ISO/IEC 27034-5
ISO/IEC 27034-5:2017 — Information technology — Security techniques — Application security — Part 5: Protocols and application security controls data structure
(first edition)
Abstract
ISO/IEC 27034 part 5 "outlines and explains the minimal set of essential attributes of Application Security Contorls (ASCs) and details the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM).”
Source: ISO/IEC 27034-5:2017]
Introduction
The ability to share and reuse properly specified, developed and assured application security functions is a powerful, efficient and effective approach to software development.
Scope
Part 5 facilitates the establishment of libraries of reusable application security functions that may be shared both within and between organisations.
Structure
Main sections:
5: Application Security Control Structure
6: Application Security Life Cycle Reference Model
7: ASC Package
Status
The current first edition of part 5 was published in 2017 and confirmed in 2023.
Commentary
Part 5 facilitates the implementation of the ISO/IEC 27034 application security framework and the communication and exchange of ASCs by defining a formal structure for ASCs and certain other components of the framework.
It defines the Application Security Controls data structure, providing requirements, descriptions, graphical representations and XML schema for the data model.
The XML schema, based on ISO/TS 15000 “Electronic business eXtensible Markup Language ebXML”, is designated as the standard interchange format for ASCs. It lays out a minimal set of essential attributes of ASCs and the Application Security Life Cycle Reference Model.
Note: the accompanying standard ISO/IEC TS 27034-5-1:2018 — Information technology — Security techniques — Application security — Part 5-1: Protocols and application security controls data structure, XML schemas (first edition) "defines XML Schemas that implement the minimal set of information requirements and essential attributes of ASCs and the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM) from ISO/IEC 27034-5.”
[Source: ISO/IEC 27034-5-1:2018]