ISO/IEC 27034-7:2018 信息技术 应用安全 第7部分：保证预测框架

标准编号：ISO/IEC 27034-7:2018

中文名称：信息技术 应用安全 第7部分：保证预测框架

英文名称：Information technology — Application security — Part 7: Assurance prediction framework

发布日期：2018-05

标准范围

ISO/IEC 27034-7:20 18本文档描述了当应用程序安全控制（ASC）指定的所需活动被预测应用程序安全基本原理（PASR）取代时的最低要求。映射到PASR的ASC定义了后续应用程序的预期信任级别。在预期信任级别的上下文中，总是有一个原始应用程序，其中项目团队执行指示的ASC的活动以实现实际的信任级别。本文档定义的预测应用程序安全原理（PASR）的使用适用于具有定义的应用程序规范框架（ANF）和具有实际信任级别的原始应用程序的项目团队。与多个组件的聚合相关的预测或与其他应用程序相关的开发人员的历史超出了本文档的范围。

ISO/IEC 27034-7:2018 This document describes the minimum requirements when the required activities specified by an Application Security Control (ASC) are replaced with a Prediction Application Security Rationale (PASR). The ASC mapped to a PASR define the Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated ASC to achieve an Actual Level of Trust.
The use of Prediction Application Security Rationales (PASRs), defined by this document, is applicable to project teams which have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust.
Predictions relative to aggregation of multiple components or the history of the developer in relation to other applications is outside the scope of this document.

标准预览图