A continuación voy a listar el conjunto de normas publicadas o en proceso de elaboración de la serie ISO 27000 a diciembre de 2008.
Estos resultados son fruto de una consulta a la Web de ISO.org en relación al área de trabajo del Subcomité 27 del JTC 1 - IT Security techniques.
El estado de las normas se codifica en base a unos acrónimos que ISO tiene identificados y que son:
1.PWI = Preliminary Work Item - initial feasibility and scoping activities
2.NP = New Proposal (or study period) - formal scoping phase
3.WD = Working Draft (1st WD, 2nd WD etc.) - development phase
4.CD = Committee Draft (1st CD, 2nd CD etc.)- quality control phase
5.FCD = Final Committee Draft - ready for final approval.
6.DIS = Draft International Standard - nearly there. Stage 40.
7.FDIS = Final Draft or Distribution International Standard - just about ready to publish. Stage 50.
8.IS = International Standard - published. Stage 60.
9. Under revisión. Stage 90.
Como podréis comprobar en la siguiente relación de normas, hay bastantes ya en el Stage 40 y 50 lo que indica que pronto pueden ver la luz. La situación actual del marco internacional de normas ISO 27000 es:
ISO/IEC FCD 27000. Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary. Stage:40.99
ISO/IEC 27001:2005. Information technology -- Security techniques -- Information security management systems -- Requirements. Stage:60.60
ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management. Stage:90.92
ISO/IEC FCD 27003 Information technology -- Information security management system implementation guidance. Stage:40.20
ISO/IEC FCD 27004.2 Information technology -- Security techniques -- Information security management -- Measurement. Stage:40.20
ISO/IEC 27005:2008 Information technology -- Security techniques -- Information security risk management. Stage:60.60
ISO/IEC 27006:2007 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems. Stage:60.60
ISO/IEC WD 27007 Guidelines for Information security management systems auditing. Stage:20.60
ISO/IEC FDIS 27011 Information technology -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002. Stage:50.60
ISO/IEC NP 27012 Information technology - Security techniques -- ISM guidelines for e-government services. Stage:10.99
ISO/IEC NP 27032 Guidelines for cybersecurity. Stage:10.99
ISO/IEC NP 27033 Information technology -- IT Network security. Stage:10.99
stá en modo borrador la nueva ISO 27033 que es la revisión de la ISO/IEC 18028-1:2006 destinada a la seguridad de redes de comunicaciones. ISO 27033 pretende ser un complemento exhaustivo para todos los aspectos relacionados con la seguridad en redes que vienen definidos en ISO 27002.
ISO/IEC CD 27033-1 Information technology -- Security techniques -- IT network security -- Part 1: Guidelines for network security. (FCD)
ISO/IEC WD 27033-2 Information technology -- Security techniques -- IT network security -- Part 2: Guidelines for the design and implementation of network security. (WD)
ISO/IEC WD 27033-3 Information technology -- Security techniques -- IT network security -- Part 3: Reference networking scenarios -- Risks, design techniques and control issues. (WD)
ISO/IEC NP 27033-4 Information technology -- Security techniques -- IT network security -- Part 4: Securing communications between networks using security gateways - Risks, design techniques and control issues. (NP)
ISO/IEC NP 27033-5 Information technology -- Security techniques -- IT network security -- Part 5: Securing Remote Access - Risks, design techniques and control issues. (NP)
ISO/IEC NP 27033-6 Information technology -- Security techniques -- IT network security -- Part 6: Securing communications across networks using Virtual Private Networks (VPNs) -- Risks, design techniques and control issues. (NP)
ISO/IEC NP 27033-7 Information technology -- Security techniques -- IT network security -- Part 7: Guidelines for securing (specific networking technology topic heading(s) to be inserted3) -- Risks, design techniques and control issues. Stage:10.99
Más información detallada de cada uno de estos documentos en
ISO27001security.com ISO/IEC NP 27034 Guidelines for application security. Stage:10.99
ISO/IEC NP 27037 Information technology - Security techniques -- on Information security management: Sector to sector interworking and communications for industry and government . Stage:10.99
El detalle de los diferentes escalones dentro de cada nivel o stage lo podéis consultar en
Stages ISO.
Fuente: http://seguridad-informacion.blogspot.com/2008/12/estado-de-situacin-de-la-serie-iso.html