{"id":223,"date":"2021-05-04T13:03:23","date_gmt":"2021-05-04T05:03:23","guid":{"rendered":"https:\/\/choson_steven.lifenet.com.tw\/?p=223"},"modified":"2023-03-29T16:54:13","modified_gmt":"2023-03-29T08:54:13","slug":"%e5%ae%89%e5%85%a8%e6%a1%86%e6%9e%b6%e5%92%8c%e6%88%90%e7%86%9f%e5%ba%a6%e6%a8%a1%e5%9e%8bsecurity-frameworks-and-maturity-models","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=223","title":{"rendered":"\u5b89\u5168\u6846\u67b6\u548c\u6210\u719f\u5ea6\u6a21\u578b(Security Frameworks and Maturity Models)"},"content":{"rendered":"\n<p><strong>\u69cb\u67b6(Frameworks)<\/strong><br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160mYV1DMpjbQ.jpg\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160mYV1DMpjbQ.jpg\"><br>-NIST\u7db2\u7d61\u5b89\u5168\u6846\u67b6(NIST Cybersecurity Framework)<\/p>\n\n\n\n<p>.&nbsp;<a href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\" rel=\"noreferrer noopener\">NIST\u7db2\u7d61\u5b89\u5168\u6846\u67b6\uff08CSF<\/a>\uff09<br>. \u8a8d\u8b58\u5230\u7f8e\u570b\u7684\u570b\u5bb6\u548c\u7d93\u6fdf\u5b89\u5168\u53d6\u6c7a\u65bc\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7684\u53ef\u9760\u529f\u80fd\uff0c\u7e3d\u7d71\u65bc2013\u5e742\u6708\u767c\u5e03\u4e86\u7b2c13636\u865f\u884c\u653f\u547d<br>\u4ee4\uff0c\u201c\u6539\u5584\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7db2\u7d61\u5b89\u5168\u201d\u3002<br>. \u8a72\u547d\u4ee4\u6307\u793aNIST\u8207\u5229\u76ca\u76f8\u95dc\u8005\u5408\u4f5c\uff0c\u6839\u64da\u73fe\u6709\u6a19\u6e96\uff0c\u6307\u5357\u548c\u505a\u6cd5\uff0c\u958b\u767c\u4e00\u500b\u81ea\u9858\u6846\u67b6\uff0c\u4ee5\u6e1b\u5c11\u95dc\u9375\u57fa\u790e\u8a2d\u65bd<br>\u7684\u7db2\u7d61\u98a8\u96aa\u30022014\u5e74\u7684\u300a\u7db2\u7d61\u5b89\u5168\u589e\u5f37\u6cd5\u300b\u52a0\u5f37\u4e86NIST\u7684EO 13636\u89d2\u8272\u3002<br>. OWASP\u7db2\u7d61\u9632\u79a6\u77e9\u9663<br>. \u7db2\u7d61\u9632\u79a6\u77e9\u9663\u901a\u904e\u908f\u8f2f\u7d50\u69cb\u5e6b\u52a9\u6211\u5011\u4e86\u89e3\u6211\u5011\u9700\u8981\u7d44\u7e54\u7684\u5167\u5bb9\uff0c\u56e0\u6b64\uff0c\u7576\u6211\u5011\u9032\u5165\u5b89\u5168\u4f9b\u61c9\u5546\u5e02\u5834\u6642\uff0c\u6211\u5011\u53ef<br>\u4ee5\u5feb\u901f\u8b58\u5225\u51fa\u54ea\u4e9b\u7522\u54c1\u53ef\u4ee5\u89e3\u6c7a\u54ea\u4e9b\u554f\u984c\uff0c\u4e26\u53ef\u4ee5\u4e86\u89e3\u7d66\u5b9a\u7522\u54c1\u7684\u6838\u5fc3\u529f\u80fd\u662f\u4ec0\u9ebc\u3002<br>. \u5118\u7ba1\u6700\u521d\u5275\u5efa\u4e86\u7db2\u7d61\u9632\u79a6\u77e9\u9663\u4f86\u5e6b\u52a9\u7d44\u7e54\u5b89\u5168\u6280\u8853\uff0c\u4f46\u4ecd\u767c\u73fe\u4e86\u8a31\u591a\u5176\u4ed6\u7528\u4f8b\u4f86\u5e6b\u52a9\u69cb\u5efa\uff0c\u7ba1\u7406\u548c\u904b\u884c\u5b89\u5168\u7a0b<br>\u5e8f\u3002<br>. \u7db2\u7d61\u9632\u79a6\u77e9\u9663\u7684\u57fa\u672c\u69cb\u5efa\u59cb\u65bc\u5169\u500b\u7dad\u5ea6\u3002<br>. \u7b2c\u4e00\u7dad\u5ea6\u6355\u7372\u76845\u64cd\u4f5c\u529f\u80fd\u7684\u7684NIST\u7db2\u7d61\u5b89\u5168\u6846\u67b6\uff1a\u9451\u5225\uff0c\u4fdd\u8b77\uff0c\u6aa2\u6e2c\uff0c\u97ff\u61c9\uff0c\u548c\u6062\u5fa9\u3002<br>. \u7b2c\u4e8c\u500b\u7dad\u5ea6\u6355\u7372\u4e86\u6211\u5011\u5617\u8a66\u78ba\u4fdd\u7684\u4e94\u500b\u8cc7\u7522\u985e\u5225\uff1a\u8a2d\u5099\uff0c\u61c9\u7528\u7a0b\u5e8f\uff0c\u7db2\u7d61\uff0c\u6578\u64da\u548c\u7528\u6236\u3002<br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160cfZSXAOiIu.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160cfZSXAOiIu.png\"><br>-\u7db2\u7d61\u9632\u79a6\u77e9\u9663\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/owasp.org\/www-project-cyber-defense-matrix\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP<\/a>\uff09<\/p>\n\n\n\n<p><strong>\u6210\u719f\u5ea6\u6a21\u578b(Maturity Models)<\/strong><br>.&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Capability_Maturity_Model_Integration\" target=\"_blank\" rel=\"noreferrer noopener\">ISACA\u80fd\u529b\u6210\u719f\u5ea6\u6a21\u578b\u96c6\u6210\uff08CMMI\uff09<\/a><br>. \u5b83\u662f\u7531ISACA\u7684\u5b50\u516c\u53f8CMMI Institute\u7ba1\u7406\u7684\uff0c\u7531\u5361\u5167\u57fa\u6885\u9686\u5927\u5b78\uff08CMU\uff09\u958b\u767c\u3002<br>. \u8a31\u591a\u7f8e\u570b\u653f\u5e9c\u5408\u540c\u90fd\u8981\u6c42\u9019\u6a23\u505a\uff0c\u5c24\u5176\u662f\u5728\u8edf\u4ef6\u958b\u767c\u4e2d\u3002<br>. 2016\u5e743\u6708\uff0cCMMI\u7814\u7a76\u6240\u88abISACA\u6536\u8cfc\u3002<br>.&nbsp;<a href=\"https:\/\/www.acq.osd.mil\/cmmc\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u7db2\u7d61\u5b89\u5168\u6210\u719f\u5ea6\u6a21\u578b\u8a8d\u8b49\uff08CMMC\uff09<\/a><br>. \u570b\u9632\u90e8\u8ca0\u8cac\u6536\u8cfc\u548c\u7dad\u6301\u4e8b\u52d9\u7684\u526f\u79d8\u66f8\u9577\u8fa6\u516c\u5ba4\uff08OUSD\uff08A\uff06S\uff09\uff09\u8a8d\u8b58\u5230\uff0c\u5b89\u5168\u662f\u6536\u8cfc\u7684\u57fa\u790e\uff0c\u4e0d\u61c9\u8207\u5b89\u5168\uff0c<br>\u65e5\u7a0b\u548c\u7e3e\u6548\u4e00\u8d77\u9032\u884c\u4ea4\u6613\u3002<br>. \u7f8e\u570b\u570b\u9632\u90e8\u81f4\u529b\u65bc\u8207\u570b\u9632\u5de5\u696d\u57fa\u5730\uff08DIB\uff09\u90e8\u9580\u5408\u4f5c\uff0c\u4ee5\u52a0\u5f37\u5c0d\u4f9b\u61c9\u93c8\u4e2d\u53d7\u63a7\u975e\u6a5f\u5bc6\u4fe1\u606f\uff08CUI\uff09\u7684\u4fdd\u8b77\u3002<br>.&nbsp;<a href=\"https:\/\/www.iso.org\/standard\/44716.html\" target=\"_blank\" rel=\"noreferrer noopener\">ISO \/ IEC 21827\uff0c\u7cfb\u7d71\u5b89\u5168\u5de5\u7a0b\u2014\u80fd\u529b\u6210\u719f\u5ea6\u6a21\u578b\uff08SSE-CMM\uff09<\/a><br>. ISO \/ IEC 21827\uff1a2008\u63cf\u8ff0\u4e86\u7d44\u7e54\u7684\u5b89\u5168\u5de5\u7a0b\u904e\u7a0b\u7684\u57fa\u672c\u7279\u5fb5\uff0c\u9019\u4e9b\u7279\u5fb5\u5fc5\u9808\u5b58\u5728\u4ee5\u78ba\u4fdd\u826f\u597d\u7684\u5b89\u5168\u5de5<br>\u7a0b\u3002<br>. ISO \/ IEC 21827\uff1a2008\u6c92\u6709\u898f\u5b9a\u7279\u5b9a\u7684\u904e\u7a0b\u6216\u9806\u5e8f\uff0c\u800c\u662f\u8a18\u9304\u4e86\u884c\u696d\u4e2d\u666e\u904d\u89c0\u5bdf\u5230\u7684\u5be6\u8e10\u3002<br>.&nbsp;<a href=\"https:\/\/owasp.org\/www-project-samm\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP\u8edf\u4ef6\u4fdd\u969c\u6210\u719f\u5ea6\u6a21\u578b\uff08SAMM\uff09<\/a><br>. \u6211\u5011\u7684\u4f7f\u547d\u662f\u70ba\u60a8\u63d0\u4f9b\u4e00\u7a2e\u6709\u6548\u4e14\u53ef\u8861\u91cf\u7684\u65b9\u6cd5\uff0c\u4ee5\u5206\u6790\u548c\u6539\u5584\u5b89\u5168\u7684\u958b\u767c\u751f\u547d\u9031\u671f\u3002<br>. SAMM\u652f\u6301\u5b8c\u6574\u7684\u8edf\u4ef6\u751f\u547d\u9031\u671f\uff0c\u4e26\u4e14\u8207\u6280\u8853\u548c\u904e\u7a0b\u7121\u95dc\u3002\u6211\u5011\u5efa\u7acb\u4e86SAMM\uff0c\u4f7f\u5176\u672c\u8cea\u4e0a\u5177\u6709\u767c\u5c55\u6027\u548c\u98a8\u96aa\u9a45<br>\u52d5\u6027\uff0c\u56e0\u70ba\u6c92\u6709\u4e00\u7a2e\u9069\u7528\u65bc\u6240\u6709\u7d44\u7e54\u7684\u65b9\u6cd5\u3002<br>. \u8edf\u4ef6\u4fdd\u969c\u6210\u719f\u5ea6\u6a21\u578b\uff08SAMM\uff09\u662f\u4e00\u500b\u958b\u653e\u6846\u67b6\uff0c\u53ef\u5e6b\u52a9\u7d44\u7e54\u88fd\u5b9a\u548c\u5be6\u65bd\u91dd\u5c0d\u7d44\u7e54\u6240\u9762\u81e8\u7684\u7279\u5b9a\u98a8\u96aa\u91cf\u8eab\u5b9a\u5236<br>\u7684\u8edf\u4ef6\u5b89\u5168\u7b56\u7565\u3002<br>.&nbsp;<a href=\"https:\/\/www.rims.org\/resources\/strategic-enterprise-risk-center\/risk-maturity-model\" target=\"_blank\" rel=\"noreferrer noopener\">RIMS\u98a8\u96aa\u6210\u719f\u5ea6\u6a21\u578b<\/a><br>. RIMS\u98a8\u96aa\u6210\u719f\u5ea6\u6a21\u578b\uff08RMM\uff09\u65e2\u662f\u4f01\u696d\u98a8\u96aa\u7ba1\u7406\u7684\u6700\u4f73\u5be6\u8e10\u6846\u67b6\uff0c\u53c8\u662f\u91dd\u5c0d\u98a8\u96aa\u5c08\u696d\u4eba\u54e1\u7684\u514d\u8cbb\u5728\u7dda\u8a55\u4f30\u5de5<br>\u5177\u3002<br>. RMM\u5141\u8a31\u60a8\u8a55\u4f30ERM\u8a08\u5283\u7684\u5be6\u529b\uff0c\u4e26\u6839\u64da\u7d50\u679c\u5236\u5b9a\u6539\u9032\u8a08\u5283\u3002<\/p>\n\n\n\n<p><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160qNuCgGjTQq.jpg\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160qNuCgGjTQq.jpg\"><br>-CMMI\u661f\u5ea7\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/www.plays-in-business.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">https : \/\/www.plays-in-business.com<\/a>\uff09<br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160FnU5OHbniD.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160FnU5OHbniD.png\"><br>-SAMM\u6982\u8ff0\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/owaspsamm.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">https : \/\/owaspsamm.org<\/a>\uff09<br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160Fs8jyMEdZN.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210504\/20132160Fs8jyMEdZN.png\"><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>-CMMC\u7d1a\u5225\uff0c\u6d41\u7a0b\u548c\u5be6\u8e10\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/aws.amazon.com\/blogs\/publicsector\/how-plan-cybersecurity-maturity-model-certification-cmmc\/\" target=\"_blank\" rel=\"noreferrer noopener\">AWS<\/a>\uff09<\/p>\n<\/blockquote>\n\n\n\n<p>\u53c3\u8003<br>.&nbsp;<a href=\"https:\/\/securityboulevard.com\/2020\/01\/understanding-cybersecurity-maturity-model-certification-cmmc\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u4e86\u89e3\u7db2\u7d61\u5b89\u5168\u6210\u719f\u5ea6\u6a21\u578b\u8a8d\u8b49\uff08CMMC\uff09<\/a><br>.&nbsp;<a href=\"https:\/\/aws.amazon.com\/blogs\/publicsector\/how-plan-cybersecurity-maturity-model-certification-cmmc\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u898f\u5283\u7db2\u7d61\u5b89\u5168\u6210\u719f\u5ea6\u6a21\u578b\u8a8d\u8b49\uff08CMMC\uff09<\/a><br>.&nbsp;<a href=\"https:\/\/www.acq.osd.mil\/cmmc\/docs\/CMMC_v1.0_Public_Briefing_20200131_v2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">CMMC\u6a21\u578bv1.0<\/a><\/p>\n\n\n\n<p>\u8cc7\u6599\u4f86\u6e90\uff1a\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/wentzwu.com\/2021\/01\/12\/security-frameworks-and-maturity-models\/\" target=\"_blank\">Wentz Wu \u7db2\u7ad9<\/a><\/p>\n\n\n\n<p>PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u69cb\u67b6(Frameworks)-NIST\u7db2\u7d61\u5b89\u5168\u6846\u67b6(NIST Cybersecurity Framework) [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-223","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=223"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/223\/revisions"}],"predecessor-version":[{"id":2889,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/223\/revisions\/2889"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}