1.Specified in ISO 27034
2.Defines components of application security best practices:
+ Business context
+ Regulatory context
+ Technical context
+ Specifications
+ Roles
+ Processes
+ ASC Library (Application Security Control)
Application Normative Framework
+ Used in conjunction with the ONF and is created for specific applications
+ Think of best practices for applications within the context of the organization.