Yes. ISO/IEC 27040:2024 supersedes ISO/IEC 27040:2015. The new edition includes updated cloud storage guidance, ransomware recovery, and NVMe security considerations.
: Addresses the security of devices and media from initial deployment through management and final end-of-life disposal. iso iec 27040 pdf
| | Scope | Relationship to ISO/IEC 27040 | |--------------|-----------|------------------------------------| | ISO/IEC 27001 | Information Security Management System (ISMS) | High-level requirements; 27040 supports control A.8.24 | | ISO/IEC 27002 | Code of practice for controls | 27040 expands upon the brief storage guidance in 27002 | | ISO/IEC 27031 | Business continuity & ICT readiness | Overlaps on backup recoverability | | ISO/IEC 27035 | Incident management | 27040 provides storage-specific incident detection (e.g., unusual LUN access) | | NIST SP 800-209 | Security of storage infrastructure (U.S.) | Complementary; 27040 is more architecture-agnostic | : Addresses the security of devices and media