ISO/IEC TS 27115
ISO/IEC TS 27115 — Cybersecurity evaluation of complex systems — Introduction and framework overview
(DRAFT)
Abstract
ISO/IEC TS 27115 "provides the foundations and concepts for the cybersecurity evaluation of complex systems.
Two frameworks are defined:
The first is used to specify the cybersecurity of a complex system, including system of systems.
The second is used to evaluate the corresponding cybersecurity solutions.
The frameworks use basic architecture concepts:
to enable description of reference or solution cybersecurity architectures;
to support model-based, comprehensive and scalable security solutions and their evaluation; and
to allow for the definition of architecture-based cybersecurity profiles (ACP) and hierarchies of profiles.”
[Source: ISO.org info page]
Introduction
??
Scope
??
Structure
??
Status
The standard development project commenced way back in 2023 ... and is currently still at Working Draft stage.
It is due to be published in 2026 or 2027.
Maybe.
Commentary
This is all Greek to me.
For clues, sneak a peek at ISO TS 22375:2018 “Security and resilience — Guidelines for complexity assessment process”.