Normenverzeichnis » Norm: ISO/IEC 27036-3

Zuletzt bearbeitet am 15.04.2024 um 10:27:28 durch Sachkunde24-Redaktion.
Name:
ISO/IEC 27036-3
Titel (Deutsch):
Cybersecurity - Lieferantenbeziehungen - Teil 3: Leitlinien für Hardware, Software und Dienstleistungslieferkettensicherheit
Titel (Englisch):
Cybersecurity - Supplier relationships - Part 3: Guidelines for hardware, software, and services supply chain security
letzte Aktualisierung:
:2023-06
letzte Aktualisierung:
01.06.2023
Seiten:
35

Funktionen

Systematik

Beschreibung

Vermerk: Hinweis auf ISO/IEC 27036 (ff.)

Contents

Foreword
Introduction

Scope

Normative references

Terms and definitions

Structure

Key concepts

  • Business case for hardware, software, and services supply chain security
  • Hardware, software, and services supply chain risks and associated threats
  • Acquirer and supplier relationship types
  • Organizational capability
  • System life cycle processes
  • ISMS processes in relation to system life cycle processes
  • ISMS controls in relation to hardware, software, and services supply chain security
  • Essential hardware, software, and services supply chain security practices

Hardware, software, and services supply chain security in life cycle processes

Agreement processes

  • Acquisition process
  • Supply process

Organizational project-enabling processes

  • Life cycle model management process
  • Infrastructure management process
  • Project portfolio management process
  • Human resource management process
  • Quality management process
  • Knowledge management process

Technical management processes

  • Project planning process
  • Project assessment and control process
  • Decision management process
  • Risk management process
  • Configuration management process
  • Information management process
  • Measurement process
  • Quality assurance process

Technical processes

  • Business or mission analysis process
  • Stakeholder needs and requirements definition process
  • System requirements definition process
  • System architecture definition process
  • Design definition process
  • System analysis process
  • Implementation process
  • Integration process
    ​- Verification process
  • Transition process
  • Validation process
  • Operation process
  • Maintenance process
  • Disposal process

Correspondence between the controls in and this document (informative)

Essential elements of a software bill of materials (informative)

General

  • Overview
  • Audience

Essential SBoM elements

  • Overview
  • Author
  • Timestamp
  • Life cycle
  • Supplier name
  • Component name
  • Version
  • Cryptographic hash
  • Unique identifier
  • Relationship
  • Source

Essential SBoM processes

  • Overview
  • Frequency
  • Depth and extent
  • Availability
  • Errors in SBoMs
  • Non-repudiation

Bibliography