ISO/IEC 18974:2023
(Main)Information technology — OpenChain security assurance specification
Information technology — OpenChain security assurance specification
This specification contains the key requirements of a quality open source software security assurance program that establishes trust between organizations exchanging software solutions comprised of open source software.
Titre manque
General Information
Buy Standard
Standards Content (Sample)
International
Standard
ISO/IEC 18974
First edition
Information technology —
2023-12
OpenChain security assurance
specification
Reference number
ISO/IEC 18974:2023(en) © ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC 18974:2023(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2023 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO/IEC 18974:2023(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Requirements . 3
4.1 Program foundation .3
4.1.1 Policy .3
4.1.2 Competence .3
4.1.3 Awareness .3
4.1.4 Program scope .4
4.1.5 Standard practice implementation .4
4.2 Relevant tasks defined and supported .5
4.2.1 Access .5
4.2.2 Effectively resourced .5
4.3 Open source software content review and approval .6
4.3.1 Software bill of materials .6
4.3.2 Security assurance .6
4.4 Adherence to the specification requirements .7
4
...
INTERNATIONAL ISO/IEC
STANDARD 18974
First edition
Information technology — OpenChain
security assurance specification
PROOF/ÉPREUVE
Reference number
ISO/IEC 18974:2023(E)
© ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC 18974:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
PROOF/ÉPREUVE © ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 18974:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Requirements . 3
4.1 Program foundation . 3
4.1.1 Policy . 3
4.1.2 Competence . 3
4.1.3 Awareness . 4
4.1.4 Program scope . 4
4.1.5 Standard practice implementation . 4
4.2 Relevant tasks defined and supported . 5
4.2.1 Access . 5
4.2.2 Effectively resourced . 5
4.3 Open source software content review and approval . 6
4.3.1 Software bill of materials . 6
4.3.2 Security assurance . 6
4.4 Adherence to the specification requirements . 7
4.4.1 Completeness . 7
4.4.2 Certification dura
...
Style Definition
ISO #####-#:####(E)/IEC PRF 18974
...
Formatted: English (United Kingdom)
ISO TC ###/SC ##/WG #/IEC JTC 1
Formatted: English (United Kingdom)
Secretariat: XXXX ANSI
Formatted: zzCover large, Left
Formatted: English (United Kingdom)
Date: 2023-09-25
Formatted: zzCover, Left, Space After: 0 pt
Formatted: English (United Kingdom)
Formatted: English (United Kingdom)
Information technology — OpenChain Security Assurance
Formatted: Cover Title_A1, Line spacing: single
Specificationsecurity assurance specification
Formatted
...
PAS Submission
FDIS stage
© ISO/IEC 2023 – All rights reserved
---------------------- Page: 1 ----------------------
ISO/IEC PRF 18974:2023(E)
© ISO 2022/IEC 2023
Formatted: English (United Kingdom)
Formatted: Indent: Left: 0 cm, Right: 0 cm, Space
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
Before: 0 pt, No page break before, Adjust space
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
between Latin and Asian text, Adjust space between
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can
Asian text and numbers, Border: Top: (No border), Left:
be requested from either ISO at the address below or ISO’s member body in the country of the requester.
(No border), Right: (No border)
ISO copyright office
Formatted: English (United Kingdom)
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Formatted: French (France)
Formatted: French (France)
Fax: +41 22 749 09 47
EmailE-mail: copyright@iso.org
Formatted: zzCopyright address, Indent: Left: 0 cm,
Website: www.iso.orgwww.iso.org
First line: 0 cm, Right: 0 cm, Adjust space between Latin
and Asian text, Adjust space between Asian text and
Published in Switzerland
numbers, Border: Left: (No border), Right: (No border)
Formatted: French (France)
Formatted: French (Switzerland)
Formatted: French (Switzerland)
Formatted: English (United Kingdom)
ii © ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC PRF 18974:2023(E)
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Requirements . 3
4.1 Program foundation . 3
4.1.1 Policy . 3
4.1.2 Competence . 4
4.1.3 Awareness . 4
4.1.4 Program scope . 5
4.1.5 Standard practice implementation . 5
4.2 Relevant tasks defined and supported . 6
4.2.1 Access . 6
4.2.2 Effectively resourced .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.