DANSK DSF/ISO/IEC DIS 27034-7.2 PDF

This document describes the minimum requirements applicable to the Application Security Controls (ASCs) reused in an Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated Application Security Control (ASC) to achieve an Actual Level of Trust. The use of Prediction Application Security Rationales (PASR), defined by ISO/IEC 27034 Part 7, requires the project team to have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust.