Work item:
|
X.sc-sscti
|
Subject/title:
|
Guidelines on Security Capabilities for Software Supply Chain in the Telecommunications Industry
|
Status:
|
Under study
|
Approval process:
|
TAP
|
Type of work item:
|
Recommendation
|
Version:
|
New
|
Equivalent number:
|
-
|
Timing:
|
2027-Q1 (Medium priority)
|
Liaison:
|
ISO/IEC JTC1 SC27 WG4 and WG5
|
Supporting members:
|
China Telecom, China unicom
|
Summary:
|
In the telecommunications industry, the rapid development of modern software development and supply models has greatly facilitated the rapid iteration and evolution of software. The unique characteristics and complexities of the telecommunications industry make security issues in the software supply chain particularly prominent. Compared to other industries, the telecommunications sector imposes stricter requirements on the reliability and security of software, as software plays a crucial role in the stability of communication networks and data security. Therefore, to address these challenges, it is necessary to develop standard specifications to provide guidance on building security capabilities for the software supply chain in the telecommunications industry, ensuring the security and reliability of the supply chain. This will provide unified guidance for software developers, suppliers, and users in the telecommunications industry to ensure adherence to unified and standardized best practices in the development, use, and maintenance of software.
This draft recommendation aims to give software supply chain security capabilities guidelines on the telecommunications industry, which defines comprehensive security capabilities and requirements for all processes in the software supply chain, from development to operation and maintenance.
Therefore, the draft recommendation will provide comprehensive security capabilities guidelines for stakeholders in the telecommunications industry's software supply chain to effectively address security threats. This draft recommendation is applicable to guiding stakeholders in the telecommunications industry to establish a framework for software supply chain security capabilities. Additionally, it will serve as a reference for software buyers, users, third-party organizations, and regulatory agencies to evaluate the software supply chain security in telecommunications industry.
|
Comment:
|
incubation queue
|
Reference(s):
|
|
|
Historic references:
|
Contact(s):
|
|
ITU-T A.5 justification(s): |
|
|
|
First registration in the WP:
2024-03-11 12:27:51
|
Last update:
2024-09-13 10:18:41
|