标准摘要
[中文适用范围]: 本文档为审查和评估信息安全控制的实施和运行(包括信息系统控制的技术评估)提供了指导,以符合组织既定的信息安全要求…… [外文原描述]: This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization's established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization. This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001. It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.
英文名称Information technology - Security techniques - Guidelines for the assessment of information security controls