Standards

The services of VulDB are able to help you address and fulfil your requirements for a wide range of IT and security standards:

International

ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements

  • Chapter 6.5: Asset Management
  • Chapter 6.9.6: Technical Vulnerability Management
ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection - Information security controls

  • Chapter 8.1.1: Inventory of Assets
  • Chapter 8.2: Information Classification
  • Chapter 12.1.2: Change Management
  • Chapter 12.6: Technical Vulnerability Management
  • Chapter 14.2.2: System Change Control Procedures
  • Chapter 14.2.8: System Security Testing
  • Chapter 15: Information Security in Supplier Relationships
  • Chapter 16: Management of Information Security Incidents and Improvements
ISO/IEC 27017:2015 - Information technology - Security techniques - Code of practice for information security controls for cloud services

  • Chapter 12: Operations security
  • Chapter 14: System acquisition, development and maintenance
  • Chapter 16: Information security incident management
ISO/IEC 29147:2018 - Information technology - Security techniques - Vulnerability disclosure

  • Chapter 5.6: Vulnerability handling process summary
  • Chapter 5.7: Information exchange during vulnerability disclosure
  • Chapter 5.8: Confidentiality of exchanged information
  • Chapter 5.9: Vulnerability advisories
  • Chapter 5.10: Vulnerability exploitation
  • Chapter 5.11: Vulnerabilities and risk
  • Chapter 6: Receiving vulnerability reports
  • Chapter 7: Publishing vulnerability advisories
  • Chapter 8: Coordination
  • Chapter 9: Vulnerability disclosure policy

USA - United States of America

ANSI/AAMI SW96:2023

  • Chapter 1: Security Risk Analysis
  • Chapter 2: Security Risk Evaluation
  • Chapter 3: Security Risk Control
  • Chapter 4: Evaluation of Overall Security Residual Risk Acceptability
  • Chapter 5: Securit Risk Management Review
  • Chapter 6: Production and Post-Production Activities
CISA Cyber Resilience Review Supplemental Resource Guides

  • Chapter 3.4: Threat Intelligence Input
Postmarket Management of Cybersecurity in Medical Devices

  • Chapter VI: Medical Device Cybersecurity Risk Management
  • Chapter VII: Remediating and Reporting Cybersecurity Vulnerabilities
  • Chapter X: Elements of an Effective Postmarket Cybersecurity Program

Australia

Medical device cyber security guidance for industry

  • Pre-market Guidance
  • Post-market Guidance

EU - European Union

Directive (EU) 2022/2555 NIS2 - Measures for a high common level of cybersecurity across the Union

  • Article 11: Requirements, technical capabilities and tasks of CSIRTs
  • Article 12: Coordinated vulnerability disclosure and a European vulnerability database
  • Article 29: Cybersecurity information-sharing arrangements
TIBER-EU - Guidance for Target Threat Intelligence Report

  • Volume 4: Vulnerability Management
ETSI EN 303 645

  • Chapter 5.3: Keep software updated

Germany

Technische Richtlinie TR-03185: Sicherer Software-Lebenszyklus

  • Kapitel 3.1.5: Patch- und Änderungsmanagement
  • Kapitel 3.2.3.3: Bedrohungsmodellierung
  • Kapitel 3.2.4.1: Patches und Updates
  • Kapitel 3.2.6: Schwachstellenmanagement

Switzerland

SR 235.11: DSV - Datenschutzverordnung

  • Art. 3: Technische und organisatorische Massnahmen

Обновлено: 17.09.2024 по VulDB Documentation Team

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!