Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
Security check
Please login to your personal account to use this feature.
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
PD ISO/IEC TR 6114:2023 Cybersecurity. Security considerations throughout the product life cycle, 2023
- undefined
- Foreword
- Introduction
- 1 Scope
- 2 Normative references
- 3 Terms and definitions
- 4 Abbreviated terms
- 5 Security considerations throughout the product life cycle [Go to Page]
- 5.1 Security considerations throughout the product life cycle overview
- 5.2 Information and communication technology threat model
- 5.3 Classes of threats
- 5.4 Structure of the report
- 6 Phase 1: Concept [Go to Page]
- 6.1 General
- 6.2 Summary of concept threats and controls [Go to Page]
- 6.2.1 Workflow toolchain tampering
- 6.2.2 Unauthorized operations
- 6.2.3 Integrity faults
- 6.2.4 Theft or loss
- 7 Phase 2: Development [Go to Page]
- 7.1 General
- 7.2 Summary of development threats and controls [Go to Page]
- 7.2.1 Attacks on development tools and/or network
- 7.2.2 Malicious embedded firmware
- 7.2.3 Malicious hardware
- 7.2.4 Malicious software (driver)
- 7.2.5 Counterfeit
- 8 Phase 3: Source and manufacture [Go to Page]
- 8.1 General
- 8.2 Source
- 8.3 Manufacture
- 8.4 Summary of production threats and controls [Go to Page]
- 8.4.1 Attack on production tools, data exchange tools and/or network
- 8.4.2 Unauthorized disclosure
- 8.4.3 Reverse engineering / theft of design
- 8.4.4 Improper system settings
- 8.4.5 Design alteration
- 8.4.6 Insertion of malicious and/or counterfeit components
- 8.4.7 Falsification of test results
- 8.4.8 Product theft
- 8.4.9 Code insertion or replacement (firmware, operating system, software)
- 8.4.10 System replacement (spoof device)
- 9 Phase 4: Transport [Go to Page]
- 9.1 General
- 9.2 Summary of production threats and controls [Go to Page]
- 9.2.1 Product theft
- 9.2.2 Code insertion or replacement (firmware, operating system, software)
- 9.2.3 Insertion of malicious components
- 9.2.4 System replacement (spoof device)
- 9.2.5 Physical attack in storage and transit
- 10 Phase 5: Utilization and support [Go to Page]
- 10.1 General
- 10.2 Provision
- 10.3 Utilization
- 10.4 Support
- 10.5 Summary of utilization threats and controls [Go to Page]
- 10.5.1 Unknown provenance
- 10.5.2 Spoofed system (replaced system)
- 10.5.3 Undetected tampering
- 10.5.4 ​Build data store tampering
- 10.5.5 Non-current device/product (firmware, operation system, application, drivers)
- 10.5.6 Unauthorized changes (firmware, operating system, software)
- 10.5.7 Unauthorized component swap
- 10.5.8 Insertion or replacement with malicious component
- 10.5.9 Product data store tampering
- 11 Phase 6: Retirement [Go to Page]
- 11.1 General
- 11.2 Summary of retirement threats and controls [Go to Page]
- 11.2.1 Inaccurate hardware return
- 11.2.2 Incomplete data removal
- Annex A (informative) Product security threat mapping to SCLC phases
- Annex B (informative) Typical threats for hardware
- Annex C (informative) Typical threats for software
- Annex D (informative) Typical threats for data
- Annex E (informative) Use of tagalongs
- Annex F (informative) Software tampering
- Bibliography [Go to Page]
