| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 7<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 4 Structure of this standard 5 Key concepts 5.1 Business case for hardware, software, and services supply chain security <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 5.2 Hardware, software, and services supply chain risks and associated threats 5.3 Acquirer and supplier relationship types <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 5.4 Organizational capability 5.5 System life cycle processes <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 5.6 ISMS processes in relation to system life cycle processes <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 5.7 ISMS information security controls in relation to hardware, software, and services supply chain security 5.8 Essential hardware, software, and services supply chain security practices <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 6 Hardware, software, and services supply chain security in life cycle processes 6.1 Agreement processes 6.1.1 Acquisition process <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 6.1.2 Supply process <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 6.2 Organizational project-enabling processes 6.2.1 Life cycle model management process 6.2.2 Infrastructure management process <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 6.2.3 Project portfolio management process 6.2.4 Human resource management process <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 6.2.5 Quality management process 6.2.6 Knowledge management process <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 6.3 Technical management processes 6.3.1 Project planning process 6.3.2 Project assessment and control process 6.3.3 Decision management process <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 6.3.4 Risk management process 6.3.5 Configuration management process <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 6.3.6 Information management process 6.3.7 Measurement process 6.3.8 Quality assurance process <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 6.4 Technical processes 6.4.1 Business or mission analysis process 6.4.2 Stakeholder needs and requirements definition process <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 6.4.3 System requirements definition process 6.4.4 Architecture definition process <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 6.4.5 Design definition process <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 6.4.6 System analysis process 6.4.7 Implementation process <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 6.4.8 Integration process 6.4.9 Verification process <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 6.4.10 Transition process <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 6.4.11 Validation process <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 6.4.12 Operation process 6.4.13 Maintenance process <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 6.4.14 Disposal process <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | Annex\u00a0A (informative) Summary of Supply and Acquisition Processes from ISO\/IEC\u00a015288 and ISO\/IEC\u00a012207 <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | Annex\u00a0B (informative) Correspondence between ISO\/IEC\u00a027002 controls and ISO\/IEC\u00a027036-3 subclauses <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Annex\u00a0C (informative) Essential elements of a software bill of materials (SBoM) <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" BS ISO\/IEC 27036-3. Cybersecurity. Supplier relationships – Part 3. Guidelines for information and communication technology supply chain security<\/b><\/p>\n |