top of page

ISO/IEC 27033-2

ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security

(first edition)

Abstract

ISO/IEC 27033 part 2 “gives guidelines for organizations to plan, design, implement and document network security.”


[Source: ISO/IEC 27033-2:2012]

Introduction

Part 2 revised and replaced ISO/IEC 18028 part 2.


Defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology.

Scope

Planning, designing, implementing and documenting network security.


Objective: “to define how organisations should achieve quality network technical security architectures, designs and implementations that will ensure network security appropriate to their business environments, using a consistent approach to the planning, design and implementation of network security, as relevant aided by the use of models/frameworks. (In this context, a model/framework is used to outline a representation or description showing the structure and high level workings of a type of technical security architecture/design)”.

Structure

Main sections:

  • 6: Preparing for design of network security

  • 7: Design of network security

  • 8: Implementation

  • Annex A: Cross-references between ISO/IEC 27001:2005/ISO/IEC 27002:2005 network security related controls and ISO/IEC 27033-2:2012 clauses

  • Annex B: Example documentation templates

  • Annex C: ITU-T X.805 framework and ISO/IEC 27001:2005 control mapping

Status

The  current first edition of part 2 was published in 2012.


It was confirmed unchanged in 2018.

Commentary

  • Defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology.

  • Serves as a foundation for detailed recommendations on end-to-end network security.

  • Covers risks, design, techniques and control issues.

  • Refers to other parts of ISO/IEC 27033 for more specific guidance.

This page last updated:

2 November 2025

© 2025 IsecT Limited 

 

  • Link
  • LinkedIn
bottom of page