Information technology — Security techniques — Storage security

This document provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of data both while stored in information and communications technology (ICT) systems and while in transit across the communication links associated with storage. Storage security includes the security of devices and media, management activities related to the devices and media, applications and services, and controlling or monitoring user activities during the lifetime of devices and media, and after end of use or end of life. Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage products and services, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information or storage security, storage operation, or who are responsible for an organization’s overall security programme and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security. This document provides an overview of storage security concepts and related definitions. It includes requirements and guidance on the threats, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other international standards and technical reports that address existing practices and techniques that can be applied to storage security.

Technologie de l'information — Techniques de sécurité — Sécurité de stockage

General Information

Status
Published
Publication Date
25-Jan-2024
Current Stage
6060 - International Standard published
Start Date
26-Jan-2024
Due Date
15-Jun-2023
Completion Date
26-Jan-2024
Ref Project

Relations

Buy Standard

Draft
ISO/IEC FDIS 27040 - Information technology — Security techniques — Storage security Released:5/14/2022
English language
93 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC FDIS 27040 - Information technology — Security techniques — Storage security Released:28. 08. 2023
English language
87 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
REDLINE ISO/IEC FDIS 27040 - Information technology — Security techniques — Storage security Released:28. 08. 2023
English language
87 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

DRAFT INTERNATIONAL STANDARD
ISO/IEC DIS 27040
ISO/IEC JTC 1/SC 27 Secretariat: DIN
Voting begins on: Voting terminates on:
2022-07-11 2022-10-03
Information technology — Security techniques — Storage
security
ICS: 35.030
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
This document is circulated as received from the committee secretariat.
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/IEC DIS 27040:2022(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. © ISO/IEC 2022

---------------------- Page: 1 ----------------------
ISO/IEC DIS 27040:2022(E)
DRAFT INTERNATIONAL STANDARD
ISO/IEC DIS 27040
ISO/IEC JTC 1/SC 27 Secretariat: DIN
Voting begins on: Voting terminates on:

Information technology — Security techniques — Storage
security
ICS: 35.030
COPYRIGHT PROTECTED DOCUMENT
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
© ISO/IEC 2022
THEREFORE SUBJECT TO CHANGE AND MAY
This document is circulated as received from the committee secretariat.
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
NOT BE REFERRED TO AS AN INTERNATIONAL
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on STANDARD UNTIL PUBLISHED AS SUCH.
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
IN ADDITION TO THEIR EVALUATION AS
or ISO’s member body in the country of the requester. BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
ISO copyright office
USER PURPOSES, DRAFT INTERNATIONAL
CP 401 • Ch. de Blandonnet 8
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
CH-1214 Vernier, Geneva
POTENTIAL TO BECOME STANDARDS TO
Phone: +41 22 749 01 11
WHICH REFERENCE MAY BE MADE IN
Reference number
Email: copyright@iso.org
NATIONAL REGULATIONS.
Website: www.iso.org ISO/IEC DIS 27040:2022(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
Published in Switzerland
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
ii
  © ISO/IEC 2022 – All rights reserved
PROVIDE SUPPORTING DOCUMENTATION. © ISO/IEC 2022

---------------------- Page: 2 ----------------------
ISO/IEC DIS 27040:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 General . 1
3.2 Terms relating to storage technology . 2
3.3 Terms relating to sanitization . 4
3.4 Terms relating to availability . 5
3.5 Terms relating to security and cryptography . 5
3.6 Terms relating to archives and repositories .
...

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27040
ISO/IEC JTC 1/SC 27
Information technology — Security
Secretariat: DIN
techniques — Storage security
Voting begins on:
2023-09-08
Voting terminates on:
2023-11-03
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 27040:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 27040:2023(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27040
ISO/IEC JTC 1/SC 27
Information technology — Security
Secretariat: DIN
techniques — Storage security
Voting begins on:
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 27040:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 27040:2023(E)
Contents Page
Foreword .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 General . 1
3.2 Terms relating to storage technology . 2
3.3 Terms relating to sanitization . 4
3.4 Terms relating to availability . 5
3.5 Terms relating to security and cryptography . 5
3.6 Terms relating to archives and repositories . 6
3.7 Miscellaneous terms . 8
4 Symbols and abbreviated terms.9
5 Structure of this document .11
5.1 General .
...

ISO/IEC DIS FDIS 27040:2023(E)
Style Definition: Heading 1: Indent: Left: 0 pt, First
line: 0 pt, Tab stops: Not at 21.6 pt
2023-01-3008-25
Style Definition: Heading 2: Font: Bold, Tab stops: Not
at 18 pt
ISO/IEC JTC 1/SC 27/WG 4
Style Definition: Heading 3: Font: Bold
Secretariat: ILNASDIN
Style Definition: Heading 4;h4: Font: Bold
Style Definition: Heading 5: Font: Bold
Information technology — Security techniques — Storage security
Style Definition: Heading 6: Font: Bold
Style Definition: ANNEX
Style Definition: AMEND Terms Heading: Font: Bold
Style Definition: AMEND Heading 1 Unnumbered:
Font: Bold
Style Definition: IneraTableMultiPar: Font: 12 pt,
Adjust space between Latin and Asian text, Adjust
space between Asian text and numbers, Tab stops: Not
at 19.85 pt + 39.7 pt + 59.55 pt + 79.4 pt + 99.25 pt
+ 119.05 pt + 138.9 pt + 158.75 pt + 178.6 pt +
198.45 pt
Formatted: German (Germany)
Formatted: German (Germany)
Formatted: German (Germany)
Formatted: German (Germany)
Formatted: German (Germany)

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 27040:20222023(E)
Formatted: Font: 11.5 pt
Formatted: Font: 11.5 pt
Formatted: Font: 11.5 pt
© ISO/IEC 2023
Formatted: Font: 11.5 pt
Formatted: No page break before, Adjust space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part
between Latin and Asian text, Adjust space between
of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or
Asian text and numbers
mechanical, including photocopying, or posting on the internet or an intranet, without prior written
permission. Permission can be requested from either ISO at the address below or ISO’sISO's member Formatted: Default Paragraph Font
body in the country of the requester.
Formatted: Default Paragraph Font
Formatted: Adjust space between Latin and Asian text,
ISO copyright officeCopyright Office
Adjust space between Asian text and numbers
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Phone: + 41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Published in Switzerland.
ii © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 27040:2023(E)
Formatted: Font: 11.5 pt
Formatted: Font: 11.5 pt
Formatted: Font: 11.5 pt
Contents
Foreword . vi
Introduction . viii
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
3.1 General . 10
3.2 Terms relating to storage technology . 10
3.3 Terms relating to sanitization . 12
3.4 Terms relating to availability . 14
3.5 Terms relating to security and cryptography . 14
3.6 Terms relating to archives and repositories . 15
3.7 Miscellaneous terms . 17
4 Symbols and abbreviated terms . 18
5 Structure of this document . 22
5.1 Clauses .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.