UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

CEN - EN ISO/IEC 30111

Information technology - Security techniques - Vulnerability handling processes

active, Most Current
Organization: CEN
Publication Date: 1 May 2020
Status: active
Page Count: 22
ICS Code (IT Security): 35.030
scope:

This document provides requirements and recommendations for how to process and remediate reported potential vulnerabilities in a product or service.

This document is applicable to vendors involved in handling vulnerabilities.

Document History

EN ISO/IEC 30111
May 1, 2020
Information technology - Security techniques - Vulnerability handling processes
This document provides requirements and recommendations for how to process and remediate reported potential vulnerabilities in a product or service. This document is applicable to vendors involved...

References

This document references:
ISO 28001 - Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance
Published by ISO on October 15, 2007
This International Standard provides requirements and guidance for organizations in international supply chains to — develop and implement supply chain security processes; — establish and document a...
This document references:
ISO/IEC 15408-3 - Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components
Published by ISO on August 15, 2008
This part of ISO/IEC 15408 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance for component TOEs, the...
This document references:
ISO/IEC 19770-2 - Information technology - Software asset management - Part 2: Software identification tag
Published by ISO on October 1, 2015
This part of ISO/IEC 19770 establishes specifications for tagging software to optimize its identification and management. This part of ISO/IEC 19770 applies to the following. a) Tag producers: these...
This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27034-1 - Information technology - Security techniques - Application security - Part 1: Overview and concepts TECHNICAL CORRIGENDUM 1
Published by ISO on January 15, 2014
A description is not available for this item.
This document is referenced by:
SN EN ISO/IEC 29147 - Information technology - Security techniques - Vulnerability disclosure
Published by SNV on November 1, 2020
This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical...
This document is referenced by:
NEN-ISO/IEC 27402 - Cybersecurity - IoT security and privacy - Device baseline requirements
Published by NEN on November 1, 2023
This document provides baseline ICT requirements for IoT devices to support security and privacy controls.
View Less
View All
Advertisement