EN ISO IEC 27040-2016 en Information technology - Security techniques - Storage security《信息技术-安全技术-存储安全(ISO IEC 27040 2015)》.pdf

1、Information technology Security techniques StoragesecurityBS EN ISO/IEC 27040:2016(ISO/IEC 27040:2015)BSI Standards PublicationBS EN ISO/IEC 27040:2016 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN ISO/IEC 27040:2016. It is identical to ISO/IEC 27040:2015. It

2、supersedes BS ISO/IEC 27040:2015 which is withdrawn.The UK participation in its preparation was entrusted by Technical Committee IST/33, IT - Security techniques to Subcommittee IST/33/4, Security Controls and Services.A list of organizations represented on this subcommittee can be obtained on reque

3、st to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016ISBN 978 0 580 92352 4ICS 35.040Compliance with a British Sta

4、ndard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 January 2015.Amendments issued since publicationDate Text affected30 September 2016 This corrigendum renumbers BS ISO/IEC 27040:2015 as BS

5、EN ISO/IEC 27040:2016EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO/IEC 27040 August 2016 ICS 35.040 English Version Information technology - Security techniques - Storage security (ISO/IEC 27040:2015) Technologie de linformation - Techniques de scurit - Scurit de stockage (ISO/IEC 27040:2

6、015) Informationstechnik - IT-Sicherheitsverfahren - Speichersicherheit (ISO/IEC 27040:2015) This European Standard was approved by CEN on 19 June 2016. CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Stand

7、ard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versi

8、ons (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national stand

9、ards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slo

10、venia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2016 CEN and CENELEC All rights of exploitation in any form and by any m

11、eans reserved worldwide for CEN and CENELEC national Members. Ref. No. EN ISO/IEC 27040:2016 EEuropean foreword The text of ISO/IEC 27040:2015 has been prepared by Technical Committee ISO/IEC JTC 1 “Information technology” of the International Organization for Standardization (ISO) and the Internati

12、onal Electrotechnical Commission (IEC) and has been taken over as EN ISO/IEC 27040:2016. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2017, and conflicting national standards shall be

13、withdrawn at the latest by February 2017. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regula

14、tions, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Ita

15、ly, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/IEC 27040:2015 has been approved by CEN as EN ISO/IEC 27040:2016 without any modification. BS EN

16、 ISO/IEC 27040:2016g8g17g3g12g22g18g512g12g8g6g3g884g889g882g886g882g483g884g882g883g888g3g525g8g526BS ISO/IEC 27040:2015ISO/IEC 27040:2015(E)Contents g19g131g137g135Foreword vIntroduction vi1 Scope . 12 Normative references 1g885g3 g23g135g148g143g149g3g131g144g134g3g134g135g976g139g144g139g150g139

17、g145g144g149 . 14 Symbols and abbreviated terms . 75 Overview and concepts .11g887g484g883g3 g10g135g144g135g148g131g142 11g887g484g884g3 g22g150g145g148g131g137g135g3g133g145g144g133g135g146g150g149 . 12g887g484g885g3 g12g144g150g148g145g134g151g133g150g139g145g144g3g150g145g3g149g150g145g148g131g1

18、37g135g3g149g135g133g151g148g139g150g155 . 12g887g484g886g3 g22g150g145g148g131g137g135g3g149g135g133g151g148g139g150g155g3g148g139g149g141g149 . 14g887g484g886g484g883g3 g5g131g133g141g137g148g145g151g144g13414g887g484g886g484g884g3 g7g131g150g131g3g132g148g135g131g133g138g135g149 15g887g484g886g48

19、4g885g3 g7g131g150g131g3g133g145g148g148g151g146g150g139g145g144g3g145g148g3g134g135g149g150g148g151g133g150g139g145g144 g883g888g887g484g886g484g886g3 g23g135g143g146g145g148g131g148g155g3g145g148g3g146g135g148g143g131g144g135g144g150g3g142g145g149g149g3g145g136g3g131g133g133g135g149g149g512g131g15

20、2g131g139g142g131g132g139g142g139g150g155 g883g888g887g484g886g484g887g3 g9g131g139g142g151g148g135g3g150g145g3g143g135g135g150g3g149g150g131g150g151g150g145g148g155g481g3g148g135g137g151g142g131g150g145g148g155g481g3g145g148g3g142g135g137g131g142g3g148g135g147g151g139g148g135g143g135g144g150g149 17

21、6 Supporting controls 17g888g484g883g3 g10g135g144g135g148g131g142 17g888g484g884g3 g7g139g148g135g133g150g3g4g150g150g131g133g138g135g134g3g22g150g145g148g131g137g135g3g523g7g4g22g524 . 17g888g484g885g3 g22g150g145g148g131g137g135g3g144g135g150g153g145g148g141g139g144g137 18g888g484g885g484g883g3 g

22、5g131g133g141g137g148g145g151g144g13418g888g484g885g484g884g3 g22g150g145g148g131g137g135g3g4g148g135g131g3g17g135g150g153g145g148g141g149g3g523g22g4g17g524 . 18g888g484g885g484g885g3 g17g135g150g153g145g148g141g3g4g150g150g131g133g138g135g134g3g22g150g145g148g131g137g135g3g523g17g4g22g524 . 23g888g

23、484g886g3 g22g150g145g148g131g137g135g3g143g131g144g131g137g135g143g135g144g150 24g888g484g886g484g883g3 g5g131g133g141g137g148g145g151g144g13424g888g484g886g484g884g3 g4g151g150g138g135g144g150g139g133g131g150g139g145g144g3g131g144g134g3g131g151g150g138g145g148g139g156g131g150g139g145g144 g884g888g

24、888g484g886g484g885g3 g22g135g133g151g148g135g3g150g138g135g3g143g131g144g131g137g135g143g135g144g150g3g139g144g150g135g148g136g131g133g135g149 . 27g888g484g886g484g886g3 g22g135g133g151g148g139g150g155g3g131g151g134g139g150g139g144g137g481g3g131g133g133g145g151g144g150g139g144g137g481g3g131g144g134

25、g3g143g145g144g139g150g145g148g139g144g137 28g888g484g886g484g887g3 g22g155g149g150g135g143g3g138g131g148g134g135g144g139g144g137 .30g888g484g887g3 g5g142g145g133g141g486g132g131g149g135g134g3g149g150g145g148g131g137g135 . 31g888g484g887g484g883g3 g9g139g132g148g135g3g6g138g131g144g144g135g142g3g523

26、g9g6g524g3g149g150g145g148g131g137g135 31g888g484g887g484g884g3 g12g19g3g149g150g145g148g131g137g135 . 31g888g484g888g3 g9g139g142g135g486g132g131g149g135g134g3g149g150g145g148g131g137g135 . 32g888g484g888g484g883g3 g17g9g22g486g132g131g149g135g134g3g17g4g22 .32g888g484g888g484g884g3 g22g16g5g512g6g

27、12g9g22g486g132g131g149g135g134g3g17g4g22 33g888g484g888g484g885g3 g19g131g148g131g142g142g135g142g3g17g9g22g486g132g131g149g135g134g3g17g4g22 . 33g888g484g889g3 g18g132g140g135g133g150g486g132g131g149g135g134g3g149g150g145g148g131g137g135 34g888g484g889g484g883g3 g6g142g145g151g134g3g133g145g143g14

28、6g151g150g139g144g137g3g149g150g145g148g131g137g135 . 34g888g484g889g484g884g3 g18g132g140g135g133g150g486g132g131g149g135g134g3g22g150g145g148g131g137g135g3g7g135g152g139g133g135g3g523g18g22g7g524 . 35g888g484g889g484g885g3 g6g145g144g150g135g144g150g3g4g134g134g148g135g149g149g131g132g142g135g3g22

29、g150g145g148g131g137g135g3g523g6g4g22g524 . g885g888g888g484g890g3 g22g150g145g148g131g137g135g3g149g135g133g151g148g139g150g155g3g149g135g148g152g139g133g135g149 . 37g888g484g890g484g883g3 g7g131g150g131g3g149g131g144g139g150g139g156g131g150g139g145g144 .37g888g484g890g484g884g3 g7g131g150g131g3g13

30、3g145g144g976g139g134g135g144g150g139g131g142g139g150g155 40g888g484g890g484g885g3 g7g131g150g131g3g148g135g134g151g133g150g139g145g144g149 42 ISO/IEC 2015 All rights reserved iiiBS EN ISO/IEC 27040:2016g12g22g18g512g12g8g6g3g884g889g882g886g882g483g884g882g883g887g525g8g526BS ISO/IEC 27040:2015ISO/

31、IEC 27040:2015(E)7 Guidelines for the design and implementation of storage security .43g889g484g883g3 g10g135g144g135g148g131g142 43g889g484g884g3 g22g150g145g148g131g137g135g3g149g135g133g151g148g139g150g155g3g134g135g149g139g137g144g3g146g148g139g144g133g139g146g142g135g149 437.2.1 Defence in dept

32、h .43g889g484g884g484g884g3 g22g135g133g151g148g139g150g155g3g134g145g143g131g139g144g149 447.2.3 Design resilience .45g889g484g884g484g886g3 g22g135g133g151g148g135g3g139g144g139g150g139g131g142g139g156g131g150g139g145g14445g889g484g885g3 g7g131g150g131g3g148g135g142g139g131g132g139g142g139g150g155

33、g481g3g131g152g131g139g142g131g132g139g142g139g150g155g481g3g131g144g134g3g148g135g149g139g142g139g135g144g133g135 45g889g484g885g484g883g3 g21g135g142g139g131g132g139g142g139g150g155 45g889g484g885g484g884g3 g4g152g131g139g142g131g132g139g142g139g150g155 g886g888g889g484g885g484g885g3 g5g131g133g14

34、1g151g146g149g3g131g144g134g3g148g135g146g142g139g133g131g150g139g145g144 . g886g888g889g484g885g484g886g3 g7g139g149g131g149g150g135g148g3g21g135g133g145g152g135g148g155g3g131g144g134g3g5g151g149g139g144g135g149g149g3g6g145g144g150g139g144g151g139g150g155 477.3.5 Resilience 48g889g484g886g3 g7g131g

35、150g131g3g148g135g150g135g144g150g139g145g144 . 487.4.1 Long-term retention 487.4.2 Short to medium-term retention 49g889g484g887g3 g7g131g150g131g3g133g145g144g976g139g134g135g144g150g139g131g142g139g150g155g3g131g144g134g3g139g144g150g135g137g148g139g150g155 50g889g484g888g3 g25g139g148g150g151g13

36、1g142g139g156g131g150g139g145g144 . 52g889g484g888g484g883g3 g22g150g145g148g131g137g135g3g152g139g148g150g151g131g142g139g156g131g150g139g145g144 .52g889g484g888g484g884g3 g22g150g145g148g131g137g135g3g136g145g148g3g152g139g148g150g151g131g142g139g156g135g134g3g149g155g149g150g135g143g149 53g889g48

37、4g889g3 g7g135g149g139g137g144g3g131g144g134g3g139g143g146g142g135g143g135g144g150g131g150g139g145g144g3g133g145g144g149g139g134g135g148g131g150g139g145g144g149 . 54g889g484g889g484g883g3 g8g144g133g148g155g146g150g139g145g144g3g131g144g134g3g141g135g155g3g143g131g144g131g137g135g143g135g144g150g3g1

38、39g149g149g151g135g149 . 54g889g484g889g484g884g3 g4g142g139g137g144g3g149g150g145g148g131g137g135g3g131g144g134g3g146g145g142g139g133g155 . 55g889g484g889g484g885g3 g6g145g143g146g142g139g131g144g133g135 55g889g484g889g484g886g3 g22g135g133g151g148g135g3g143g151g142g150g139g486g150g135g144g131g144g

39、133g155 g887g888g889g484g889g484g887g3 g22g135g133g151g148g135g3g131g151g150g145g144g145g143g145g151g149g3g134g131g150g131g3g143g145g152g135g143g135g144g150 . 57Annex A g523g144g145g148g143g131g150g139g152g135g524 Media sanitization 60Annex B g523g139g144g136g145g148g143g131g150g139g152g135g524 Sele

40、cting appropriate storage security controls .75Annex C g523g139g144g136g145g148g143g131g150g139g152g135g524 Important security concepts .96Bibliography . 109iv ISO/IEC 2015 All rights reservedBS EN ISO/IEC 27040:2016g12g22g18g512g12g8g6g3g884g889g882g886g882g483g884g882g883g887g525g8g526BS ISO/IEC 2

41、7040:2015ISO/IEC 27040:2015(E)Forewordg12g22g18g3 g523g150g138g135g3 g12g144g150g135g148g144g131g150g139g145g144g131g142g3 g18g148g137g131g144g139g156g131g150g139g145g144g3 g136g145g148g3 g22g150g131g144g134g131g148g134g139g156g131g150g139g145g144g524g3 g131g144g134g3 g12g8g6g3 g523g150g138g135g3 g1

42、2g144g150g135g148g144g131g150g139g145g144g131g142g3 g8g142g135g133g150g148g145g150g135g133g138g144g139g133g131g142g3g6g145g143g143g139g149g149g139g145g144g524g3 g136g145g148g143g3 g150g138g135g3 g149g146g135g133g139g131g142g139g156g135g134g3 g149g155g149g150g135g143g3 g136g145g148g3 g153g145g148g142

43、g134g153g139g134g135g3 g149g150g131g144g134g131g148g134g139g156g131g150g139g145g144g484g3 g17g131g150g139g145g144g131g142g3 g132g145g134g139g135g149g3 g150g138g131g150g3 g131g148g135g3g143g135g143g132g135g148g149g3 g145g136g3 g12g22g18g3 g145g148g3 g12g8g6g3 g146g131g148g150g139g133g139g146g131g150g

44、135g3 g139g144g3 g150g138g135g3 g134g135g152g135g142g145g146g143g135g144g150g3 g145g136g3 g12g144g150g135g148g144g131g150g139g145g144g131g142g3 g22g150g131g144g134g131g148g134g149g3 g150g138g148g145g151g137g138g3 g150g135g133g138g144g139g133g131g142g3g133g145g143g143g139g150g150g135g135g149g3 g135g1

45、49g150g131g132g142g139g149g138g135g134g3 g132g155g3 g150g138g135g3 g148g135g149g146g135g133g150g139g152g135g3 g145g148g137g131g144g139g156g131g150g139g145g144g3 g150g145g3 g134g135g131g142g3 g153g139g150g138g3 g146g131g148g150g139g133g151g142g131g148g3 g976g139g135g142g134g149g3 g145g136g3 g150g135g

46、133g138g144g139g133g131g142g3g131g133g150g139g152g139g150g155g484g3g12g22g18g3g131g144g134g3g12g8g6g3g150g135g133g138g144g139g133g131g142g3g133g145g143g143g139g150g150g135g135g149g3g133g145g142g142g131g132g145g148g131g150g135g3g139g144g3g976g139g135g142g134g149g3g145g136g3g143g151g150g151g131g142g3g

47、139g144g150g135g148g135g149g150g484g3g18g150g138g135g148g3g139g144g150g135g148g144g131g150g139g145g144g131g142g3g145g148g137g131g144g139g156g131g150g139g145g144g149g481g3g137g145g152g135g148g144g143g135g144g150g131g142g3g131g144g134g3g144g145g144g486g137g145g152g135g148g144g143g135g144g150g131g142g4

48、81g3g139g144g3g142g139g131g139g149g145g144g3g153g139g150g138g3g12g22g18g3g131g144g134g3g12g8g6g481g3g131g142g149g145g3g150g131g141g135g3g146g131g148g150g3g139g144g3g150g138g135g3g153g145g148g141g484g3g12g144g3g150g138g135g3g976g139g135g142g134g3g145g136g3g139g144g136g145g148g143g131g150g139g145g144g

49、3g150g135g133g138g144g145g142g145g137g155g481g3g12g22g18g3g131g144g134g3g12g8g6g3g138g131g152g135g3g135g149g150g131g132g142g139g149g138g135g134g3g131g3g140g145g139g144g150g3g150g135g133g138g144g139g133g131g142g3g133g145g143g143g139g150g150g135g135g481g3ISO/IEC JTC 1.g23g138g135g3 g146g148g145g133g135g134g151g148g135g149g3 g151g149g135g134g3 g150g145g3 g134g135g152g135g142g145g146g3 g150g138g139g149g3 g134g145g133g151g143g135g144g150g3 g131g144g134g3 g150g138g145g149g135g3 g139g144g150g135g144g134g135g134g3 g136g145g148g3 g139g150g149g3 g136g151g148g150g138g135g148g3 g