Organizational Normative Framework

1.Specified in ISO 27034

2.Defines components of application security best practices:

    + Business context

    + Regulatory context

    + Technical context

    + Specifications

    + Roles

    + Processes

    + ASC Library (Application Security Control) 

 

Application Normative Framework

    + Used in conjunction with the ONF and is created for specific applications

    + Think of best practices for applications within the context of the organization.