CLAVE O CÓDIGO | TÍTULO DE LA NORMA MEXICANA |
NMX-I-27018-NYCE-2021 | TECNOLOGÍAS DE LA INFORMACIÓN-TÉCNICAS DE SEGURIDAD-CÓDIGO DE PRÁCTICA PARA LA PROTECCIÓN DE DATOS PERSONALES (DP) EN NUBES PÚBLICAS QUE ACTÚAN COMO ENCARGADOS DE DP (CANCELA A LA NMX-I-27018-NYCE-2016) |
Objetivo y campo de aplicación Esta Norma Mexicana establece objetivos de control y lineamientos comúnmente aceptados para implementar medidas de protección para los datos personales en conformidad con los principios de privacidad de la norma del inciso 20.6 para ambientes públicos de cómputo en la nube. | |
Concordancia con Normas Internacionales Esta Norma Mexicana NMX-I-27018-NYCE-2021, Tecnologías de la información-Técnicas de seguridad-Código de práctica para la protección de datos personales (DP) en nubes públicas que actúan como encargados de DP tiene concordancia idéntica (IDT) con la Norma Internacional ISO/IEC 27018:2019, Information technology-Security techniques-Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, Ed (2019-01). |
Bibliografía - ISO/IEC 17789:2014, Information technology-Cloud computing-Reference architecture. - ISO/IEC 27035-1:2016, Information technology-Security techniques-Information security incident management-Part 1: Principles of incident management. - ISO/IEC 27035-2:2016, Information technology-Security techniques-Information security incident management-Part 2: Guidelines to plan and prepare for incident response. - ISO/IEC 27036-4:2016, Information technology-Security techniques-Information security for supplier relationships-Part 4: Guidelines for security of cloud services. - ISO/IEC 27040:2015, Information technology-Security techniques-Storage security. - ISO/IEC 29100:2011/AMD 1:2018, Information technology-Security techniques-Privacy framework. - ISO/IEC 29101:2018, Information technology-Security techniques-Privacy architecture framework. - ISO/IEC 29134:2017, Information technology-Security techniques-Guidelines for privacy impact assessment. - ISO/IEC 29191:2012, Information technology-Security techniques-Requirements for partially anonymous, partially unlinkable authentication. - ISO/IEC JTC 1/SC 27, WG 5 Standing Document 2-Part 1: Privacy References List. Latest version, available at http://www.jtc1sc27.din .de/sbe/wg5sd2 - BS 10012:2009, Data protection. Specification for a personal information management system. - JIS Q 15001:2006, Personal information protection management systems-Requirements. - NIST SP 800-53rev4, Security and Privacy Controls for Federal Information Systems and Organizations, April 2013 (http: //nvlpubs .nist .gov/nistpubs/SpecialPublications /NIST.SP.800-53r4.pdf). - NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), April 2010 (http: //csrc .nist .gov/publications/nistpubs/800 -122/sp800 -122 .pdf). - NIST SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing, December 2011 (http: //csrc .nist .gov/publications/nistpubs/800 -144/SP800 -144 .pdf). - ENISA. Report on Cloud Computing: Benefits, risks and recommendations for information security, November 2009 (http://www.enisa.europa .eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport). - European Union, Article 29 Working Party, Opinion 05/ 2012 on Cloud Computing, adopted July 2012: (http://ec.europa.eu/justice/data-protection/article-29/documentation /opinionrecommendation/files/2012/wp196_en.pdf). - http: //www .iso .org/obp - https://www.iec.ch/ |