Organization Normative Framework (ONF)
the ONF is a company-wide repository of Application Security Controls (ASC) and processes. The organization can store and update ASCs in a central library caled an ASC Library, which is part of the ONF. The ONF also specifies how and when an application development project should use a particular security activity, such as conducting a penetration test.
Application Normative Framework (ANF)
The ANF is the set of ASCs and application security processes that apply to a particular application, based on its contexts, specifications (i.e. functional requirements or user stories) and its development & operational processes (a.k.a. application life cycle).
Referenced from https://blog.securitycompass.com/a-laymans-guide-to-the-iso-27034-17c72b91ae07
沒有留言:
張貼留言