ISO/IEC TS 27008:2019 信息技术 安全技术 信息安全控制的评估指南

标准编号：ISO/IEC TS 27008:2019

中文名称：信息技术 安全技术 信息安全控制的评估指南

英文名称：Information technology — Security techniques — Guidelines for the assessment of information security controls

发布日期：2019-01

标准范围

ISO/IEC TS 27008:2019本文件为审查和评估信息安全控制的实施和操作提供了指导，包括信息系统控制的技术评估，以符合组织既定的信息安全要求，包括技术符合基于组织制定的信息安全要求的评估标准。本文件就如何审查和评估通过ISO/IEC 27001规定的信息安全管理系统管理的信息安全控制提供了指导。它适用于所有类型和规模的组织，包括公共和私营公司、政府实体以及进行信息安全审查和技术合规性检查的非营利组织。

ISO/IEC TS 27008:2019 This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization's established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization.
This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001.
It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.

标准预览图