Статус документа
Статус документа

ГОСТ Р ИСО/МЭК 27034-6-2021 Информационные технологии (ИТ). Методы и средства обеспечения безопасности. Безопасность приложений. Часть 6. Практические примеры

Приложение A
(справочное)

Примеры использования из 5.2 на языке XML


Примеры приведены с целью упрощения разработки и передачи данных МОБП внутри организации или между разными организациями с учетом требований ИСО/МЭК 27034-5-1.

Таблица А.1 - XML-пример названия МОБП, написанного на трех языках

<?xml version="1.0" encoding="UTF-8"?>

<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xml-asc-package-schema-version="1.0.0.0">

<asc:package-content>

<asc:package-identification>

<!-- Content removed for  simplification -->

</asc:package-identification>

<asc:asc xml-asc-schema-version="1.0.0.0">

<asc:content>

<asc:identification>

<asc:uid>ORGANIsation-ASD-042</asc:uid>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Code Review</asc:text>

</asc:localized-information>

<asc:localized-information language="FR" country="CA" organization="ORGANIsation">

<asc:text>Revision de code</asc:text>

</asc:localized-information>

<asc:localized-information language="RU" country="RU" organization="ORGANIsation">

< asc:text >Анализ кодa</asc:text>

</asc:localized-information>

</asc:name>

<!-- Content removed for  simplification -->


</asc:asc-package>



Таблица A.2 - XML-пример процедуры утверждения МОБП и соответствующих подписей

<?xml version="1.0" encoding="UTF-8"?>

<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml-asc-package-schema-version="1.0.0.0">

<asc:package-content>

<asc:package-identification>

<!-- Содержание удалено для упрощения текста документа -->

</asc:package-identification>

<asc:asc xml-asc-schema-version="1.0.0.0">

<asc:content>

<asc:identification>

<asc:uid>ORGANIsation-ASD-042</asc:uid>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Code Review</asc:text>

</asc:localized-information>

</asc:name>

<asc:version number="1.3.6.0" date="2016-01-04" life-cycle-stage="ACTIVE"></asc:version>

<!-- Content removed for  simplification -->

</asc:identification>

<asc:objective>

<!-- Content removed for  simplification -->

</asc:objective>

<asc:security-activity>

<!-- Content removed for  simplification -->

</asc:security-activity>

<asc:verification-measurement>

<!-- Content removed for  simplification -->

</asc:verification-measurement>

</asc:content>

<asc:approval-e-signatures>

<asc:approval-stage>

<asc:date>2011-09-23</asc:date>

<asc:approval-stage-type>CREATION_REQUEST</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Herbert George Wells</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Offce">JVernes@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

<asc:approver-e-signature>

<asc:e-signature-param>HGWells@ORGANIsation.com</asc:e-signature-param>

<asc:e-signature-param>Version: PGP Universal 3.2.0 (Build 1950)</asc:e-signature-param>

<asc:e-signature-param>Charset: us-ascii</asc:e-signature-param>

<asc:e-signature-data>wsBVAwUBT06tfp/JsGz ... fwymKtSR63wb7QQ===x0gO</asc:e-signature-data>

</asc:approver-e-signature>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-01-11</asc:date>

<asc:approval-stage-type>VALIDATION</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Arthur С. Clarke</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Offce">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Offce">ACCIarke@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-05-10</asc:date>

<asc:approval-stage-type>DEVELOPMENT</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Frank Herbert</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">FHerbert@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-09-07</asc:date>

<asc:approval-stage-type>VERIFICATION</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Ray Bradbury</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">RBradbury@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:approver>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-09-17</asc:date>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>William Gibson</asc:text>

</asc:localized-information>

</asc:name>

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">WGibson@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-10-07</asc:date>

<asc:approval-stage-type>APPROVAL</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Robert Heinlein</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Offce">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">RHeinlein@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

<asc:approver-e-signature>

<asc:e-signature-param>RHeinlein@ORGANIsation.com</asc:e-signature-param>

<asc:e-signature-param>Version: PGP Universal 3.2.0 (Build 1950)</asc:e-signature-param>

<asc:e-signature-param>Charset: us-ascii</asc:e-signature-param>

<asc:e-signature-data> Gz86uwqAQgcAp3fe ... B45vjfqO4Vq/woF</asc:e-signature-data>

</asc:approver-e-signature>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-10-17</asc:date>

<asc:approval-stage-type>OWNERS_FINAL_APPROVAL</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Douglas Adams</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">DAdams@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

<asc:approver-e-signature>

<asc:e-signature-param>DAdams@ORGANIsation.com</asc:e-signature-param>

<asc:e-signature-param>Version: PGP Universal 3.2.0 (Build 1950)</asc:e-signature-param>

<asc:e-signature-param>Charset: us-ascii</asc:e-signature-param>

<asc:e-signature-data>bgHiOLLo+0yTx9T4uGCyx ... A09CKT4alsmvtOFLvtuB</asc:e-signature-data>

</asc:approver-e-signature>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2012-11-06</asc:date>

<asc:approval-stage-type>PUBLISHED_FOR_TRAINING</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>lsaac Asimov</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">IAsimov@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

</asc:approval-stage>

<asc:approval-stage>

<asc:date>2013-03-06</asc:date>

<asc:approval-stage-type>ACTIVE</asc:approval-stage-type>

<asc:approver>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Mary Shelley</asc:text>

</asc:localized-information>

</asc:name>

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">MShelley@ORGANIsation.com</asc:email>

</asc:emails>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:approver>

</asc:approval-stage>

</asc:approval-e-signatures>

</asc:asc>

</asc:package-content>

<asc:package-editor-e-signature>

<!- Content removed for  simplification -->

</asc:package-editor-e-signature>

</asc:asc-package>



Таблица A.3 - XML-пример определения дочерней МОБП

<?xml version-"1.0" encoding="UTF-8"?>

<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:x-si=http://www.w3.org/2001/XMLSchema-instance xml-asc-package-schema-version="1.0.0.0">

<asc:package-content>

<asc:package-identification>

<!-- Content removed for  simplification -->

</asc:package-identification>

<asc:asc xml-asc-schema-version="1.0.0.0">

<asc:content>

<asc:identification>

<asc:uid>ORGANIsation-ASD-042</asc:uid>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Code Review</asc:text>

</asc:localized-information>

<asc:version number="1.3.6.0" date="2016-01-04" life-cycle-stage="ACTIVE"></asc:version>

<asc:date>2016-01-04</asc:date>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This ASC is used to help developers to perform a code review control for JAVA applications. </asc:text>

</asc:localized-information>

</asc:description>

<asc:children>

<asc:child>

<asc:ref-asc>ORGANIsation-ASD-043</asc:ref-asc>

<asc:description>

<asc:text>Code Classification</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

<asc:ref-asc>ORGANIsation-ASD-044</asc:ref-asc>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Basic Automatic Code Review</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

<asc:child>

<asc:ref-asc>ORGANIsation-ASD-045</asc:ref-asc>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Advanced Automatic Code Review</asc:text>

</asc:description>

</asc:child>

<asc:child>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Manual Code Review</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

</asc:children>

<asc:objective>

<!-- Content removed for  simplification -->

</asc:objective>

<asc:security-activity>

<!-- Content removed for  simplification -->

</asc:security-activity>

<asc:verification-measurement>

<!-- Content removed for  simplification -->

</asc:verification-measurement>

</asc:content>

<asc:approval-e-signatures>

<!-- Content removed for  simplification -->

</asc:approval-e-signatures>

</asc:asc>

</asc:package-content>

<asc:package-editor-e-signature>

<!-- Content removed for  simplification -->

</asc:package-editor-e-signature>

</asc:asc-package>



Таблица A.4 - XML-пример МОБП ORGAN lsation-ASD-042: анализ исходного кода, идентификация

<?xml version-"1.0" encoding="UTF-8"?>

<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xml-asc-package-schema-version="1.0.0.0">

<asc:package-content>

<asc:package-identifcation>

<!-- Content removed for  simplification -->

</asc:package-identification>

<asc:asc xml-asc-schema-version="1.0.0.0">

<asc:content>

<asc:identification>

<asc:uid>ORGANIsation-ASD-042</asc:uid>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Code Review</asc:text>

</asc:localized-information>

</asc:name>

<asc:version number-"1.3.6.0" date="2013-03-06" life-cycle-stage="ACTIVE">

<asc:revision-note>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Categorization ASC was added in this version to ensure a homogenous application’s class classification.</asc:text>

</asc:localized-information>

</asc:revision-note>

</asc:version>

<asc:date>2016-01-04</asc:date>

<asc:description>

<asc:text>This ASC is used to help developers to perform a code review control for JAVA applications.</asc:text>

</asc:localized-information>

</asc:description>

<asc:author>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Jules Verne</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>ORGANIsation inc.</asc:text>

</asc:localized-information>

</asc:organization>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Application Security Department</asc:text>

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">JVernes@ORGANIsation.com</asc:email>

</asc:emails>

<asc:phones>

<asc:phone type="Offce">+1.234.567.8901</asc:phone>

</asc:phones>

<asc:street-address>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>1234 Street ave W</asc:text>

</asc:localized-information>

</asc:street-address>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Beautiful city</asc:text>

</asc:localized-information>

</asc:city>

<asc:provice-state>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Quebec</asc:text>

</asc:localized-information>

</asc:provice-state>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:author>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Douglas Adams</asc:text>

</asc:localized-information>

</asc:name>

<asc:coordinate location-name="Office">

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

</asc:localized-information>

</asc:organization>

<asc:department>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

</asc:localized-information>

</asc:department>

<asc:emails>

<asc:email type="Office">DAdams@ORGANIsation.com</asc:email>

</asc:emails>

<asc:phones>

<asc:phone type="Office">+1.109.876.5432</asc:phone>

</asc:phones>

<asc:street-address>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>1234 Street ave W</asc:text>

</asc:street-address>

<asc:city>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Beautiful city</asc:text>

</asc:localized-information>

</asc:city>

<asc:provice-state>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Quebec</asc:text>

</asc:localized-information>

</asc:provice-state>

<asc:country>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Canada</asc:text>

</asc:localized-information>

</asc:country>

</asc:coordinate>

</asc:owner>

<asc:children>

<asc:child>

<asc:ref-asc>ORGANIsation-ASD-043</asc:ref-asc>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Code Classification</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

<asc:child>

<asc:ref-asc>ORGANIsation-ASD-044</asc:ref-asc>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Basic Automatic Code Review</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

<asc:child>

<asc:ref-asc>ORGANIsation-ASD-045</asc:ref-asc>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Advanced Automatic Code Review</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

<asc:child>

<asc:ref-asc>ORGANIsation-ASD-046</asc:ref-asc>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Manual Code Review</asc:text>

</asc:localized-information>

</asc:description>

</asc:child>

</asc:children>

</asc:identification>

<asc:objective>

<!-- Content removed for  simplification -->

</asc:objective>

<asc:security-activity>

<!-- Content removed for  simplification -->

</asc:security-activity>

<asc:verification-measurement>

<!-- Content removed for  simplification -->

</asc:verification-measurement>

</asc:content>

<asc:approval-e-signatures>

<!-- Content removed for  simplification -->

</asc:approval-e-signatures>

</asc:asc>

</asc:package-content>

<asc:package-editor-e-signature>

<!-- Content removed for  simplification -->

</asc:package-editor-e-signature>

</asc:asc-package>



Таблица A.5 - XML-пример МОБП ORGANIsation-ASD-042: анализ исходного кода, назначение

<?xml version="1.0" encoding="UTF-8"?>

<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml-asc-package-schema-version="1.0.0.0">

<asc:package-content>

<asc:package-identification>

<!-- Content removed for  simplification -->

</asc:package-identifcation>

<asc:asc xml-asc-schema-version="1.0.0.0">

<asc:content>

<asc:identification>

<asc:uid>ORGANIsation-ASD-042</asc:uid>

<!-- Content removed for  simplification -->

</asc:identification>

<asc:objective>

<asc:objective-description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Top-level ASC whose objective is to group the various leaf ASCs related to code review in Java.</asc:text>

</asc:localized-information>

</asc:objective-description>

<asc:requirements-addressed>

<asc:requirement>

<!-- Content removed for  simplification -->

</asc:requirement>

</asc:requirements-addressed>

<asc:assigned-levels-of-trust>

<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>

<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>

<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>

<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>

<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>

<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>

</asc:assigned-levels-of-trust>

<asc:contexts-of-use>

<asc:context type="Regulatory">TECHNOLOGICAL</asc:context>

</asc:contexts-of-use>

<asc:levels-of-trust-range>

<asc:level-of-trust>

<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>

<asc:level>0</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Baseline</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>AII ORGANIsation’s applications shall comply with this Level of Trust.</asc:text>

</asc:localized-information>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>

<asc:level>1</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>lsolated - Local network only</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for applications used on isolated corporate networks, with no connection to external networks.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>

<asc:level>2</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Low - Internet, public information only</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for Internet-facing applications sharing public information without any privacy concern.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>

<asc:level>3</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Medium - Internet, corporate users</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications used by corporate users, allowing access to corporate services, user files and/or transactions under 5,000$</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>

<asc:level>4</asc:level>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>High - Secure transactions and privacy protection over Internet</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications, used by corporate users, allowing access to user private information and/or transactions from $5000 to $25000</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>

<asc:level>5</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Private</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for transactional applications requiring highly secure transactions, privileged access and/or secure critical storage. Access to critical information and/or transactions over $25000 is authorized.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

</asc:levels-of-trust-range>

<asc:pre-conditions>

<asc:condition>

<!-- Content removed for  simplification -->

</asc:condition>

</asc:pre-conditions>

</asc:objective>

<asc:security-activity>

<!-- Content removed for  simplification -->

</asc:security-activity>

<asc:verification-measurement>

<!-- Content removed for  simplification -->

</asc:verification-measurement>

</asc:content>

<asc:approval-e-signatures>

<!-- Content removed for  simplification -->

</asc:approval-e-signatures>

</asc:asc>

</asc:package-content>

<asc:package-editor-e-signature>

<!-- Content removed for  simplification -->

</asc:package-editor-e-signature>

</asc:asc-package>



Таблица A.6 - XML-пример МОБП ORGANIsation-ASD-043: классификация кода, назначение

<"xml version="1.0" encoding="UTF-8"?>

<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml-asc-package-schema-version="1.0.0.0">

<asc:package-content>

<asc:package-identification>

<!-- Content removed for  simplification -->

</asc:package-identification>

<asc:asc xml-asc-schema-version="1.0.0.0">

<asc:content>

<asc:identification>

<asc:uid>ORGANIsation-ASD-043</asc:uid>

<!-- Content removed for  simplification -->

</asc:identification>

<asc:objective>

<asc:objective-description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Define the scope of the code review.</asc:text>

</asc:localized-information>

</asc:objective-description>

<asc:requirements-addressed>

<asc:requirement>

<asc:requirement-type>BUSINESS_REQUIREMENTS</asc:requirement-type>

<asc:name>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Code Components Categorization Guidance</asc:text>

<asc:supporting-documents>

<asc:document>

<asc:name>ORGANIsation Development guidelines v2.1</asc:name>

<asc:description>ORGANIsation Development guidelines v2.1, Section 5.6  - Application components classification.</asc:description>

<asc:binary-data>UjBsR09EbGhjZ0dTQUxNQUNBRU1t ... Q1p0dU1GUXhEUzhi</asc:binary-data>

</asc:document>

</asc:supporting-documents>

</asc:localized-information>

</asc:name>

</asc:requirement>

</asc:requirements-addressed>

<asc:assigned-levels-of-trust>

<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>

<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>

<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>

<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>

<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>

<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>

</asc:assigned-levels-of-trust>

<asc:levels-of-trust-range>

<asc:level-of-trust>

<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>

<asc:level>0</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Baseline</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>AII ORGANIsation’s applications shall comply with this Level of Trust.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>

<asc:level>1</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>lsolated - Local network only</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for applications used on isolated corporate networks, with no connection to external networks.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>

<asc:level>2</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Low - Internet, public information only</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for Internet-facing applications sharing public information without any privacy concern.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>

<asc:level>3</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Medium - Internet, corporate users</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications used by corporate users, allowing access to corporate services, user fles and/or transactions under 5,000$.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>

<asc:level>4</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>High  - Secure transactions and privacy protection over Internet</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications, used by corporate users, allowing access to user private information and/or transactions from 5,000$ to 25,000$</ asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

<asc:level-of-trust>

<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>

<asc:level>5</asc:level>

<asc:label>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>Private</asc:text>

</asc:localized-information>

</asc:label>

<asc:description>

<asc:localized-information language="EN" country="CA" organization="ORGANIsation">

<asc:text>This Level of Trust is appropriate for transactional applications requiring highly secure transactions, privileged access and/or secure critical storage. Access to critical information and/or transactions over 25,000$ is authorized.</asc:text>

</asc:localized-information>

</asc:description>

</asc:level-of-trust>

</asc:levels-of-trust-range>

<asc:pre-conditions>

<asc:condition>

<!-- Content removed for  simplification -->

</asc:condition>

</asc:pre-conditions>

</asc:objective>

<asc:security-activity>

<!-- Content removed for  simplification -->

</asc:security-activity>

<asc:verification-measurement>

<!-- Content removed for simplification -->

</asc:verification-measurement>

</asc:content>

<asc:approval-e-signatures>

<!-- Content removed for simplification -->

</asc:approval-e-signatures>

</asc:asc>

</asc:approval-e-signatures>

</asc:asc>

</asc:package-content>

<asc:package-editor-e-signature>

<!-- Content removed for  simplification -->

</asc:package-editor-e-signature>

</asc:asc-package>



Таблица A.7 - XML-пример МОБП ORGANIsation-ASD-043: классификация кода, мероприятия по обеспечению безопасности