2017年10月29日 星期日

ISO27034-1 ONF, ANF

Organization Normative Framework (ONF)


the ONF is a company-wide repository of Application Security Controls (ASC) and processes. The organization can store and update ASCs in a central library caled an ASC Library, which is part of the ONF. The ONF also specifies how and when an application development project should use a particular security activity, such as conducting a penetration test.

Application Normative Framework (ANF)

The ANF is the set of ASCs and application security processes that apply to a particular application, based on its contexts, specifications (i.e. functional requirements or user stories) and its development & operational processes (a.k.a. application life cycle).

Referenced from https://blog.securitycompass.com/a-laymans-guide-to-the-iso-27034-17c72b91ae07


沒有留言:

張貼留言