ISO/IEC 27036-3:2023

Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security

Датум објављивања: 13. 6. 2023.

Опште информације

Тренутна фаза: 60.60 Effective date: 13. 6. 2023.

Иницијатор: ISO/IEC

Припада: ISO/IEC JTC 1/SC 27

Врста: Међународни стандард

ICS: 35.030

Језик: енглески

Куповина

Статус: Објављен

PDF

Папир

PDF и папир

Језик

Језик на коме желите да примите документ.

Апстракт

This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a)    gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b)    responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c)    integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.

Животни циклус

ПРЕТХОДНО

ПОВУЧЕН
ISO/IEC 27036-3:2013

ТРЕНУТНО

ОБЈАВЉЕН
ISO/IEC 27036-3:2023
60.60 Стандард објављен
13. 6. 2023.

Национална преузимања

SRPS ISO/IEC 27036-3:2023

ISS

Сајбер безбедност – Односи са испоручиоцима – Део 3: Смернице за безбедност ланца снабдевања хардвером, софтвером и услугама

60.60 Стандард објављен

I224 Сазнај више