1. Home
  2. Russian standards
  3. GOST
  4. GOST R ISO/IEC 27034-6-2021

GOST R ISO/IEC 27034-6-2021 PDF

GOST R ISO/IEC 27034-6-2021

Name in English:
GOST R ISO/IEC 27034-6-2021

Name in Russian:
ГОСТ Р ИСО/МЭК 27034-6-2021

Description in English:

Information technology. Security techniques. Application security. Part 6. Case studies

Description in Russian:
Информационные технологии. Методы и средства обеспечения безопасности. Безопасность приложений. Часть 6. Практические примеры
Document status:
Active
Format:
Electronic (PDF)
Page count:
70
Delivery time (for English version):
12 business days
Delivery time (for Russian version):
1 business day
SKU:
GOST44888
Choose Document Language:
€10

Full title and description

GOST R ISO/IEC 27034-6-2021 — Information technology. Security techniques. Application security. Part 6: Case studies. National (GOST R) adoption of the ISO/IEC 27034-6 guidance providing practical case studies and example Application Security Controls (ASCs) for use in application security programs and secure development lifecycles.

Abstract

This standard collects non‑normative case studies and concrete examples of Application Security Controls (ASCs), ASC data representations (including XML examples), and mappings of security controls into development lifecycle phases. It is intended to help organisations adapt the ISO/IEC 27034 application‑security framework to real projects by supplying ready examples, stakeholder roles, verification and measurement activities, and sample ASC structures that can be adapted for organizational ASC libraries.

General information

  • Status: Active (national GOST R adoption).
  • Publication date: 30 November 2021.
  • Publisher: Published as a GOST R national standard within the Russian standards system (implemented via the national standards body / Rosstandart framework).
  • ICS / categories: 35.030 — IT security (application security).
  • Edition / version: 2021 (GOST R ISO/IEC 27034-6-2021; adoption of ISO/IEC 27034‑6 content as published internationally).
  • Number of pages: 70 pages.

Scope

Provides illustrative case studies and usage examples of Application Security Controls for specific application types and scenarios. The document is informative (non‑normative): it demonstrates how ASCs can be structured, represented (including XML examples), and integrated into an organisation’s Application Security Life Cycle and Organizational Normative Framework (ONF). Its purpose is to serve as practical, adaptable templates and examples rather than mandatory prescriptions.

Key topics and requirements

  • Application Security Controls (ASC) examples and hierarchical ASC libraries.
  • ASC data structure and XML representation examples to enable consistent encoding and tool integration.
  • Case studies such as code‑review controls for Java applications, cross‑jurisdictional privacy requirements, and third‑party ASC integration.
  • Mapping ASCs to secure development lifecycle phases (requirements, design, implementation, verification, release, sustainment).
  • Stakeholder roles and responsibilities for ASC creation, validation, approval and electronic signing / integrity measures.
  • Guidance on adapting sample ASCs to organisational context and creating an ONF‑aligned ASC library (informative, not mandatory).

Typical use and users

Useful to application security teams, security architects, developers with security responsibilities, ONF/ASC library maintainers, tool vendors implementing ASC import/export, QA/verification teams and auditors seeking practical examples to validate application security controls. The standard is primarily a practical supplement to the broader ISO/IEC 27034 framework.

Related standards

This part belongs to the ISO/IEC 27034 series (application security). Key related documents include ISO/IEC 27034‑1 (concepts/definitions), ISO/IEC 27034‑5 and 27034‑5‑1 (ASC protocols and XML data structures), and other parts of the series that cover organization normative frameworks, lifecycle processes and assurance models. The material is developed within the ISO/IEC JTC1/SC27 work on information security techniques.

Keywords

Application security, Application Security Controls (ASC), ONF (Organizational Normative Framework), ASC XML, secure development lifecycle (SDLC), case studies, GOST R, ISO/IEC 27034.

FAQ

Q: What is this standard?

A: GOST R ISO/IEC 27034-6-2021 is the Russian national (GOST R) adoption of the ISO/IEC 27034‑6 document that provides case studies and example Application Security Controls for application security.

Q: What does it cover?

A: It covers illustrative, non‑normative case studies and example ASCs (including XML examples), stakeholder roles, mappings to SDLC phases, and guidance for adapting example controls into an organisation’s ASC library and ONF. It does not prescribe mandatory technical requirements but supplies practical templates and examples.

Q: Who typically uses it?

A: Application security teams, security architects, developers, QA and verification teams, auditors, ONF committees and tool vendors looking for implementable ASC examples and representations.

Q: Is it current or superseded?

A: As published for the GOST R registry, the document is dated 30 November 2021 and is listed as active. Users should check the national registry or ISO channels for any later revisions or confirmations relevant to their jurisdiction before relying on it for compliance processes.

Q: Is it part of a series?

A: Yes — it is Part 6 of the ISO/IEC 27034 series on application security; other parts cover concepts (Part 1), organizational normative frameworks, management processes, ASC protocols/data structures (Part 5 / 5‑1) and assurance models (Part 7).

Q: What are the key keywords?

A: Application Security Controls (ASC), ONF, ASC XML, case studies, application security, SDLC, GOST R, ISO/IEC 27034.