|
Standard
ISO/IEC 18974
First edition
Information technology —
2023-12
OpenChain security assurance
specification
Reference number
ISO/IEC 18974:2023(en) © ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC 18974:2023(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2023 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO/IEC 18974:2023(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Requirements . 3
4.1 Program foundation .3
4.1.1 Policy .3
4.1.2 Competence .3
4.1.3 Awareness .3
4.1.4 Program scope .4
4.1.5 Standard practice implementation .4
4.2 Relevant tasks defined and supported .5
4.2.1 Access .5
4.2.2 Effectively resourced .5
4.3 Open source software content review and approval .6
4.3.1 Software bill of materials .6
4.3.2 Security assurance .6
4.4 Adherence to the specification requirements .7
4
...