Table of Contents

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Structure of this standard
5 Key concepts
6 ICT supply chain security in Lifecycle Processes
Annex A (informative) - Summary of Supply and Acquisition
        Processes from ISO/IEC 15288 and ISO/IEC 12207
Annex B (informative) - Clause 6 mapping to ISO/IEC 27002
Bibliography

Abstract

Gives product and service acquirers and suppliers in ICT supply chain with guidance on: a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered ICT supply chains; b) responding to risks stemming from the global ICT supply chain to ICT products and services that can have an information security impact on the organizations using these products and services. These risks can be related to organizational as well as technical aspects (e.g. insertion of malicious code or presence of the counterfeit information technology (IT) products); and c) integrating information security processes and practices into the system and software lifecycle processes, described in ISO/IEC 15288 and ISO/IEC 12207, while supporting information security controls, described in ISO/IEC 27002.

General Product Information

Published
Document Type	Standard
Status	Current
Publisher	International Organization for Standardization
Pages
ISBN
Committee	JTC 1