ISO/IEC 27036-3:2023-网络安全.供应商关系.第3部分:硬件、软件和服务供应链安全指南-国家数字标准馆

现行 ISO/IEC 27036-3:2023

到馆阅读

收藏跟踪

购买正版

Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security 网络安全.供应商关系.第3部分:硬件、软件和服务供应链安全指南

发布日期： 2023-06-13

本文档为产品和服务收购方以及硬件、软件和服务供应商提供了以下方面的指导:
A）？了解并管理由物理上分散的多层硬件、软件和服务供应链引起的信息安全风险；
b）？应对源自这种物理上分散的多层硬件、软件和服务供应链的风险，这些风险可能会对使用这些产品和服务的组织产生信息安全影响；
c）？将信息安全流程和实践集成到系统和软件生命周期流程中，如ISO/IEC/IEEE 15288和ISO/IEC/IEEE？12207，同时支持信息安全控制，如ISO/IEC？27002.
本文档不包括硬件、软件和服务供应链中涉及的业务连续性管理/弹性问题。ISO/IEC 27031解决了信息和通信技术为业务连续性做好准备的问题。

This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a)？gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b)？responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c)？integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE？12207, while supporting information security controls, as described in ISO/IEC？27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.

分类信息

发布单位或类别：国际组织-国际标准化组织

关联关系

研制信息

归口单位： ISO/IEC JTC 1/SC 27

相似标准/计划/法规

现行

GOST R 59215-2020

Информационные технологии. Методы и средства обеспечения безопасности. Информационная безопасность во взаимоотношениях с поставщиками. Часть 3. Рекомендации по обеспечению безопасности цепи поставок информационных и коммуникационных технологий
信息技术安全技术供应商关系信息安全第3部分:信息和通信技术供应链安全导则