Security standards

Standard id Standard Clasification
SEC.STD.001 Follow OWASP (Open Web Application Security Project) guideline to secure citizen service, e-service and government application systems Mandatory
SEC.STD.002 Follow Government of Bangladesh Information Security Manual (GoBISM) Mandatory
SEC.STD.003 Follow ISO/IEC/BDS 27001:2015 for Information security management System Mandatory
SEC.STD.004 Follow Cloud Computing Policy
SEC.STD.005 Follow Secure Coding Guideline Mandatory
SEC.STD.006 Follow Payment Card Industry Data Security Standard (PCI-DSS) for management of credit cards Recommended
SEC.STD.007 Follow Control Objectives for Information and related Technology (COBIT) - information security framework Recommended
SEC.STD.008 Follow Sarbanes-Oxley Act of 2002 (SOX) act is also known as the public company accounting reform and investor protection act. SOX requirements indirectly compel management to consider information security controls on systems across the organization in order to comply with SOX. Recommended
SEC.STD.009 Follow Digital Forensics Laboratory (DFL) guideline Recommended
SEC.STD.010 Follow ISO/IEC/BDS 31000:2018 for Risk Management Guidelines Recommended
SEC.STD.011 Follow CII (Critical Information Infrastructure) Security Guideline for CII organizations
SEC.STD.012 Use FIDO (Fast IDentity Online) authentication standard where applicable Recommended
SEC.STD.013 Follow the standard ISO 22301:2019
Security and resilience — Business continuity management systems Requirements for Business Continuity Management