ISO/IEC TR 6114:2023 网络安全 贯穿整个产品生命周期的安全考虑事项

标准编号：ISO/IEC TR 6114:2023

中文名称：网络安全 贯穿整个产品生命周期的安全考虑事项

英文名称：Cybersecurity — Security considerations throughout the product life cycle

发布日期：2023-10

标准范围

ISO/IEC TR 6114:2023本文档描述了整个产品生命周期(SCLC)中的安全考虑因素，SCLC是一个跨越整个信息和通信技术(ICT)产品生命周期的框架。该框架的目的是协调行业，并在ICT产品生命周期的每个阶段为客户带来更大的透明度。本文件为供应商、最终用户（消费者）、ICT供应链中介、服务提供商和监管机构描述了以下项目:-界定信通技术产品生命周期从概念到报废的各个阶段；-生命周期每个阶段可能存在的威胁媒介；-针对这些威胁媒介的潜在控制。本文档的目标受众是ICT产品的供应商和消费者，包括整个供应链中的所有参与者，如硅芯片设计商、制造商、产品组装商、物流提供商、服务提供商和信息安全组织。第5至11条针对组织的战略和风险管理团队。本文档提供了每个阶段威胁的端到端视图，以帮助组织制定其计划、程序和策略。

ISO/IEC TR 6114:2023 This document describes security considerations throughout the product life cycle (SCLC), which is a framework that spans the entire information and communications technology (ICT) product life cycle. The aim of the framework is to align the industry and bring greater transparency to customers at every point on the ICT product life cycle.
This document describes the following items for suppliers, end users (consumers), intermediaries of the ICT supply chain, service providers, and regulators:
- definition of phases in the ICT product life cycle from concept to retirement;
- threat vectors possible in each phase of the life cycle;
- potential controls against those threat vectors.
The target audiences of this document are suppliers and consumers of ICT products, including all participants throughout the supply chain such as silicon chip designers, fabricators, product assemblers, logistics providers, service providers, and information security organizations. Clauses 5 to 11 target an organization’s strategic and risk management teams. This document provides an end-to-end view of the threats in each phase to help the organization shape their plans, procedures and policies.

标准预览图