1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 27034-1-2011

ISO IEC 27034-1-2011 PDF

St ISO IEC 27034-1-2011

Name in English:
St ISO IEC 27034-1-2011

Name in Russian:
Ст ISO IEC 27034-1-2011

Description in English:

Original standard ISO IEC 27034-1-2011 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 27034-1-2011 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25989
Choose Document Language:
€25

Full title and description

Information technology — Security techniques — Application security — Part 1: Overview and concepts. ISO/IEC 27034-1:2011 provides an overview of application security by introducing definitions, concepts, principles and high-level processes to help organisations integrate security into the lifecycle and management of applications.

Abstract

ISO/IEC 27034-1 describes the purpose and scope of the ISO/IEC 27034 series and introduces the basic concepts, terminology and principles for application security. It is intended to help organisations ensure that applications meet their required security objectives whether developed in-house, acquired from third parties or outsourced.

General information

  • Status: Published (confirmed at periodic review; remains current as listed by ISO).
  • Publication date: November 2011 (Edition 1).
  • Publisher: International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) via JTC 1/SC 27.
  • ICS / categories: 35.030 (IT security).
  • Edition / version: 1 (2011); a Technical Corrigendum (Cor 1) was issued in January 2014.
  • Number of pages: 67 (main publication).

Scope

Provides an overview and conceptual foundation for the application security framework described across the ISO/IEC 27034 series. It sets out the objectives, terminology and high-level processes for integrating security into application lifecycle activities and clarifies applicability to in‑house development, third‑party acquisitions and outsourced development or operation.

Key topics and requirements

  • Definitions and core concepts of application security (roles, responsibilities, assets, threats and risk context).
  • Principles for integrating security into application lifecycle and management processes.
  • High‑level description of the Application Normative Framework (ANF) and Application Security Controls (ASCs) concept used across the series.
  • Guidance on applicability (in‑house, third‑party, outsourced) and how the standard complements existing SDLC approaches.
  • Reference to governance, roles and the management processes that are detailed in subsequent parts (e.g., Parts 2 and 3).

Typical use and users

Used as a conceptual reference and starting point by security architects, IT managers, software development leads, procurement and vendor managers, auditors and compliance teams to design or evaluate an organisation’s approach to application security. It is also useful for consultants and trainers who implement or teach application security governance and process integration.

Related standards

ISO/IEC 27034 is a multipart series. Key related parts include: ISO/IEC 27034-2:2015 — Organization normative framework (implementation guidance). ISO/IEC 27034-3:2018 — Application security management process (detailed process guidance). ISO/IEC 27034-5:2017 — Protocols and application security controls data structure (ASC data model). ISO/IEC 27034-6:2016 — Case studies (examples of ASCs and usage). ISO/IEC 27034-7:2018 — Assurance prediction framework. Note: work on Part 4 (validation/verification) has been progressed in draft form and at times withdrawn or suspended; it does not appear as a stable published part in the same way as the others.

Keywords

application security, AS, Application Security Controls (ASC), Application Normative Framework (ANF), application security lifecycle, application security management, verification, assurance, ISO/IEC 27034.

FAQ

Q: What is this standard?

A: ISO/IEC 27034-1:2011 is the overview and concepts part of the ISO/IEC 27034 series that introduces the terminology, principles and high‑level approach for application security.

Q: What does it cover?

A: It covers conceptual definitions, objectives and high‑level guidance for integrating security into application lifecycle and management processes; it does not prescribe detailed technical controls (those topics are expanded in other parts of the series).

Q: Who typically uses it?

A: Security architects, IT and development managers, procurement and vendor managers, auditors, consultants and others responsible for defining or governing application security processes.

Q: Is it current or superseded?

A: The 2011 edition (with Technical Corrigendum 1 issued January 2014) remains the published edition; ISO shows the document as reviewed/confirmed in periodic review and currently listed as published/confirmed. Users should check national or ISO catalogues for any later amendments before procurement.

Q: Is it part of a series?

A: Yes — ISO/IEC 27034 is a multipart series. Part 1 is the overview and concepts; Parts 2, 3, 5, 6 and 7 provide framework, process, data structures, case studies and assurance guidance respectively; Part 4 has seen draft activity and was not published as a stable part in the same way as the others.

Q: What are the key keywords?

A: application security, Application Security Controls (ASC), Application Normative Framework (ANF), application lifecycle, assurance, validation, verification, ISO/IEC 27034.