Skip to content
Please enter a keyword to search

  • ISO/IEC 27034-7:2018

    Current The latest, up-to-date edition.

    Information technology — Application security — Part 7: Assurance prediction framework

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  22-05-2018

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    This document describes the minimum requirements when the required activities specified by an Application Security Control (ASC) are replaced with a Prediction Application Security Rationale (PASR). The ASC mapped to a PASR define the Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated ASC to achieve an Actual Level of Trust.

    The use of Prediction Application Security Rationales (PASRs), defined by this document, is applicable to project teams which have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust.

    Predictions relative to aggregation of multiple components or the history of the developer in relation to other applications is outside the scope of this document.

    General Product Information - (Show below) - (Hide below)

    Committee ISO/IEC JTC 1/SC 27
    Document Type Standard
    Publisher International Organization for Standardization
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC/IEEE 29119-1:2013 Software and systems engineering Software testing Part 1: Concepts and definitions
    ISO/IEC 27034-1:2011 Information technology — Security techniques — Application security — Part 1: Overview and concepts
    ISO/IEC 19770-5:2015 Information technology — IT asset management — Part 5: Overview and vocabulary
    ISO/IEC 19770-2:2015 Information technology IT asset management Part 2: Software identification tag
    ISO/IEC 20009-1:2013 Information technology — Security techniques — Anonymous entity authentication — Part 1: General
    ISO/IEC 90003:2014 Software engineering Guidelines for the application of ISO 9001:2008 to computer software
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective