BSI PD ISO/IEC TR 6114:2023

$198.66

Cybersecurity. Security considerations throughout the product life cycle

Published By	Publication Date	Number of Pages
BSI	2023	54

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages	PDF Title
2	undefined
7	Foreword
8	Introduction
9	1 Scope 2 Normative references 3 Terms and definitions
10	4 Abbreviated terms
11	5 Security considerations throughout the product life cycle 5.1 Security considerations throughout the product life cycle overview
13	5.2 Information and communication technology threat model 5.3 Classes of threats 5.4 Structure of the report
14	6 Phase 1: Concept 6.1 General 6.2 Summary of concept threats and controls 6.2.1 Workflow toolchain tampering
15	6.2.2 Unauthorized operations 6.2.3 Integrity faults 6.2.4 Theft or loss 7 Phase 2: Development 7.1 General 7.2 Summary of development threats and controls 7.2.1 Attacks on development tools and/or network 7.2.2 Malicious embedded firmware
16	7.2.3 Malicious hardware 7.2.4 Malicious software (driver) 7.2.5 Counterfeit
17	8 Phase 3: Source and manufacture 8.1 General 8.2 Source 8.3 Manufacture 8.4 Summary of production threats and controls 8.4.1 Attack on production tools, data exchange tools and/or network 8.4.2 Unauthorized disclosure
18	8.4.3 Reverse engineering / theft of design 8.4.4 Improper system settings 8.4.5 Design alteration 8.4.6 Insertion of malicious and/or counterfeit components
19	8.4.7 Falsification of test results 8.4.8 Product theft 8.4.9 Code insertion or replacement (firmware, operating system, software) 8.4.10 System replacement (spoof device)
20	9 Phase 4: Transport 9.1 General 9.2 Summary of production threats and controls 9.2.1 Product theft 9.2.2 Code insertion or replacement (firmware, operating system, software) 9.2.3 Insertion of malicious components 9.2.4 System replacement (spoof device) 9.2.5 Physical attack in storage and transit 10 Phase 5: Utilization and support 10.1 General
21	10.2 Provision 10.3 Utilization 10.4 Support 10.5 Summary of utilization threats and controls 10.5.1 Unknown provenance 10.5.2 Spoofed system (replaced system)
22	10.5.3 Undetected tampering 10.5.4 Build data store tampering 10.5.5 Non-current device/product (firmware, operation system, application, drivers) 10.5.6 Unauthorized changes (firmware, operating system, software) 10.5.7 Unauthorized component swap
23	10.5.8 Insertion or replacement with malicious component 10.5.9 Product data store tampering 11 Phase 6: Retirement 11.1 General 11.2 Summary of retirement threats and controls 11.2.1 Inaccurate hardware return
24	11.2.2 Incomplete data removal
25	Annex A (informative) Product security threat mapping to SCLC phases
29	Annex B (informative) Typical threats for hardware
38	Annex C (informative) Typical threats for software
44	Annex D (informative) Typical threats for data
48	Annex E (informative) Use of tagalongs
49	Annex F (informative) Software tampering
52	Bibliography

Status

Definitive

Pages

Publication Date

2023-10-18

ISBN

978 0 539 16029 1

Standard Number

PD ISO/IEC TR 6114:2023

Title

Cybersecurity. Security considerations throughout the product life cycle

Identical National Standard Of

ISO/IEC/TR 6114

Descriptors

Security personnel, Products, Life cycle, Digital signatures, Computer hardware, Hardware (computers), Computer communication, Computers, Information technology, Communication technology

Publisher

BSI

Committee

IST/33

ICS Codes

35.030 - IT Security


PDF Format	Searchable	Printable	Preview Now

BSI PD ISO/IEC TR 6114:2023

PDF Catalog

Related products