<\/p>\n
\ubaa9\uc801:<\/strong> \uc804 \uc138\uacc4\uc801\uc73c\ub85c \ubc1c\uc0dd\ud558\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \ucde8\uc57d\uc810\uc5d0 \uace0\uc720 \uc2dd\ubcc4\uc790\ub97c \ubd80\uc5ec\ud558\uc5ec \ucd94\uc801 \uac00\ub2a5\ud558\uac8c \ud568.<\/span><\/p>\n<\/li>\n \ub0b4\uc6a9:<\/strong> \uac01 CVE \ud56d\ubaa9\uc740 \uace0\uc720\ud55c \ubc88\ud638(CVE-YYYY-NNNNN)\ub97c \uac16\uace0, \ud574\ub2f9 \ucde8\uc57d\uc810\uc758 \uac04\ub7b5\ud55c \uc124\uba85\uacfc \ucc38\uc870 \ub9c1\ud06c \ud3ec\ud568.<\/span><\/p>\n<\/li>\n \uc6b4\uc601:<\/strong> MITRE Corporation, \ubbf8\uad6d \uad6d\ud1a0\uc548\ubcf4\ubd80(DHS) \ud6c4\uc6d0<\/span><\/p>\n<\/li>\n \ud65c\uc6a9:<\/strong> \ucde8\uc57d\uc810 \uad00\ub9ac \uc2dc\uc2a4\ud15c, \ubcf4\uc548 \ub3c4\uad6c, \ud328\uce58 \uad00\ub9ac \ub4f1\uc5d0\uc11c \ud575\uc2ec \ucc38\uc870 \uc9c0\ud45c\ub85c \ud65c\uc6a9\ub428<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \uc18c\ud504\ud2b8\uc6e8\uc5b4 \ubcf4\uc548 \ucde8\uc57d\uc810\uc758 \uc720\ud615\uacfc \uadfc\ubcf8\uc801\uc778 \uc124\uacc4\/\ucf54\ub529 \uacb0\ud568\uc744 \ubd84\ub958<\/span><\/p>\n<\/li>\n \uc608\uc2dc:<\/strong> CWE-79 (XSS), CWE-89 (SQL Injection)<\/span><\/p>\n<\/li>\n \uc6b4\uc601:<\/strong> MITRE<\/span><\/p>\n<\/li>\n \ud2b9\uc9d5:<\/strong> \ucde8\uc57d\uc810\uc758 \ud328\ud134, \uc6d0\uc778, \uc601\ud5a5 \ub4f1\uc744 \uacc4\uce35\uc801 \uad6c\uc870\ub85c \uc124\uba85<\/span><\/p>\n<\/li>\n \ud65c\uc6a9:<\/strong> \uc815\uc801 \ubd84\uc11d \ub3c4\uad6c, \ubcf4\uc548 \uad50\uc721, \ubcf4\uc548 \uc124\uacc4 \uac00\uc774\ub4dc\uc5d0 \uc0ac\uc6a9<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> STIG\uc5d0\uc11c \uc815\uc758\ub41c \ubcf4\uc548 \ud1b5\uc81c \ud56d\ubaa9\ub4e4\uc744 \ub2e4\ub978 \ubcf4\uc548 \ud504\ub808\uc784\uc6cc\ud06c(\uc608: NIST SP 800-53 \ub4f1)\uc640 \uc5f0\uacc4 \uac00\ub2a5\ud558\uac8c \ub9e4\ud551<\/span><\/p>\n<\/li>\n \uc6b4\uc601:<\/strong> \ubbf8\uad6d \uad6d\ubc29 \uc815\ubcf4 \uc2dc\uc2a4\ud15c\uad6d(DISA)<\/span><\/p>\n<\/li>\n \ud2b9\uc9d5:<\/strong> \ubcf4\uc548 \ud1b5\uc81c \ud56d\ubaa9\ub9c8\ub2e4 \uace0\uc720\ud55c CCI (\uc608: \ud65c\uc6a9:<\/strong> STIG \uc790\ub3d9\ud654 \uac80\uc0ac, \uac10\uc0ac, \ud1b5\ud569 \uc815\ucc45 \ud504\ub808\uc784\uc6cc\ud06c \uad6c\ucd95 \uc2dc \uc0ac\uc6a9<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \ubbf8\uad6d \uc5f0\ubc29 \uc815\ubd80 \uae30\uad00\uc774 \uc815\ubcf4\ubcf4\uc548 \ud504\ub85c\uadf8\ub7a8\uc744 \uac16\ucd94\ub3c4\ub85d \ubc95\uc81c\ud654\ud55c \uc5f0\ubc29\ubc95<\/span><\/p>\n<\/li>\n \uc694\uad6c\uc0ac\ud56d:<\/strong> \ub9ac\uc2a4\ud06c \uae30\ubc18 \uc811\uadfc, \uc5f0\uac04 \ud3c9\uac00, \ubcf4\uc548 \uad00\ub9ac \ud504\ub808\uc784\uc6cc\ud06c \uad6c\ucd95<\/span><\/p>\n<\/li>\n \uae30\ubc18 \ud504\ub808\uc784\uc6cc\ud06c:<\/strong> NIST SP 800-53, 800-37 \ub4f1<\/span><\/p>\n<\/li>\n \ub300\uc0c1:<\/strong> \ubbf8\uad6d \uc5f0\ubc29\uae30\uad00 \ubc0f \uc5f0\ubc29 \uacc4\uc57d \uc5c5\uccb4<\/span><\/p>\n<\/li>\n \uac15\uc81c\uc131:<\/strong> \u2705 \uac15\uc81c (\ubc95\ub960)<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \uc720\ub7fd \uc2dc\ubbfc\uc758 \uac1c\uc778\uc815\ubcf4 \ubcf4\ud638 \uac15\ud654 \ubc0f \ub370\uc774\ud130 \uc774\ub3d9 \ud1b5\uc81c<\/span><\/p>\n<\/li>\n \uc8fc\uc694 \uad8c\ub9ac:<\/strong> \uc54c \uad8c\ub9ac, \uc0ad\uc81c \uc694\uccad\uad8c, \ub370\uc774\ud130 \uc774\uc2dd\uc131 \ub4f1<\/span><\/p>\n<\/li>\n \uc601\ud5a5:<\/strong> \uc720\ub7fd \uc678 \uae30\uc5c5\uc774\ub77c\ub3c4 EU \uc2dc\ubbfc\uc758 \ub370\uc774\ud130\ub97c \ub2e4\ub8e8\uba74 \uc801\uc6a9<\/span><\/p>\n<\/li>\n \ubc8c\uce59:<\/strong> \ucd5c\ub300 \uc5f0\ub9e4\ucd9c\uc758 4% \ub610\ub294 2\ucc9c\ub9cc \uc720\ub85c<\/span><\/p>\n<\/li>\n \uac15\uc81c\uc131:<\/strong> \u2705 \ub9e4\uc6b0 \uac15\uc81c (\ubc95\ub960)<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \uc790\ub3d9\ucc28 \ubc0f \uc784\ubca0\ub514\ub4dc \uc2dc\uc2a4\ud15c\uc758 \uc548\uc804\ud55c C\/C++ \ucf54\ub529 \ud45c\uc900<\/strong><\/span><\/p>\n<\/li>\n \uc8fc\uc694 \ubb38\uc11c:<\/strong> MISRA C:2012, MISRA C++:2008<\/span><\/p>\n<\/li>\n \ud2b9\uc9d5:<\/strong> \ucf54\ub4dc \ud488\uc9c8 \ud5a5\uc0c1, \ub7f0\ud0c0\uc784 \uc624\ub958 \ubc29\uc9c0, \uc778\uc99d \uae30\ubc18 \uc2dc\uc2a4\ud15c \uc124\uacc4 \uc9c0\uc6d0<\/span><\/p>\n<\/li>\n \ud65c\uc6a9:<\/strong> \uc790\ub3d9\ucc28, \ud56d\uacf5\uc6b0\uc8fc, \ucca0\ub3c4 \ub4f1\uc758 \uc548\uc804 \ud544\uc218 \uc0b0\uc5c5<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \ubbf8\uad6d \uc5f0\ubc29 \uc815\ubd80 \ud45c\uc900, \ud2b9\ud788 \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc815\ucc45 \ud504\ub808\uc784\uc6cc\ud06c \uc81c\uacf5<\/span><\/p>\n<\/li>\n \uc8fc\uc694 \ubb38\uc11c:<\/strong><\/span><\/p>\n NIST SP 800-53:<\/strong> \ubcf4\uc548 \ud1b5\uc81c \ud504\ub808\uc784\uc6cc\ud06c<\/span><\/p>\n<\/li>\n NIST SP 800-171:<\/strong> \ubbfc\uac04 \uacc4\uc57d\uc5c5\uccb4\uc6a9 \uc815\ubcf4 \ubcf4\ud638 \uc694\uad6c\uc0ac\ud56d<\/span><\/p>\n<\/li>\n Cybersecurity Framework (CSF):<\/strong> \ub9ac\uc2a4\ud06c \uae30\ubc18 \ubcf4\uc548 \uad00\ub9ac \uc9c0\uce68<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n \uac15\uc81c\uc131:<\/strong> \uc77c\ubd80 \uc0b0\uc5c5\/\uc815\ubd80 \uae30\uad00\uc5d0 \uac15\uc81c, \uc77c\ubc18 \uae30\uc5c5\uc740 \ucc38\uace0\uc6a9<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud5a5\uc0c1<\/span><\/p>\n<\/li>\n \uc8fc\uc694 \ud504\ub85c\uc81d\ud2b8:<\/strong><\/span><\/p>\n OWASP Top 10:<\/strong> \uac00\uc7a5 \ube48\ubc88\ud55c \uc6f9 \ucde8\uc57d\uc810 \ubaa9\ub85d (SQLi, XSS, CSRF \ub4f1)<\/span><\/p>\n<\/li>\n ASVS, SAMM, ZAP \ub4f1<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n \uc6b4\uc601:<\/strong> \ube44\uc601\ub9ac \uad6d\uc81c \ucee4\ubba4\ub2c8\ud2f0<\/span><\/p>\n<\/li>\n \ud65c\uc6a9:<\/strong> \uac1c\ubc1c\uc790 \uad50\uc721, \uc6f9 \ubcf4\uc548 \uc9c4\ub2e8, \ubcf4\uc548 \uc124\uacc4 \uae30\uc900<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \uc2e0\uc6a9\uce74\ub4dc \uacb0\uc81c \ud658\uacbd\uc5d0\uc11c \uce74\ub4dc \uc815\ubcf4 \ubcf4\ud638<\/span><\/p>\n<\/li>\n \ub300\uc0c1:<\/strong> \uce74\ub4dc \uacb0\uc81c\ub97c \ucc98\ub9ac, \uc800\uc7a5, \uc804\uc1a1\ud558\ub294 \ubaa8\ub4e0 \uae30\uc5c5<\/span><\/p>\n<\/li>\n \uc694\uad6c\uc0ac\ud56d \uc608:<\/strong> \uc554\ud638\ud654, \uc811\uadfc \uc81c\uc5b4, \ub85c\uadf8 \uae30\ub85d \ub4f1<\/span><\/p>\n<\/li>\n \uc6b4\uc601:<\/strong> PCI SSC (Visa, MasterCard \ub4f1 \uce74\ub4dc\uc0ac \uacf5\ub3d9\uccb4)<\/span><\/p>\n<\/li>\n \uac15\uc81c\uc131:<\/strong> \u2705 \uacc4\uc57d\uc0c1 \uac15\uc81c (\uc900\uc218\ud558\uc9c0 \uc54a\uc73c\uba74 \ubc8c\uae08 \ubc0f \uacb0\uc81c \uc911\ub2e8 \uac00\ub2a5)<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \uc0ac\uc774\ubc84 \ubcf4\uc548 \uad50\uc721, \uc5f0\uad6c, \uc778\uc99d \uc81c\uacf5<\/span><\/p>\n<\/li>\n \uc8fc\uc694 \ucf58\ud150\uce20:<\/strong><\/span><\/p>\n SANS Top 25:<\/strong> CWE \uae30\ubc18\uc758 \uc2ec\uac01\ud55c \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uc624\ub958<\/span><\/p>\n<\/li>\n GIAC \uc778\uc99d \ud504\ub85c\uadf8\ub7a8<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n \ud2b9\uc9d5:<\/strong> \uc2e4\ubb34 \uc911\uc2ec\uc758 \ubcf4\uc548 \uad50\uc721 \uacfc\uc815\uc73c\ub85c \uc720\uba85<\/span><\/p>\n<\/li>\n \ud65c\uc6a9:<\/strong> \ubcf4\uc548 \uc804\ubb38\uac00 \uc591\uc131, \ud604\uc5c5 \ubcf4\uc548 \uc778\uc2dd \uc81c\uace0<\/span><\/p>\n<\/li>\n<\/ul>\n \ubaa9\uc801:<\/strong> \ubbf8\uad6d \uad6d\ubc29\ubd80 \uc2dc\uc2a4\ud15c\uc5d0 \ub300\ud55c \uc0c1\uc138\ud55c \ubcf4\uc548 \uc124\uc815 \uc9c0\uce68 \uc81c\uacf5<\/span><\/p>\n<\/li>\n
\n\ud83d\udccc 2. CWE (Common Weakness Enumeration)<\/strong><\/span><\/h2>\n
\n
\n\ud83d\udccc 3. DISA CC (Control Correlation Identifier)<\/strong><\/span><\/h2>\n
\n
CCI-000213<\/code>) \ubd80\uc5ec → \uc5ec\ub7ec \uae30\uc900\uacfc \ub9e4\ud551 \uac00\ub2a5<\/span><\/p>\n<\/li>\n
\n\ud83d\udccc 4. FISMA (Federal Information Security Modernization Act)<\/strong><\/span><\/h2>\n
\n
\n\ud83d\udccc 5. GDPR (General Data Protection Regulation)<\/strong><\/span><\/h2>\n
\n
\n\ud83d\udccc 6. MISRA (Motor Industry Software Reliability Association)<\/strong><\/span><\/h2>\n
\n
\n\ud83d\udccc 7. NIST (National Institute of Standards and Technology)<\/strong><\/span><\/h2>\n
\n
\n
\n\ud83d\udccc 8. OWASP (Open Web Application Security Project)<\/strong><\/span><\/h2>\n
\n
\n
\n\ud83d\udccc 9. PCI DSS (Payment Card Industry Data Security Standard)<\/strong><\/span><\/h2>\n
\n
\n\ud83d\udccc 10. SANS Institute<\/strong><\/span><\/h2>\n
\n
\n
\n\ud83d\udccc 11. STIG (Security Technical Implementation Guide)<\/strong><\/span><\/h2>\n
\n