IS/ISO/IEC 27036 : Part 3 : 2023 Cybersecurity - Supplier Relationships - Part 3 Guidelines for Hardware Software and Services Supply Chain Security
NATIONAL FOREWORD
This Indian Standard (Part 3) (First Revision) which is identical to ISO/IEC 27036-3 : 2023 'Cybersecurity Supplier relationships Part 3: Guidelines for hardware, software, and services supply chain security' issued by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) was adopted by the Bureau of Indian Standards (BIS) on the recommendations of the Information Systems Security and Privacy Sectional Committee, and approval of the Electronics and Information Technology Division Council.
This standard was first published in 2017 and was identical with ISO/IEC 27036-3 : 2013. The first revision aligns this Indian Standard with ISO/IEC 27036-3 : 2023.
This Indian Standard is published in several parts. The other parts in this series are:
Part 1 Overview and concepts
Part 2 Requirements
Part 4 Guidelines for security of cloud services
The main changes are as follows:
a) The structure and content have been aligned with the most recent version of ISO/IEC/IEEE 15288;
b) Former Annex A has been removed; and
c) Annex B has been added.
The text of ISO/IEC standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are however not identical to those used in Indian Standards. Attention is particularly drawn to the following:
a) Wherever the words 'International Standard' appear referring to this standard, they should be read as 'Indian Standard'; and
b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is to use a point (.) as the decimal marker.