Publication CODE |
Title |
ISO/IEC 27036-3:2023 (2023-06) |
CYBERSECURITY - SUPPLIER RELATIONSHIPS - PART 3: GUIDELINES FOR HARDWARE, SOFTWARE, AND SERVICES SUPPLY CHAIN SECURITY |
|
Price Excl. VAT |
Total number of pages, tables and drawings |
160.00 €
|
34. |
Description
ISO/IEC 27036-3:2023 This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.
|
Class |
C990
(IEC PUBLICATIONS IEC PUBLICATIONS)
|
Status |
IEC PUBLICATION |
Situation |
Currently active
|
|
Committee |
ISO/IEC JTC 1/SC 27
IT SECURITY TECHNIQUES
|
BEC Approval |
2023-06-13 |
ICS-Code (International Standards Classification) |
35.030
|
NBN Status |
New |
|
IEC publication date |
2023-06-13 |
IEC file modification date |
2023-06-19 |
IEC last modification date |
2023-06-19 |
|