Приложение A
(справочное)
Примеры приведены с целью упрощения разработки и передачи данных МОБП внутри организации или между разными организациями с учетом требований ИСО/МЭК 27034-5-1.
Таблица А.1 - XML-пример названия МОБП, написанного на трех языках
|
<?xml version="1.0" encoding="UTF-8"?>
<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xml-asc-package-schema-version="1.0.0.0">
<asc:package-content>
<asc:package-identification>
<!-- Content removed for simplification -->
</asc:package-identification>
<asc:asc xml-asc-schema-version="1.0.0.0">
<asc:content>
<asc:identification>
<asc:uid>ORGANIsation-ASD-042</asc:uid>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Code Review</asc:text>
</asc:localized-information>
<asc:localized-information language="FR" country="CA" organization="ORGANIsation">
<asc:text>Revision de code</asc:text>
</asc:localized-information>
<asc:localized-information language="RU" country="RU" organization="ORGANIsation">
< asc:text >Анализ кодa</asc:text>
</asc:localized-information>
</asc:name>
<!-- Content removed for simplification -->
</asc:asc-package> |
Таблица A.2 - XML-пример процедуры утверждения МОБП и соответствующих подписей
|
<?xml version="1.0" encoding="UTF-8"?>
<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml-asc-package-schema-version="1.0.0.0">
<asc:package-content>
<asc:package-identification>
<!-- Содержание удалено для упрощения текста документа -->
</asc:package-identification>
<asc:asc xml-asc-schema-version="1.0.0.0">
<asc:content>
<asc:identification>
<asc:uid>ORGANIsation-ASD-042</asc:uid>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Code Review</asc:text>
</asc:localized-information>
</asc:name>
<asc:version number="1.3.6.0" date="2016-01-04" life-cycle-stage="ACTIVE"></asc:version>
<!-- Content removed for simplification -->
</asc:identification>
<asc:objective>
<!-- Content removed for simplification -->
</asc:objective>
<asc:security-activity>
<!-- Content removed for simplification -->
</asc:security-activity>
<asc:verification-measurement>
<!-- Content removed for simplification -->
</asc:verification-measurement>
</asc:content>
<asc:approval-e-signatures>
<asc:approval-stage>
<asc:date>2011-09-23</asc:date>
<asc:approval-stage-type>CREATION_REQUEST</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Herbert George Wells</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Offce">JVernes@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
<asc:approver-e-signature>
<asc:e-signature-param>HGWells@ORGANIsation.com</asc:e-signature-param>
<asc:e-signature-param>Version: PGP Universal 3.2.0 (Build 1950)</asc:e-signature-param>
<asc:e-signature-param>Charset: us-ascii</asc:e-signature-param>
<asc:e-signature-data>wsBVAwUBT06tfp/JsGz ... fwymKtSR63wb7QQ===x0gO</asc:e-signature-data>
</asc:approver-e-signature>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-01-11</asc:date>
<asc:approval-stage-type>VALIDATION</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Arthur С. Clarke</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Offce">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Offce">ACCIarke@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-05-10</asc:date>
<asc:approval-stage-type>DEVELOPMENT</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Frank Herbert</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">FHerbert@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-09-07</asc:date>
<asc:approval-stage-type>VERIFICATION</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Ray Bradbury</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">RBradbury@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:approver>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-09-17</asc:date>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>William Gibson</asc:text>
</asc:localized-information>
</asc:name>
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">WGibson@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-10-07</asc:date>
<asc:approval-stage-type>APPROVAL</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Robert Heinlein</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Offce">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">RHeinlein@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
<asc:approver-e-signature>
<asc:e-signature-param>RHeinlein@ORGANIsation.com</asc:e-signature-param>
<asc:e-signature-param>Version: PGP Universal 3.2.0 (Build 1950)</asc:e-signature-param>
<asc:e-signature-param>Charset: us-ascii</asc:e-signature-param>
<asc:e-signature-data> Gz86uwqAQgcAp3fe ... B45vjfqO4Vq/woF</asc:e-signature-data>
</asc:approver-e-signature>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-10-17</asc:date>
<asc:approval-stage-type>OWNERS_FINAL_APPROVAL</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Douglas Adams</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">DAdams@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
<asc:approver-e-signature>
<asc:e-signature-param>DAdams@ORGANIsation.com</asc:e-signature-param>
<asc:e-signature-param>Version: PGP Universal 3.2.0 (Build 1950)</asc:e-signature-param>
<asc:e-signature-param>Charset: us-ascii</asc:e-signature-param>
<asc:e-signature-data>bgHiOLLo+0yTx9T4uGCyx ... A09CKT4alsmvtOFLvtuB</asc:e-signature-data>
</asc:approver-e-signature>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2012-11-06</asc:date>
<asc:approval-stage-type>PUBLISHED_FOR_TRAINING</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>lsaac Asimov</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">IAsimov@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
</asc:approval-stage>
<asc:approval-stage>
<asc:date>2013-03-06</asc:date>
<asc:approval-stage-type>ACTIVE</asc:approval-stage-type>
<asc:approver>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Mary Shelley</asc:text>
</asc:localized-information>
</asc:name>
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">MShelley@ORGANIsation.com</asc:email>
</asc:emails>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:approver>
</asc:approval-stage>
</asc:approval-e-signatures>
</asc:asc>
</asc:package-content>
<asc:package-editor-e-signature>
<!- Content removed for simplification -->
</asc:package-editor-e-signature>
</asc:asc-package> |
Таблица A.3 - XML-пример определения дочерней МОБП
|
<?xml version-"1.0" encoding="UTF-8"?>
<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:x-si=http://www.w3.org/2001/XMLSchema-instance xml-asc-package-schema-version="1.0.0.0">
<asc:package-content>
<asc:package-identification>
<!-- Content removed for simplification -->
</asc:package-identification>
<asc:asc xml-asc-schema-version="1.0.0.0">
<asc:content>
<asc:identification>
<asc:uid>ORGANIsation-ASD-042</asc:uid>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Code Review</asc:text>
</asc:localized-information>
<asc:version number="1.3.6.0" date="2016-01-04" life-cycle-stage="ACTIVE"></asc:version>
<asc:date>2016-01-04</asc:date>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This ASC is used to help developers to perform a code review control for JAVA applications. </asc:text>
</asc:localized-information>
</asc:description>
<asc:children>
<asc:child>
<asc:ref-asc>ORGANIsation-ASD-043</asc:ref-asc>
<asc:description>
<asc:text>Code Classification</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
<asc:ref-asc>ORGANIsation-ASD-044</asc:ref-asc>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Basic Automatic Code Review</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
<asc:child>
<asc:ref-asc>ORGANIsation-ASD-045</asc:ref-asc>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Advanced Automatic Code Review</asc:text>
</asc:description>
</asc:child>
<asc:child>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Manual Code Review</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
</asc:children>
<asc:objective>
<!-- Content removed for simplification -->
</asc:objective>
<asc:security-activity>
<!-- Content removed for simplification -->
</asc:security-activity>
<asc:verification-measurement>
<!-- Content removed for simplification -->
</asc:verification-measurement>
</asc:content>
<asc:approval-e-signatures>
<!-- Content removed for simplification -->
</asc:approval-e-signatures>
</asc:asc>
</asc:package-content>
<asc:package-editor-e-signature>
<!-- Content removed for simplification -->
</asc:package-editor-e-signature>
</asc:asc-package> |
Таблица A.4 - XML-пример МОБП ORGAN lsation-ASD-042: анализ исходного кода, идентификация
|
<?xml version-"1.0" encoding="UTF-8"?>
<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xml-asc-package-schema-version="1.0.0.0">
<asc:package-content>
<asc:package-identifcation>
<!-- Content removed for simplification -->
</asc:package-identification>
<asc:asc xml-asc-schema-version="1.0.0.0">
<asc:content>
<asc:identification>
<asc:uid>ORGANIsation-ASD-042</asc:uid>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Code Review</asc:text>
</asc:localized-information>
</asc:name>
<asc:version number-"1.3.6.0" date="2013-03-06" life-cycle-stage="ACTIVE">
<asc:revision-note>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Categorization ASC was added in this version to ensure a homogenous application’s class classification.</asc:text>
</asc:localized-information>
</asc:revision-note>
</asc:version>
<asc:date>2016-01-04</asc:date>
<asc:description>
<asc:text>This ASC is used to help developers to perform a code review control for JAVA applications.</asc:text>
</asc:localized-information>
</asc:description>
<asc:author>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Jules Verne</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>ORGANIsation inc.</asc:text>
</asc:localized-information>
</asc:organization>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Application Security Department</asc:text>
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">JVernes@ORGANIsation.com</asc:email>
</asc:emails>
<asc:phones>
<asc:phone type="Offce">+1.234.567.8901</asc:phone>
</asc:phones>
<asc:street-address>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>1234 Street ave W</asc:text>
</asc:localized-information>
</asc:street-address>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Beautiful city</asc:text>
</asc:localized-information>
</asc:city>
<asc:provice-state>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Quebec</asc:text>
</asc:localized-information>
</asc:provice-state>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:author>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Douglas Adams</asc:text>
</asc:localized-information>
</asc:name>
<asc:coordinate location-name="Office">
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
</asc:localized-information>
</asc:organization>
<asc:department>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
</asc:localized-information>
</asc:department>
<asc:emails>
<asc:email type="Office">DAdams@ORGANIsation.com</asc:email>
</asc:emails>
<asc:phones>
<asc:phone type="Office">+1.109.876.5432</asc:phone>
</asc:phones>
<asc:street-address>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>1234 Street ave W</asc:text>
</asc:street-address>
<asc:city>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Beautiful city</asc:text>
</asc:localized-information>
</asc:city>
<asc:provice-state>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Quebec</asc:text>
</asc:localized-information>
</asc:provice-state>
<asc:country>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Canada</asc:text>
</asc:localized-information>
</asc:country>
</asc:coordinate>
</asc:owner>
<asc:children>
<asc:child>
<asc:ref-asc>ORGANIsation-ASD-043</asc:ref-asc>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Code Classification</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
<asc:child>
<asc:ref-asc>ORGANIsation-ASD-044</asc:ref-asc>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Basic Automatic Code Review</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
<asc:child>
<asc:ref-asc>ORGANIsation-ASD-045</asc:ref-asc>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Advanced Automatic Code Review</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
<asc:child>
<asc:ref-asc>ORGANIsation-ASD-046</asc:ref-asc>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Manual Code Review</asc:text>
</asc:localized-information>
</asc:description>
</asc:child>
</asc:children>
</asc:identification>
<asc:objective>
<!-- Content removed for simplification -->
</asc:objective>
<asc:security-activity>
<!-- Content removed for simplification -->
</asc:security-activity>
<asc:verification-measurement>
<!-- Content removed for simplification -->
</asc:verification-measurement>
</asc:content>
<asc:approval-e-signatures>
<!-- Content removed for simplification -->
</asc:approval-e-signatures>
</asc:asc>
</asc:package-content>
<asc:package-editor-e-signature>
<!-- Content removed for simplification -->
</asc:package-editor-e-signature>
</asc:asc-package> |
Таблица A.5 - XML-пример МОБП ORGANIsation-ASD-042: анализ исходного кода, назначение
|
<?xml version="1.0" encoding="UTF-8"?>
<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml-asc-package-schema-version="1.0.0.0">
<asc:package-content>
<asc:package-identification>
<!-- Content removed for simplification -->
</asc:package-identifcation>
<asc:asc xml-asc-schema-version="1.0.0.0">
<asc:content>
<asc:identification>
<asc:uid>ORGANIsation-ASD-042</asc:uid>
<!-- Content removed for simplification -->
</asc:identification>
<asc:objective>
<asc:objective-description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Top-level ASC whose objective is to group the various leaf ASCs related to code review in Java.</asc:text>
</asc:localized-information>
</asc:objective-description>
<asc:requirements-addressed>
<asc:requirement>
<!-- Content removed for simplification -->
</asc:requirement>
</asc:requirements-addressed>
<asc:assigned-levels-of-trust>
<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>
<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>
<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>
<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>
<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>
<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>
</asc:assigned-levels-of-trust>
<asc:contexts-of-use>
<asc:context type="Regulatory">TECHNOLOGICAL</asc:context>
</asc:contexts-of-use>
<asc:levels-of-trust-range>
<asc:level-of-trust>
<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>
<asc:level>0</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Baseline</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>AII ORGANIsation’s applications shall comply with this Level of Trust.</asc:text>
</asc:localized-information>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>
<asc:level>1</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>lsolated - Local network only</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for applications used on isolated corporate networks, with no connection to external networks.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>
<asc:level>2</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Low - Internet, public information only</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for Internet-facing applications sharing public information without any privacy concern.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>
<asc:level>3</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Medium - Internet, corporate users</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications used by corporate users, allowing access to corporate services, user files and/or transactions under 5,000$</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>
<asc:level>4</asc:level>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>High - Secure transactions and privacy protection over Internet</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications, used by corporate users, allowing access to user private information and/or transactions from $5000 to $25000</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>
<asc:level>5</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Private</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for transactional applications requiring highly secure transactions, privileged access and/or secure critical storage. Access to critical information and/or transactions over $25000 is authorized.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
</asc:levels-of-trust-range>
<asc:pre-conditions>
<asc:condition>
<!-- Content removed for simplification -->
</asc:condition>
</asc:pre-conditions>
</asc:objective>
<asc:security-activity>
<!-- Content removed for simplification -->
</asc:security-activity>
<asc:verification-measurement>
<!-- Content removed for simplification -->
</asc:verification-measurement>
</asc:content>
<asc:approval-e-signatures>
<!-- Content removed for simplification -->
</asc:approval-e-signatures>
</asc:asc>
</asc:package-content>
<asc:package-editor-e-signature>
<!-- Content removed for simplification -->
</asc:package-editor-e-signature>
</asc:asc-package> |
Таблица A.6 - XML-пример МОБП ORGANIsation-ASD-043: классификация кода, назначение
|
<"xml version="1.0" encoding="UTF-8"?>
<asc:asc-package xmlns:asc="http://iso.org/ISO27034/ASC-structure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml-asc-package-schema-version="1.0.0.0">
<asc:package-content>
<asc:package-identification>
<!-- Content removed for simplification -->
</asc:package-identification>
<asc:asc xml-asc-schema-version="1.0.0.0">
<asc:content>
<asc:identification>
<asc:uid>ORGANIsation-ASD-043</asc:uid>
<!-- Content removed for simplification -->
</asc:identification>
<asc:objective>
<asc:objective-description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Define the scope of the code review.</asc:text>
</asc:localized-information>
</asc:objective-description>
<asc:requirements-addressed>
<asc:requirement>
<asc:requirement-type>BUSINESS_REQUIREMENTS</asc:requirement-type>
<asc:name>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Code Components Categorization Guidance</asc:text>
<asc:supporting-documents>
<asc:document>
<asc:name>ORGANIsation Development guidelines v2.1</asc:name>
<asc:description>ORGANIsation Development guidelines v2.1, Section 5.6 - Application components classification.</asc:description>
<asc:binary-data>UjBsR09EbGhjZ0dTQUxNQUNBRU1t ... Q1p0dU1GUXhEUzhi</asc:binary-data>
</asc:document>
</asc:supporting-documents>
</asc:localized-information>
</asc:name>
</asc:requirement>
</asc:requirements-addressed>
<asc:assigned-levels-of-trust>
<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>
<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>
<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>
<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>
<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>
<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>
</asc:assigned-levels-of-trust>
<asc:levels-of-trust-range>
<asc:level-of-trust>
<asc:level-of-trust-ref>45F736847</asc:level-of-trust-ref>
<asc:level>0</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Baseline</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>AII ORGANIsation’s applications shall comply with this Level of Trust.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>76878654</asc:level-of-trust-ref>
<asc:level>1</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>lsolated - Local network only</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for applications used on isolated corporate networks, with no connection to external networks.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>9876D54</asc:level-of-trust-ref>
<asc:level>2</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Low - Internet, public information only</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for Internet-facing applications sharing public information without any privacy concern.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>4576825</asc:level-of-trust-ref>
<asc:level>3</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Medium - Internet, corporate users</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications used by corporate users, allowing access to corporate services, user fles and/or transactions under 5,000$.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>989A67547</asc:level-of-trust-ref>
<asc:level>4</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>High - Secure transactions and privacy protection over Internet</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for Internet-facing, transactional applications, used by corporate users, allowing access to user private information and/or transactions from 5,000$ to 25,000$</ asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
<asc:level-of-trust>
<asc:level-of-trust-ref>932564543</asc:level-of-trust-ref>
<asc:level>5</asc:level>
<asc:label>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>Private</asc:text>
</asc:localized-information>
</asc:label>
<asc:description>
<asc:localized-information language="EN" country="CA" organization="ORGANIsation">
<asc:text>This Level of Trust is appropriate for transactional applications requiring highly secure transactions, privileged access and/or secure critical storage. Access to critical information and/or transactions over 25,000$ is authorized.</asc:text>
</asc:localized-information>
</asc:description>
</asc:level-of-trust>
</asc:levels-of-trust-range>
<asc:pre-conditions>
<asc:condition>
<!-- Content removed for simplification -->
</asc:condition>
</asc:pre-conditions>
</asc:objective>
<asc:security-activity>
<!-- Content removed for simplification -->
</asc:security-activity>
<asc:verification-measurement>
<!-- Content removed for simplification -->
</asc:verification-measurement>
</asc:content>
<asc:approval-e-signatures>
<!-- Content removed for simplification -->
</asc:approval-e-signatures>
</asc:asc>
</asc:approval-e-signatures>
</asc:asc>
</asc:package-content>
<asc:package-editor-e-signature>
<!-- Content removed for simplification -->
</asc:package-editor-e-signature>
</asc:asc-package> |
Таблица A.7 - XML-пример МОБП ORGANIsation-ASD-043: классификация кода, мероприятия по обеспечению безопасности