Building Bridges of Security, Sovereignty and Trust in Business and Industry 27th Edition | Page 10

Building Trust in the Security of Software
NIST National Cybersecurity Framework Function Description Use of ISO / IEC 5055
Govern
Organizational Context Risk Management Strategy
ISO 5055 based assurance strategy
Roles, Responsibilities, Authorities
Policy
Maximum ISO 5055-based weakness thresholds
Identity
Protect
Oversight
Cybersecurity Supply Chain Risk Management
Asset Management
Risk Management
Improvement
Identity Mgt., Authentication, and Access Control
Awareness and Training
Data Security
Platform Security Technology Infrastructure Resilience
ISO 5055-based thresholds for supplier software
Sustaining ISO 5055-based assurance procedures
ISO 5055-based assurance procedures
ISO 5055-based remediation plans and activities
Training on ISO 5055 weaknesses
Eliminate ISO 5055 Security weaknesses
Detect Continuous Monitoring Continual ISO 5055-based analyses Adverse Event Analysis
Determine if ISO 5055 weakness involved
Respond
Incident Management
Incident Analysis
Incident Response Reporting and Communication
Incident Mitigation
Root cause analysis of ISO 5055- based weakness
Record and discuss ISO 5055 weakness
Repair ISO 5055 weaknesses
Journal of Innovation 5