ISO IEC TS 27110-2021.docx

ISO/IECTSTECHNICA1.27110SPECIFICATIONeditionFirst2021-02Informationtechno1.ogy,cybersecurityandprivacyprotection一Cybersecurityframeworkdeve1.opmentguide1.inesSecuritede!'information,CybersecuriteetprotectiondeIavieprivee1.ignesdirectricesre1.ativesa!'e1.aborationd'uncadreenmaturedecybersecurityISO/IECTS丽耐博J©ISO/IEC2021COPYRIGHTPROTECTEDDOCUMENT©IS0/1EC2021M11c<he<ivdi1.itedotherwiseS1.Rnrirftuw!<>rryH可11cho。城et1.u1.IOHai(Xt)Iinra”;ItmUrphrti<>mtoccPXin品ptittjc；ItmnPOstingontheinternetoranInunnu1.withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOatUieaddressbe1.oworISO*smemberhodyinthecountryoftherrcucstcr.三cB1.andonnct8r,GenevaPhone:t41227490111辆jtc:用洲部砾o.orgPub1.ishedinSwitzer1.andContentsConcepts35.1Genera1.3IntroductionCScone.v13Normativereferences14Termsanddefinitions1cOverview1Respond-.62324r)CreatingacybersecurityframeworkAnnexA(informative)ConsiderationsinthecreationofacybersecurityframeworkAnnexB(informative)ConsiderationsintheintegrationofacybersecurityframeworkBib1.iographyForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(ironnwm&MiJformISOthBjififiqJatetwtfd1.bpn1.entstaf1.tiajt¾itona1.NStandirdsbodiesthttaughmitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Othernj11adonaramationsrgovernmenta1.andnon-governmenta1.,in1.iaisonwithISOand1EC,a1.soTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceare咽的阳Hg节es1.9tfBMJ映丽F4o屈甲融飒群曲曲q用珞脸COE晶帆edcdtheeditoria1.ru1.esofthe1SOIECDirectives.Part2(seewww.iso.org/direc1.ives).曲蹴的ig袒Wn用补品陆趣IJi烟标a依曲帆俄强精MC曲廨蜘的眦%y能嘱网删Ubjeetrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentot4h4oinktwMbeintheIntroductionand/orontheISO1.istofPa1.eHVkFUonsreceived(seewww.iso.org/pa1.ents)ortheIEC1.istofpatentdec1.arationsreceived(seePaterHSjeCCh).nytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.tp侬SiOnSeX岬EtbcfC(WbwftMya三nRnt,ofChdards,thftnnQ11ng血outISSpodtiaif1.mmhihdWoHd存Organization(VVrTO)princip1.esintheTechnica1.BarrierstoTrade(TBT)1seewww.iso.org/iso/foreword.htm1.Sgftft¼喉gSC祕A碎/g<y斑僦i超叫B“CumWcHMMifg创So/IEeeC"on.nbrmhontechno1.ogy.Anyfeedbackorquestionsonthisdocumentshou1.dbedirectedtotheuser,snationa1.standardsbody.Acomp1.ete1.istingofthesebodiescanbefoundatwww.iso.org/members.1.Hm1.IntroductionbMbnwp卬wiRm!Cybersecurityisapressingissueduetotheuseofconnectedtechno1.ogies.Cyberthreatsarecontinua1.1.ydes)11>iithtionsOrgairisxuDjnspbo1.1.angffe1.oopDiwithandhM)bhcdUmfce,cybersecurityframeworkstohe1.porganizeandcommunicatecybersecurityactivitiesoforganizations.ngedwi啊股Bf捌醐露廉期g帝啷娜螂恕tua1.Theseorganizationsproducingthecybersecurityframeworksarereferredtoas"cybersecurityframework序跳鼾SjCyfii1.嵋?UrityO幅1.ffi)nsandindividua1.sthenuseorreferencethecybersecurityGiventhattherearcmu1.tip1.ecybersecurityframeworkcreators,therearcamu1.titudeofcybersecuritystructurestomeethcirrcqunenicnts.Thesecybersecurityframeworksthenbecomecompetinginterestsforfiniteresources.Theadditiona1.effortcou1.dbebetterspentimp1.ementingcybersecurityandcombatingthreats.Thegoa1.ofthisdocumentistoensureaminimumsetofconceptsareusedtodefinecybersecurityframeworkstohe1.peasetheburdenofcybersecurityframeworkcreatorsandcybersecurityframeworkusers.Asthisdocument1.imitsitse1.fwithaminimumsetofconcepts,its1.engthiskepttoaminimumonpurpose.Thisdocumentisnotintendedtosupersedeorrep1.acetherequirementsofanISMSgiveninISO1EC27001.Theprincip1.esofthisdocumentareasfo1.1.ows： exib1.etoa1.1.owformu1.tip1.etypesofcybersecurityframeworkstoexist; compatib1.etoa1.1.owformu1.tip1.ecybersecurityframeworkstoa1.ign;and interoperab1.e-toa1.1.owformu1.tip1.eusesofacybersecurityframeworktobeva1.id.Theaudienceofthisdocumentiscybersecurityframeworkcreators.Informationtechno1.ogy,cybersecurityandprivacyprotectionCybersecurityframeworkdeve1.opmentguide1.ines1ScopeThisdocumentspecifiesguide1.inesfordeve1.opingacybersecurityframework.Itisapp1.icab1.eto¾NoFanatiyetr,Irerferetocestorsregard1.essoftheirorganizations*type,sizeornature.加剧皿网&佝症曜西Shisr电晒内©nt.此F场因HnrCfM曲:设硼2a."diQbnaia独邸P1.iCS.国entundatedreferences,the1.atesteditionofthereferenceddocument(inc1.udinganyamendments)app1.ies.南了啖2却叫cw用MWjOnM腋脱愣SecuritytechniquesInformationsecuritymanagementISO/IECTS27100.Informationtechno1.ogyCybersecurityOverviewandconcepts3TermsanddefinitionsForthepurposesofthisdocument,thetennsanddefinitionsgiveninISO/IEC27000,ISO/IECTS2