC 29134:2023(Main)
Information technology — Security techniques — Guidelines for privacy impact assessment

This document gives guidelines for: — a process on privacy impact assessments, and — a structure and content of a PIA report. It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

  • Standard
    44 pages
    English language
    sale 15% off
  • Draft
    44 pages
    English language
    sale 15% off
  • Draft
    44 pages
    English language
    sale 15% off