35.210 – Cloud computing – PDF Standards Store ?u= Wed, 06 Nov 2024 04:52:19 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 ?u=/wp-content/uploads/2024/11/cropped-icon-150x150.png 35.210 – Cloud computing – PDF Standards Store ?u= 32 32 SAE J 3061:2016 ?u=/product/publishers/sae/sae-j-30612016/ Wed, 06 Nov 2024 04:52:19 +0000 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
Published By Publication Date Number of Pages
SAE 2016-01-14 128
]]>
This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. The best practices are intended to be flexible, pragmatic, and adaptable in their further application to the vehicle industry as well as to other cyber-physical vehicle systems (e.g., commercial and military vehicles, trucks, busses). Other proprietary Cybersecurity development processes and standards may have been established to support a specific manufacturer’s development processes, and may not be comprehensively represented in this document, however, information contained in this document may help refine existing in-house processes, methods, etc.
This recommended practice establishes a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. This includes:
  • Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
  • Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.
  • Providing basic guiding principles on Cybersecurity for vehicle systems.
  • Providing the foundation for further standards development activities in vehicle Cybersecurity.
The appendices provide additional information to be aware of and may be used in helping improve Cybersecurity of feature designs. Much of the information identified in the appendices is available but some experts may not be aware of all of the available information. Therefore, the appendices provide an overview of some of this information to provide further guidance on building Cybersecurity into cyber-physical vehicle systems. The objective of the overviews is to encourage research to help improve designs and identify methods and tools for applying a company’s internal Cybersecurity process.
  1. Appendices AC – Describe some techniques for Threat Analysis and Risk Assessment, Threat Modeling and Vulnerability Analysis (e.g., Attack Trees) and when to use them.
  2. Appendices DI – Provide awareness of information that is available to the Vehicle Industry.
  3. Appendix D – Provides an overview of sample Cybersecurity and privacy controls derived from NIST SP 800-53 that may be considered in design phases.
  4. Appendix E – Provides references to some available vulnerability databases and vulnerability classification schemes.
  5. Appendix F – Describes vehicle-level considerations, including some good design practices for electrical architecture.
  6. Appendix G -Lists current Cybersecurity standards and guidelines of potential interest to the vehicle industry.
  7. Appendix H – Provides an overview of vehicle Cybersecurity-related research projects starting from 2004.
  8. Appendix I – Describes some existing security test tools of potential interest to the vehicle industry.
Refer to the definitions section to understand the terminology used throughout the document.
]]> ISO/IEC TS 23167:2020 ?u=/product/publishers/iso/iso-iec-ts-231672020/ Wed, 06 Nov 2024 01:04:54 +0000 Information technology — Cloud computing — Common technologies and techniques
Published By Publication Date Number of Pages
ISO 2020-02 62
]]> This document provides a description of a set of common technologies and techniques used in conjunction with cloud computing. These include:

— virtual machines (VMs) and hypervisors;

— containers and container management systems (CMSs);

— serverless computing;

— microservices architecture;

— automation;

— platform as a service systems and architecture;

— storage services;

— security, scalability and networking as applied to the above cloud computing technologies.

]]> ISO/IEC TR 3445:2022 ?u=/product/publishers/iso/iso-iec-tr-34452022/ Wed, 06 Nov 2024 01:03:58 +0000 Information technology - Cloud computing - Audit of cloud services
Published By Publication Date Number of Pages
ISO 2022-03 58
]]> This document surveys aspects of the audit of cloud services including:

1)    role and responsibilities of parties conducting audit and description of the interactions between the CSC, CSP, and CSN;

2)    approaches for conducting audits of cloud services to facilitate confidence in delivering and using cloud services;

3)    examples of available frameworks and standards which can be used for audit schemes, for certification, and for authorization.

This document builds upon the cloud auditor role as defined in ISO/IEC 17789 and ISO/IEC 22123.

This document is applicable to all types and sizes of organizations that need to plan and conduct internal or external audits, and that use, provide and support cloud services.

This document is not intended to describe certification or to identify controls that are published elsewhere.

]]> ISO/IEC TR 30102:2012 ?u=/product/publishers/iso/iso-iec-tr-301022012/ Wed, 06 Nov 2024 01:03:46 +0000 Information technology — Distributed Application Platforms and Services (DAPS) — General technical principles of Service Oriented Architecture
Published By Publication Date Number of Pages
ISO 2012-12 80
]]> ISO/IEC TR 30102:2012 describes the general technical principles underlying Service Oriented Architecture (SOA), including principles relating to functional design, performance, development, deployment and management. It provides a vocabulary containing definitions of terms relevant to SOA.

It includes a domain-independent technical framework, addressing functional requirements and non-functional requirements.

]]> ISO/IEC TR 23951:2020 ?u=/product/publishers/iso/iso-iec-tr-239512020/ Wed, 06 Nov 2024 01:02:51 +0000 Information technology — Cloud computing — Guidance for using the cloud SLA metric model
Published By Publication Date Number of Pages
ISO 2020-06 42
]]> The scope of this document is to describe guidance for using the ISO/IEC 19086-2 metric model, illustrated with examples.

]]> ISO/IEC TR 23613:2020 ?u=/product/publishers/iso/iso-iec-tr-236132020/ Wed, 06 Nov 2024 01:02:47 +0000 Information technology — Cloud computing — Cloud service metering elements and billing modes
Published By Publication Date Number of Pages
ISO 2020-05 14
]]> This document describes a sample set of cloud service metering elements and billing modes.

]]> ISO/IEC TR 23188:2020 ?u=/product/publishers/iso/iso-iec-tr-231882020/ Wed, 06 Nov 2024 01:02:47 +0000 Information technology — Cloud computing — Edge computing landscape
Published By Publication Date Number of Pages
ISO 2020-02 52
]]> This document examines the concept of edge computing, its relationship to cloud computing and IoT, and the technologies that are key to the implementation of edge computing. This document explores the following topics with respect to edge computing:

— concept of edge computing systems;

— architectural foundation of edge computing;

— edge computing terminology;

— software classifications in edge computing, e.g. firmware, services, applications;

— supporting technologies, e.g. containers, serverless computing, microservices;

— networking for edge systems, including virtual networks;

— data, e.g. data flow, data storage, data processing;

— management, of software, of data and of networks, resources, quality of service;

— virtual placement of software and data, and metadata;

— security and privacy;

— real time;

— mobile edge computing, mobile devices.

]]> ISO/IEC TR 23187:2020 ?u=/product/publishers/iso/iso-iec-tr-231872020/ Wed, 06 Nov 2024 01:02:46 +0000 Information technology — Cloud computing — Interacting with cloud service partners (CSNs)
Published By Publication Date Number of Pages
ISO 2020-06 42
]]> This document provides an overview of and guidance on interactions between cloud service partners (CSNs), specifically cloud service brokers, cloud service developers and cloud auditors, and other cloud service roles. In addition, this document describes how cloud service agreements (CSAs) and cloud service level agreements (cloud SLAs) can be used to address those interactions, including the following:

— definition of terms and concepts, and provision of an overview for interactions between CSNs and CSCs and CSPs;

— description of types of CSN interactions;

— description of interactions between CSNs and CSCs;

— description of interactions between CSNs and CSPs;

— description of elements of CSAs and Cloud SLAs for CSN interactions, both with CSPs and with CSCs.

]]> ISO/IEC 23751:2022 ?u=/product/publishers/iso/iso-iec-237512022/ Wed, 06 Nov 2024 00:49:31 +0000 Information technology - Cloud computing and distributed platforms - Data sharing agreement (DSA) framework
Published By Publication Date Number of Pages
ISO 2022-02 34
]]> This document establishes a set of building blocks, i.e. concepts, terms, and definitions, including Data Level Objectives (DLOs) and Data Qualitative Objectives (DQOs), that can be used to create Data Sharing Agreements (DSAs). This document is applicable to DSAs where the data is intended to be processed using one or more cloud services or other distributed platforms.

]]> ISO/IEC 20933:2016 ?u=/product/publishers/iso/iso-iec-209332016/ Wed, 06 Nov 2024 00:46:27 +0000 Information technology — Distributed Application Platforms and Services (DAPS) — Access Systems
Published By Publication Date Number of Pages
ISO 2016-05 22
]]> ISO/IEC 20933:2016 specifies:

1) an ID triggered modular access system, the functions of the modules and the messages they exchange, and the sequence of messages, i.e. transitions of the transaction;

2) the system responsibility from receiving an access request until sending the result. i.e. a complete transaction;

3) the responsibilities of the modules, including time stamping and responding to the requests they received; and

4) the sequence and semantics of the messages and their elements.

]]>