MOSP

t

1

{

t

1

{

2

"label": "ISO/IEC 27002",

2

"label": "ISO/IEC 27002",

3

"language": "EN",

3

"language": "EN",

4

"refs": [

4

"refs": [

5

"https://www.iso.org/standard/54533.html"

5

"https://www.iso.org/standard/54533.html"

6

],

6

],

7

"uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

7

"uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

8

"values": [

8

"values": [

9

{

9

{

10

"category": "Information security policies",

10

"category": "Information security policies",

11

"code": "5.1.1",

11

"code": "5.1.1",

12

"label": "Policies for information security",

12

"label": "Policies for information security",

13

"uuid": "267fc596-f705-11e8-b555-0800279aaa2b"

13

"uuid": "267fc596-f705-11e8-b555-0800279aaa2b"

14

},

14

},

15

{

15

{

16

"category": "Information security policies",

16

"category": "Information security policies",

17

"code": "5.1.2",

17

"code": "5.1.2",

18

"label": "Review of the policies for information security",

18

"label": "Review of the policies for information security",

19

"uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b"

19

"uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b"

20

},

20

},

21

{

21

{

22

"category": "Organization of information security",

22

"category": "Organization of information security",

23

"code": "6.1.1",

23

"code": "6.1.1",

24

"label": "Information security roles and responsibilities",

24

"label": "Information security roles and responsibilities",

25

"uuid": "267fc73c-f705-11e8-b555-0800279aaa2b"

25

"uuid": "267fc73c-f705-11e8-b555-0800279aaa2b"

26

},

26

},

27

{

27

{

28

"category": "Organization of information security",

28

"category": "Organization of information security",

29

"code": "6.1.2",

29

"code": "6.1.2",

30

"label": "Segregation of duties",

30

"label": "Segregation of duties",

31

"uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b"

31

"uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b"

32

},

32

},

33

{

33

{

34

"category": "Organization of information security",

34

"category": "Organization of information security",

35

"code": "6.1.3",

35

"code": "6.1.3",

36

"label": "Contact with authorities",

36

"label": "Contact with authorities",

37

"uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b"

37

"uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b"

38

},

38

},

39

{

39

{

40

"category": "Organization of information security",

40

"category": "Organization of information security",

41

"code": "6.1.4",

41

"code": "6.1.4",

42

"label": "Contact with special interest groups",

42

"label": "Contact with special interest groups",

43

"uuid": "267fc80f-f705-11e8-b555-0800279aaa2b"

43

"uuid": "267fc80f-f705-11e8-b555-0800279aaa2b"

44

},

44

},

45

{

45

{

46

"category": "Organization of information security",

46

"category": "Organization of information security",

47

"code": "6.1.5",

47

"code": "6.1.5",

48

"label": "Information Security in Project Management",

48

"label": "Information Security in Project Management",

49

"uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b"

49

"uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b"

50

},

50

},

51

{

51

{

52

"category": "Organization of information security",

52

"category": "Organization of information security",

53

"code": "6.2.1",

53

"code": "6.2.1",

54

"label": "Mobile device policy",

54

"label": "Mobile device policy",

55

"uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b"

55

"uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b"

56

},

56

},

57

{

57

{

58

"category": "Organization of information security",

58

"category": "Organization of information security",

59

"code": "6.2.2",

59

"code": "6.2.2",

60

"label": "Teleworking",

60

"label": "Teleworking",

61

"uuid": "267fda0e-f705-11e8-b555-0800279aaa2b"

61

"uuid": "267fda0e-f705-11e8-b555-0800279aaa2b"

62

},

62

},

63

{

63

{

64

"category": "Human resource security",

64

"category": "Human resource security",

65

"code": "7.1.1",

65

"code": "7.1.1",

66

"label": "Screening",

66

"label": "Screening",

67

"uuid": "267fca6b-f705-11e8-b555-0800279aaa2b"

67

"uuid": "267fca6b-f705-11e8-b555-0800279aaa2b"

68

},

68

},

69

{

69

{

70

"category": "Human resource security",

70

"category": "Human resource security",

71

"code": "7.1.2",

71

"code": "7.1.2",

72

"label": "Terms and conditions of employment",

72

"label": "Terms and conditions of employment",

73

"uuid": "267fcaad-f705-11e8-b555-0800279aaa2b"

73

"uuid": "267fcaad-f705-11e8-b555-0800279aaa2b"

74

},

74

},

75

{

75

{

76

"category": "Human resource security",

76

"category": "Human resource security",

77

"code": "7.2.1",

77

"code": "7.2.1",

78

"label": "Management responsibilities",

78

"label": "Management responsibilities",

79

"uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b"

79

"uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b"

80

},

80

},

81

{

81

{

82

"category": "Human resource security",

82

"category": "Human resource security",

83

"code": "7.2.2",

83

"code": "7.2.2",

84

"label": "Information security awareness, education and training",

84

"label": "Information security awareness, education and training",

85

"uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b"

85

"uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b"

86

},

86

},

87

{

87

{

88

"category": "Human resource security",

88

"category": "Human resource security",

89

"code": "7.2.3",

89

"code": "7.2.3",

90

"label": "Disciplinary process",

90

"label": "Disciplinary process",

91

"uuid": "267fcb29-f705-11e8-b555-0800279aaa2b"

91

"uuid": "267fcb29-f705-11e8-b555-0800279aaa2b"

92

},

92

},

93

{

93

{

94

"category": "Human resource security",

94

"category": "Human resource security",

95

"code": "7.3.1",

95

"code": "7.3.1",

96

"label": "Termination or change of employment responsibilities",

96

"label": "Termination or change of employment responsibilities",

97

"uuid": "267fcb79-f705-11e8-b555-0800279aaa2b"

97

"uuid": "267fcb79-f705-11e8-b555-0800279aaa2b"

98

},

98

},

99

{

99

{

100

"category": "Asset management",

100

"category": "Asset management",

101

"code": "8.1.1",

101

"code": "8.1.1",

102

"label": "Inventory of Assets",

102

"label": "Inventory of Assets",

103

"uuid": "267fc90c-f705-11e8-b555-0800279aaa2b"

103

"uuid": "267fc90c-f705-11e8-b555-0800279aaa2b"

104

},

104

},

105

{

105

{

106

"category": "Asset management",

106

"category": "Asset management",

107

"code": "8.1.2",

107

"code": "8.1.2",

108

"label": "Ownership of assets",

108

"label": "Ownership of assets",

109

"uuid": "267fc94c-f705-11e8-b555-0800279aaa2b"

109

"uuid": "267fc94c-f705-11e8-b555-0800279aaa2b"

110

},

110

},

111

{

111

{

112

"category": "Asset management",

112

"category": "Asset management",

113

"code": "8.1.3",

113

"code": "8.1.3",

114

"label": "Acceptable use of assets",

114

"label": "Acceptable use of assets",

115

"uuid": "267fc989-f705-11e8-b555-0800279aaa2b"

115

"uuid": "267fc989-f705-11e8-b555-0800279aaa2b"

116

},

116

},

117

{

117

{

118

"category": "Asset management",

118

"category": "Asset management",

119

"code": "8.1.4",

119

"code": "8.1.4",

120

"label": "Return of assets",

120

"label": "Return of assets",

121

"uuid": "267fcbce-f705-11e8-b555-0800279aaa2b"

121

"uuid": "267fcbce-f705-11e8-b555-0800279aaa2b"

122

},

122

},

123

{

123

{

124

"category": "Asset management",

124

"category": "Asset management",

125

"code": "8.2.1",

125

"code": "8.2.1",

126

"label": "Classification guidelines",

126

"label": "Classification guidelines",

127

"uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b"

127

"uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b"

128

},

128

},

129

{

129

{

130

"category": "Asset management",

130

"category": "Asset management",

131

"code": "8.2.2",

131

"code": "8.2.2",

132

"label": "Labelling of information",

132

"label": "Labelling of information",

133

"uuid": "267fca19-f705-11e8-b555-0800279aaa2b"

133

"uuid": "267fca19-f705-11e8-b555-0800279aaa2b"

134

},

134

},

135

{

135

{

136

"category": "Asset management",

136

"category": "Asset management",

137

"code": "8.2.3",

137

"code": "8.2.3",

138

"label": "Handling of assets",

138

"label": "Handling of assets",

139

"uuid": "267fe71a-f705-11e8-b555-0800279aaa2b"

139

"uuid": "267fe71a-f705-11e8-b555-0800279aaa2b"

140

},

140

},

141

{

141

{

142

"category": "Asset management",

142

"category": "Asset management",

143

"code": "8.3.1",

143

"code": "8.3.1",

144

"label": "Management of removeable media",

144

"label": "Management of removeable media",

145

"uuid": "267fd32a-f705-11e8-b555-0800279aaa2b"

145

"uuid": "267fd32a-f705-11e8-b555-0800279aaa2b"

146

},

146

},

147

{

147

{

148

"category": "Asset management",

148

"category": "Asset management",

149

"code": "8.3.2",

149

"code": "8.3.2",

150

"label": "Disposal of media",

150

"label": "Disposal of media",

151

"uuid": "267fd369-f705-11e8-b555-0800279aaa2b"

151

"uuid": "267fd369-f705-11e8-b555-0800279aaa2b"

152

},

152

},

153

{

153

{

154

"category": "Asset management",

154

"category": "Asset management",

155

"code": "8.3.3",

155

"code": "8.3.3",

156

"label": "Physical Media transfer",

156

"label": "Physical Media transfer",

157

"uuid": "267fd421-f705-11e8-b555-0800279aaa2b"

157

"uuid": "267fd421-f705-11e8-b555-0800279aaa2b"

158

},

158

},

159

{

159

{

160

"category": "Access control",

160

"category": "Access control",

161

"code": "9.1.1",

161

"code": "9.1.1",

162

"label": "Access control policy",

162

"label": "Access control policy",

163

"uuid": "267fd659-f705-11e8-b555-0800279aaa2b"

163

"uuid": "267fd659-f705-11e8-b555-0800279aaa2b"

164

},

164

},

165

{

165

{

166

"category": "Access control",

166

"category": "Access control",

167

"code": "9.1.2",

167

"code": "9.1.2",

168

"label": "Access to networks and network services",

168

"label": "Access to networks and network services",

169

"uuid": "267fd81b-f705-11e8-b555-0800279aaa2b"

169

"uuid": "267fd81b-f705-11e8-b555-0800279aaa2b"

170

},

170

},

171

{

171

{

172

"category": "Access control",

172

"category": "Access control",

173

"code": "9.2.1",

173

"code": "9.2.1",

174

"label": "User registration and deregistration",

174

"label": "User registration and deregistration",

175

"uuid": "267fd899-f705-11e8-b555-0800279aaa2b"

175

"uuid": "267fd899-f705-11e8-b555-0800279aaa2b"

176

},

176

},

177

{

177

{

178

"category": "Access control",

178

"category": "Access control",

179

"code": "9.2.2",

179

"code": "9.2.2",

180

"label": "User access provisioning",

180

"label": "User access provisioning",

181

"uuid": "267fe782-f705-11e8-b555-0800279aaa2b"

181

"uuid": "267fe782-f705-11e8-b555-0800279aaa2b"

182

},

182

},

183

{

183

{

184

"category": "Access control",

184

"category": "Access control",

185

"code": "9.2.3",

185

"code": "9.2.3",

186

"label": "Management of privileged access rights",

186

"label": "Management of privileged access rights",

187

"uuid": "267fd69f-f705-11e8-b555-0800279aaa2b"

187

"uuid": "267fd69f-f705-11e8-b555-0800279aaa2b"

188

},

188

},

189

{

189

{

190

"category": "Access control",

190

"category": "Access control",

191

"code": "9.2.4",

191

"code": "9.2.4",

192

"label": "Management of secret authentication information of users",

192

"label": "Management of secret authentication information of users",

193

"uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b"

193

"uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b"

194

},

194

},

195

{

195

{

196

"category": "Access control",

196

"category": "Access control",

197

"code": "9.2.5",

197

"code": "9.2.5",

198

"label": "Review of user access rights",

198

"label": "Review of user access rights",

199

"uuid": "267fd723-f705-11e8-b555-0800279aaa2b"

199

"uuid": "267fd723-f705-11e8-b555-0800279aaa2b"

200

},

200

},

201

{

201

{

202

"category": "Access control",

202

"category": "Access control",

203

"code": "9.2.6",

203

"code": "9.2.6",

204

"label": "Removal or adjustment of access rights",

204

"label": "Removal or adjustment of access rights",

205

"uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b"

205

"uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b"

206

},

206

},

207

{

207

{

208

"category": "Access control",

208

"category": "Access control",

209

"code": "9.3.1",

209

"code": "9.3.1",

210

"label": "Use of secret authentication information",

210

"label": "Use of secret authentication information",

211

"uuid": "267fd761-f705-11e8-b555-0800279aaa2b"

211

"uuid": "267fd761-f705-11e8-b555-0800279aaa2b"

212

},

212

},

213

{

213

{

214

"category": "Access control",

214

"category": "Access control",

215

"code": "9.4.1",

215

"code": "9.4.1",

216

"label": "Information access restriction",

216

"label": "Information access restriction",

217

"uuid": "267fd993-f705-11e8-b555-0800279aaa2b"

217

"uuid": "267fd993-f705-11e8-b555-0800279aaa2b"

218

},

218

},

219

{

219

{

220

"category": "Access control",

220

"category": "Access control",

221

"code": "9.4.2",

221

"code": "9.4.2",

222

"label": "Secure log-on procedures",

222

"label": "Secure log-on procedures",

223

"uuid": "267fd954-f705-11e8-b555-0800279aaa2b"

223

"uuid": "267fd954-f705-11e8-b555-0800279aaa2b"

224

},

224

},

225

{

225

{

226

"category": "Access control",

226

"category": "Access control",

227

"code": "9.4.3",

227

"code": "9.4.3",

228

"label": "Password management system",

228

"label": "Password management system",

229

"uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b"

229

"uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b"

230

},

230

},

231

{

231

{

232

"category": "Access control",

232

"category": "Access control",

233

"code": "9.4.4",

233

"code": "9.4.4",

234

"label": "Use of privileged utility programs",

234

"label": "Use of privileged utility programs",

235

"uuid": "267fd917-f705-11e8-b555-0800279aaa2b"

235

"uuid": "267fd917-f705-11e8-b555-0800279aaa2b"

236

},

236

},

237

{

237

{

238

"category": "Access control",

238

"category": "Access control",

239

"code": "9.4.5",

239

"code": "9.4.5",

240

"label": "Access control to program source code",

240

"label": "Access control to program source code",

241

"uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b"

241

"uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b"

242

},

242

},

243

{

243

{

244

"category": "Cryptography",

244

"category": "Cryptography",

245

"code": "10.1.1",

245

"code": "10.1.1",

246

"label": "Policy on the use of cryptographic controls",

246

"label": "Policy on the use of cryptographic controls",

247

"uuid": "267fda8c-f705-11e8-b555-0800279aaa2b"

247

"uuid": "267fda8c-f705-11e8-b555-0800279aaa2b"

248

},

248

},

249

{

249

{

250

"category": "Cryptography",

250

"category": "Cryptography",

251

"code": "10.1.2",

251

"code": "10.1.2",

252

"label": "Key management",

252

"label": "Key management",

253

"uuid": "267fdacc-f705-11e8-b555-0800279aaa2b"

253

"uuid": "267fdacc-f705-11e8-b555-0800279aaa2b"

254

},

254

},

255

{

255

{

256

"category": "Physical and environmental security",

256

"category": "Physical and environmental security",

257

"code": "11.1.1",

257

"code": "11.1.1",

258

"label": "Physical security perimeter",

258

"label": "Physical security perimeter",

259

"uuid": "267fcca4-f705-11e8-b555-0800279aaa2b"

259

"uuid": "267fcca4-f705-11e8-b555-0800279aaa2b"

260

},

260

},

261

{

261

{

262

"category": "Physical and environmental security",

262

"category": "Physical and environmental security",

263

"code": "11.1.2",

263

"code": "11.1.2",

264

"label": "Physical entry controls",

264

"label": "Physical entry controls",

265

"uuid": "267fcce9-f705-11e8-b555-0800279aaa2b"

265

"uuid": "267fcce9-f705-11e8-b555-0800279aaa2b"

266

},

266

},

267

{

267

{

268

"category": "Physical and environmental security",

268

"category": "Physical and environmental security",

269

"code": "11.1.3",

269

"code": "11.1.3",

270

"label": "Securing offices, rooms and facilities",

270

"label": "Securing offices, rooms and facilities",

271

"uuid": "267fcd30-f705-11e8-b555-0800279aaa2b"

271

"uuid": "267fcd30-f705-11e8-b555-0800279aaa2b"

272

},

272

},

273

{

273

{

274

"category": "Physical and environmental security",

274

"category": "Physical and environmental security",

275

"code": "11.1.4",

275

"code": "11.1.4",

276

"label": "Protecting against external and environmental attacks",

276

"label": "Protecting against external and environmental attacks",

277

"uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b"

277

"uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b"

278

},

278

},

279

{

279

{

280

"category": "Physical and environmental security",

280

"category": "Physical and environmental security",

281

"code": "11.1.5",

281

"code": "11.1.5",

282

"label": "Working in secure areas",

282

"label": "Working in secure areas",

283

"uuid": "267fcdac-f705-11e8-b555-0800279aaa2b"

283

"uuid": "267fcdac-f705-11e8-b555-0800279aaa2b"

284

},

284

},

285

{

285

{

286

"category": "Physical and environmental security",

286

"category": "Physical and environmental security",

287

"code": "11.1.6",

287

"code": "11.1.6",

288

"label": "Delivery and loading areas",

288

"label": "Delivery and loading areas",

289

"uuid": "267fcdec-f705-11e8-b555-0800279aaa2b"

289

"uuid": "267fcdec-f705-11e8-b555-0800279aaa2b"

290

},

290

},

291

{

291

{

292

"category": "Physical and environmental security",

292

"category": "Physical and environmental security",

293

"code": "11.2.1",

293

"code": "11.2.1",

294

"label": "Equipment siting and protection",

294

"label": "Equipment siting and protection",

295

"uuid": "267fce44-f705-11e8-b555-0800279aaa2b"

295

"uuid": "267fce44-f705-11e8-b555-0800279aaa2b"

296

},

296

},

297

{

297

{

298

"category": "Physical and environmental security",

298

"category": "Physical and environmental security",

299

"code": "11.2.2",

299

"code": "11.2.2",

300

"label": "Supporting utilities",

300

"label": "Supporting utilities",

301

"uuid": "267fce8a-f705-11e8-b555-0800279aaa2b"

301

"uuid": "267fce8a-f705-11e8-b555-0800279aaa2b"

302

},

302

},

303

{

303

{

304

"category": "Physical and environmental security",

304

"category": "Physical and environmental security",

305

"code": "11.2.3",

305

"code": "11.2.3",

306

"label": "Cabling Security",

306

"label": "Cabling Security",

307

"uuid": "267fcecb-f705-11e8-b555-0800279aaa2b"

307

"uuid": "267fcecb-f705-11e8-b555-0800279aaa2b"

308

},

308

},

309

{

309

{

310

"category": "Physical and environmental security",

310

"category": "Physical and environmental security",

311

"code": "11.2.4",

311

"code": "11.2.4",

312

"label": "Equipment maintenance",

312

"label": "Equipment maintenance",

313

"uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b"

313

"uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b"

314

},

314

},

315

{

315

{

316

"category": "Physical and environmental security",

316

"category": "Physical and environmental security",

317

"code": "11.2.5",

317

"code": "11.2.5",

318

"label": "Security of equipment off-premises",

318

"label": "Security of equipment off-premises",

319

"uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b"

319

"uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b"

320

},

320

},

321

{

321

{

322

"category": "Physical and environmental security",

322

"category": "Physical and environmental security",

323

"code": "11.2.6",

323

"code": "11.2.6",

324

"label": "Security of equipment and assets off-premises",

324

"label": "Security of equipment and assets off-premises",

325

"uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b"

325

"uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b"

326

},

326

},

327

{

327

{

328

"category": "Physical and environmental security",

328

"category": "Physical and environmental security",

329

"code": "11.2.7",

329

"code": "11.2.7",

330

"label": "Secure disposal or re-use of equipment",

330

"label": "Secure disposal or re-use of equipment",

331

"uuid": "267fcf90-f705-11e8-b555-0800279aaa2b"

331

"uuid": "267fcf90-f705-11e8-b555-0800279aaa2b"

332

},

332

},

333

{

333

{

334

"category": "Physical and environmental security",

334

"category": "Physical and environmental security",

335

"code": "11.2.8",

335

"code": "11.2.8",

336

"label": "Unattended user equipment",

336

"label": "Unattended user equipment",

337

"uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b"

337

"uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b"

338

},

338

},

339

{

339

{

340

"category": "Physical and environmental security",

340

"category": "Physical and environmental security",

341

"code": "11.2.9",

341

"code": "11.2.9",

342

"label": "Clear desk and clear screen policy",

342

"label": "Clear desk and clear screen policy",

343

"uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b"

343

"uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b"

344

},

344

},

345

{

345

{

346

"category": "Operations security",

346

"category": "Operations security",

347

"code": "12.1.1",

347

"code": "12.1.1",

348

"label": "Documented operating procedures",

348

"label": "Documented operating procedures",

349

"uuid": "267fd029-f705-11e8-b555-0800279aaa2b"

349

"uuid": "267fd029-f705-11e8-b555-0800279aaa2b"

350

},

350

},

351

{

351

{

352

"category": "Operations security",

352

"category": "Operations security",

353

"code": "12.1.2",

353

"code": "12.1.2",

354

"label": "Change management",

354

"label": "Change management",

355

"uuid": "267fd073-f705-11e8-b555-0800279aaa2b"

355

"uuid": "267fd073-f705-11e8-b555-0800279aaa2b"

356

},

356

},

357

{

357

{

358

"category": "Operations security",

358

"category": "Operations security",

359

"code": "12.1.3",

359

"code": "12.1.3",

360

"label": "Capacity management",

360

"label": "Capacity management",

361

"uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b"

361

"uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b"

362

},

362

},

363

{

363

{

364

"category": "Operations security",

364

"category": "Operations security",

365

"code": "12.1.4",

365

"code": "12.1.4",

366

"label": "Separation of development, testing and operational environments",

366

"label": "Separation of development, testing and operational environments",

367

"uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b"

367

"uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b"

368

},

368

},

369

{

369

{

370

"category": "Operations security",

370

"category": "Operations security",

371

"code": "12.2.1",

371

"code": "12.2.1",

372

"label": "Controls against malicious code",

372

"label": "Controls against malicious code",

373

"uuid": "267fd22e-f705-11e8-b555-0800279aaa2b"

373

"uuid": "267fd22e-f705-11e8-b555-0800279aaa2b"

374

},

374

},

375

{

375

{

376

"category": "Operations security",

376

"category": "Operations security",

377

"code": "12.3.1",

377

"code": "12.3.1",

378

"label": "Information Backup",

378

"label": "Information Backup",

379

"uuid": "267fd272-f705-11e8-b555-0800279aaa2b"

379

"uuid": "267fd272-f705-11e8-b555-0800279aaa2b"

380

},

380

},

381

{

381

{

382

"category": "Operations security",

382

"category": "Operations security",

383

"code": "12.4.1",

383

"code": "12.4.1",

384

"label": "Event logging",

384

"label": "Event logging",

385

"uuid": "267fd529-f705-11e8-b555-0800279aaa2b"

385

"uuid": "267fd529-f705-11e8-b555-0800279aaa2b"

386

},

386

},

387

{

387

{

388

"category": "Operations security",

388

"category": "Operations security",

389

"code": "12.4.2",

389

"code": "12.4.2",

390

"label": "Protection of log information",

390

"label": "Protection of log information",

391

"uuid": "267fd567-f705-11e8-b555-0800279aaa2b"

391

"uuid": "267fd567-f705-11e8-b555-0800279aaa2b"

392

},

392

},

393

{

393

{

394

"category": "Operations security",

394

"category": "Operations security",

395

"code": "12.4.3",

395

"code": "12.4.3",

396

"label": "Administrator and operator logs",

396

"label": "Administrator and operator logs",

397

"uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b"

397

"uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b"

398

},

398

},

399

{

399

{

400

"category": "Operations security",

400

"category": "Operations security",

401

"code": "12.4.4",

401

"code": "12.4.4",

402

"label": "Clock synchronisation",

402

"label": "Clock synchronisation",

403

"uuid": "267fd610-f705-11e8-b555-0800279aaa2b"

403

"uuid": "267fd610-f705-11e8-b555-0800279aaa2b"

404

},

404

},

405

{

405

{

406

"category": "Operations security",

406

"category": "Operations security",

407

"code": "12.5.1",

407

"code": "12.5.1",

408

"label": "Installation of software on operational systems",

408

"label": "Installation of software on operational systems",

409

"uuid": "267fdb18-f705-11e8-b555-0800279aaa2b"

409

"uuid": "267fdb18-f705-11e8-b555-0800279aaa2b"

410

},

410

},

411

{

411

{

412

"category": "Operations security",

412

"category": "Operations security",

413

"code": "12.6.1",

413

"code": "12.6.1",

414

"label": "Management of technical vulnerabilities",

414

"label": "Management of technical vulnerabilities",

415

"uuid": "267fdda3-f705-11e8-b555-0800279aaa2b"

415

"uuid": "267fdda3-f705-11e8-b555-0800279aaa2b"

416

},

416

},

417

{

417

{

418

"category": "Operations security",

418

"category": "Operations security",

419

"code": "12.6.2",

419

"code": "12.6.2",

420

"label": "Restrictions on software installation",

420

"label": "Restrictions on software installation",

421

"uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b"

421

"uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b"

422

},

422

},

423

{

423

{

424

"category": "Operations security",

424

"category": "Operations security",

425

"code": "12.7.1",

425

"code": "12.7.1",

426

"label": "Information systems audit controls",

426

"label": "Information systems audit controls",

427

"uuid": "267fe660-f705-11e8-b555-0800279aaa2b"

427

"uuid": "267fe660-f705-11e8-b555-0800279aaa2b"

428

},

428

},

429

{

429

{

430

"category": "Communications security",

430

"category": "Communications security",

431

"code": "13.1.1",

431

"code": "13.1.1",

432

"label": "Network controls",

432

"label": "Network controls",

433

"uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b"

433

"uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b"

434

},

434

},

435

{

435

{

436

"category": "Communications security",

436

"category": "Communications security",

437

"code": "13.1.2",

437

"code": "13.1.2",

438

"label": "Security of network services",

438

"label": "Security of network services",

439

"uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b"

439

"uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b"

440

},

440

},

441

{

441

{

442

"category": "Communications security",

442

"category": "Communications security",

443

"code": "13.1.3",

443

"code": "13.1.3",

444

"label": "Segregation in networks",

444

"label": "Segregation in networks",

445

"uuid": "267fd85b-f705-11e8-b555-0800279aaa2b"

445

"uuid": "267fd85b-f705-11e8-b555-0800279aaa2b"

446

},

446

},

447

{

447

{

448

"category": "Communications security",

448

"category": "Communications security",

449

"code": "13.2.1",

449

"code": "13.2.1",

450

"label": "Information transfer policies and procedures",

450

"label": "Information transfer policies and procedures",

451

"uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b"

451

"uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b"

452

},

452

},

453

{

453

{

454

"category": "Communications security",

454

"category": "Communications security",

455

"code": "13.2.2",

455

"code": "13.2.2",

456

"label": "Agreements on information transfer",

456

"label": "Agreements on information transfer",

457

"uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b"

457

"uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b"

458

},

458

},

459

{

459

{

460

"category": "Communications security",

460

"category": "Communications security",

461

"code": "13.2.3",

461

"code": "13.2.3",

462

"label": "Electronic messaging",

462

"label": "Electronic messaging",

463

"uuid": "267fd462-f705-11e8-b555-0800279aaa2b"

463

"uuid": "267fd462-f705-11e8-b555-0800279aaa2b"

464

},

464

},

465

{

465

{

466

"category": "Communications security",

466

"category": "Communications security",

467

"code": "13.2.4",

467

"code": "13.2.4",

468

"label": "Confidentiality or non-disclosure agreements",

468

"label": "Confidentiality or non-disclosure agreements",

469

"uuid": "267fc77e-f705-11e8-b555-0800279aaa2b"

469

"uuid": "267fc77e-f705-11e8-b555-0800279aaa2b"

470

},

470

},

471

{

471

{

472

"category": "System acquisition, development and maintenance",

472

"category": "System acquisition, development and maintenance",

473

"code": "14.1.1",

473

"code": "14.1.1",

474

"label": "Information security requirements analysis and specification",

474

"label": "Information security requirements analysis and specification",

475

"uuid": "267fda50-f705-11e8-b555-0800279aaa2b"

475

"uuid": "267fda50-f705-11e8-b555-0800279aaa2b"

476

},

476

},

477

{

477

{

478

"category": "System acquisition, development and maintenance",

478

"category": "System acquisition, development and maintenance",

479

"code": "14.1.2",

479

"code": "14.1.2",

480

"label": "Securing application services on public networks",

480

"label": "Securing application services on public networks",

481

"uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b"

481

"uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b"

482

},

482

},

483

{

483

{

484

"category": "System acquisition, development and maintenance",

484

"category": "System acquisition, development and maintenance",

485

"code": "14.1.3",

485

"code": "14.1.3",

486

"label": "Protecting application services transactions",

486

"label": "Protecting application services transactions",

487

"uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b"

487

"uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b"

488

},

488

},

489

{

489

{

490

"category": "System acquisition, development and maintenance",

490

"category": "System acquisition, development and maintenance",

491

"code": "14.2.1",

491

"code": "14.2.1",

492

"label": "Secure development policy",

492

"label": "Secure development policy",

493

"uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b"

493

"uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b"

494

},

494

},

495

{

495

{

496

"category": "System acquisition, development and maintenance",

496

"category": "System acquisition, development and maintenance",

497

"code": "14.2.2",

497

"code": "14.2.2",

498

"label": "System change control procedures",

498

"label": "System change control procedures",

499

"uuid": "267fdc38-f705-11e8-b555-0800279aaa2b"

499

"uuid": "267fdc38-f705-11e8-b555-0800279aaa2b"

500

},

500

},

501

{

501

{

502

"category": "System acquisition, development and maintenance",

502

"category": "System acquisition, development and maintenance",

503

"code": "14.2.3",

503

"code": "14.2.3",

504

"label": "Technical review of applications after operating platform changes",

504

"label": "Technical review of applications after operating platform changes",

505

"uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b"

505

"uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b"

506

},

506

},

507

{

507

{

508

"category": "System acquisition, development and maintenance",

508

"category": "System acquisition, development and maintenance",

509

"code": "14.2.4",

509

"code": "14.2.4",

510

"label": "Restrictions on changes to software packages",

510

"label": "Restrictions on changes to software packages",

511

"uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b"

511

"uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b"

512

},

512

},

513

{

513

{

514

"category": "System acquisition, development and maintenance",

514

"category": "System acquisition, development and maintenance",

515

"code": "14.2.5",

515

"code": "14.2.5",

516

"label": "Secure system engineering principles",

516

"label": "Secure system engineering principles",

517

"uuid": "267fdf36-f705-11e8-b555-0800279aaa2b"

517

"uuid": "267fdf36-f705-11e8-b555-0800279aaa2b"

518

},

518

},

519

{

519

{

520

"category": "System acquisition, development and maintenance",

520

"category": "System acquisition, development and maintenance",

521

"code": "14.2.6",

521

"code": "14.2.6",

522

"label": "Secure development environment",

522

"label": "Secure development environment",

523

"uuid": "267fe847-f705-11e8-b555-0800279aaa2b"

523

"uuid": "267fe847-f705-11e8-b555-0800279aaa2b"

524

},

524

},

525

{

525

{

526

"category": "System acquisition, development and maintenance",

526

"category": "System acquisition, development and maintenance",

527

"code": "14.2.7",

527

"code": "14.2.7",

528

"label": "Outsourced software development",

528

"label": "Outsourced software development",

529

"uuid": "267fdd55-f705-11e8-b555-0800279aaa2b"

529

"uuid": "267fdd55-f705-11e8-b555-0800279aaa2b"

530

},

530

},

531

{

531

{

532

"category": "System acquisition, development and maintenance",

532

"category": "System acquisition, development and maintenance",

533

"code": "14.2.8",

533

"code": "14.2.8",

534

"label": "System security testing",

534

"label": "System security testing",

535

"uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b"

535

"uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b"

536

},

536

},

537

{

537

{

538

"category": "System acquisition, development and maintenance",

538

"category": "System acquisition, development and maintenance",

539

"code": "14.2.9",

539

"code": "14.2.9",

540

"label": "System acceptance testing",

540

"label": "System acceptance testing",

541

"uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b"

541

"uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b"

542

},

542

},

543

{

543

{

544

"category": "System acquisition, development and maintenance",

544

"category": "System acquisition, development and maintenance",

545

"code": "14.3.1",

545

"code": "14.3.1",

546

"label": "Protection of test data",

546

"label": "Protection of test data",

547

"uuid": "267fdb78-f705-11e8-b555-0800279aaa2b"

547

"uuid": "267fdb78-f705-11e8-b555-0800279aaa2b"

548

},

548

},

549

{

549

{

550

"category": "Supplier relationships",

550

"category": "Supplier relationships",

551

"code": "15.1.1",

551

"code": "15.1.1",

552

"label": "Information security policy for supplier relationships",

552

"label": "Information security policy for supplier relationships",

553

"uuid": "267fc88e-f705-11e8-b555-0800279aaa2b"

553

"uuid": "267fc88e-f705-11e8-b555-0800279aaa2b"

554

},

554

},

555

{

555

{

556

"category": "Supplier relationships",

556

"category": "Supplier relationships",

557

"code": "15.1.2",

557

"code": "15.1.2",

558

"label": "Addressing security within supplier agreements",

558

"label": "Addressing security within supplier agreements",

559

"uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b"

559

"uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b"

560

},

560

},

561

{

561

{

562

"category": "Supplier relationships",

562

"category": "Supplier relationships",

563

"code": "15.1.3",

563

"code": "15.1.3",

564

"label": "Informaiton and communication technology supply chain",

564

"label": "Informaiton and communication technology supply chain",

565

"uuid": "267fe959-f705-11e8-b555-0800279aaa2b"

565

"uuid": "267fe959-f705-11e8-b555-0800279aaa2b"

566

},

566

},

567

{

567

{

568

"category": "Supplier relationships",

568

"category": "Supplier relationships",

569

"code": "15.2.1",

569

"code": "15.2.1",

570

"label": "Monitoring and review of supplier services",

570

"label": "Monitoring and review of supplier services",

571

"uuid": "267fd12f-f705-11e8-b555-0800279aaa2b"

571

"uuid": "267fd12f-f705-11e8-b555-0800279aaa2b"

572

},

572

},

573

{

573

{

574

"category": "Supplier relationships",

574

"category": "Supplier relationships",

575

"code": "15.2.2",

575

"code": "15.2.2",

576

"label": "Managing changes to supplier services",

576

"label": "Managing changes to supplier services",

577

"uuid": "267fd16b-f705-11e8-b555-0800279aaa2b"

577

"uuid": "267fd16b-f705-11e8-b555-0800279aaa2b"

578

},

578

},

579

{

579

{

580

"category": "information security incident management",

580

"category": "information security incident management",

581

"code": "16.1.1",

581

"code": "16.1.1",

582

"label": "Responsibilities and procedures",

582

"label": "Responsibilities and procedures",

583

"uuid": "267fde78-f705-11e8-b555-0800279aaa2b"

583

"uuid": "267fde78-f705-11e8-b555-0800279aaa2b"

584

},

584

},

585

{

585

{

586

"category": "information security incident management",

586

"category": "information security incident management",

587

"code": "16.1.2",

587

"code": "16.1.2",

588

"label": "Reporting information security events",

588

"label": "Reporting information security events",

589

"uuid": "267fddeb-f705-11e8-b555-0800279aaa2b"

589

"uuid": "267fddeb-f705-11e8-b555-0800279aaa2b"

590

},

590

},

591

{

591

{

592

"category": "information security incident management",

592

"category": "information security incident management",

593

"code": "16.1.3",

593

"code": "16.1.3",

594

"label": "Reporting information security weaknesses",

594

"label": "Reporting information security weaknesses",

595

"uuid": "267fde31-f705-11e8-b555-0800279aaa2b"

595

"uuid": "267fde31-f705-11e8-b555-0800279aaa2b"

596

},

596

},

597

{

597

{

598

"category": "information security incident management",

598

"category": "information security incident management",

599

"code": "16.1.4",

599

"code": "16.1.4",

600

"label": "Assessment of and decision on information security events",

600

"label": "Assessment of and decision on information security events",

601

"uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b"

601

"uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b"

602

},

602

},

603

{

603

{

604

"category": "information security incident management",

604

"category": "information security incident management",

605

"code": "16.1.5",

605

"code": "16.1.5",

606

"label": "Response in information security incidents",

606

"label": "Response in information security incidents",

607

"uuid": "267fea11-f705-11e8-b555-0800279aaa2b"

607

"uuid": "267fea11-f705-11e8-b555-0800279aaa2b"

608

},

608

},

609

{

609

{

610

"category": "information security incident management",

610

"category": "information security incident management",

611

"code": "16.1.6",

611

"code": "16.1.6",

612

"label": "Learning from information security incidents",

612

"label": "Learning from information security incidents",

613

"uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b"

613

"uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b"

614

},

614

},

615

{

615

{

616

"category": "information security incident management",

616

"category": "information security incident management",

617

"code": "16.1.7",

617

"code": "16.1.7",

618

"label": "Collection of evidence",

618

"label": "Collection of evidence",

619

"uuid": "267fdef6-f705-11e8-b555-0800279aaa2b"

619

"uuid": "267fdef6-f705-11e8-b555-0800279aaa2b"

620

},

620

},

621

{

621

{

622

"category": "Information security aspects of business continuity management",

622

"category": "Information security aspects of business continuity management",

623

"code": "17.1.1",

623

"code": "17.1.1",

624

"label": "Planning information security continuity",

624

"label": "Planning information security continuity",

625

"uuid": "267fdf76-f705-11e8-b555-0800279aaa2b"

625

"uuid": "267fdf76-f705-11e8-b555-0800279aaa2b"

626

},

626

},

627

{

627

{

628

"category": "Information security aspects of business continuity management",

628

"category": "Information security aspects of business continuity management",

629

"code": "17.1.2",

629

"code": "17.1.2",

630

"label": "Implementing information security continuity",

630

"label": "Implementing information security continuity",

631

"uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b"

631

"uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b"

632

},

632

},

633

{

633

{

634

"category": "Information security aspects of business continuity management",

634

"category": "Information security aspects of business continuity management",

635

"code": "17.1.3",

635

"code": "17.1.3",

636

"label": "Verify, review and evaluate information security continuity",

636

"label": "Verify, review and evaluate information security continuity",

637

"uuid": "267fe022-f705-11e8-b555-0800279aaa2b"

637

"uuid": "267fe022-f705-11e8-b555-0800279aaa2b"

638

},

638

},

639

{

639

{

640

"category": "Information security aspects of business continuity management",

640

"category": "Information security aspects of business continuity management",

641

"code": "17.2.1",

641

"code": "17.2.1",

642

"label": "Availability of information processing facilities",

642

"label": "Availability of information processing facilities",

643

"uuid": "267fea72-f705-11e8-b555-0800279aaa2b"

643

"uuid": "267fea72-f705-11e8-b555-0800279aaa2b"

644

},

644

},

645

{

645

{

646

"category": "Compliance",

646

"category": "Compliance",

647

"code": "18.1.1",

647

"code": "18.1.1",

648

"label": "Identification of applicable legislation",

648

"label": "Identification of applicable legislation",

649

"uuid": "267fe08b-f705-11e8-b555-0800279aaa2b"

649

"uuid": "267fe08b-f705-11e8-b555-0800279aaa2b"

650

},

650

},

651

{

651

{

652

"category": "Compliance",

652

"category": "Compliance",

653

"code": "18.1.2",

653

"code": "18.1.2",

654

"label": "Intellectual Property Rights",

654

"label": "Intellectual Property Rights",

655

"uuid": "267fe307-f705-11e8-b555-0800279aaa2b"

655

"uuid": "267fe307-f705-11e8-b555-0800279aaa2b"

656

},

656

},

657

{

657

{

658

"category": "Compliance",

658

"category": "Compliance",

659

"code": "18.1.3",

659

"code": "18.1.3",

660

"label": "Protection of records",

660

"label": "Protection of records",

661

"uuid": "267fe37d-f705-11e8-b555-0800279aaa2b"

661

"uuid": "267fe37d-f705-11e8-b555-0800279aaa2b"

662

},

662

},

663

{

663

{

664

"category": "Compliance",

664

"category": "Compliance",

665

"code": "18.1.4",

665

"code": "18.1.4",

666

"label": "Privacy and protection of personally identifiable information",

666

"label": "Privacy and protection of personally identifiable information",

667

"uuid": "267fe3de-f705-11e8-b555-0800279aaa2b"

667

"uuid": "267fe3de-f705-11e8-b555-0800279aaa2b"

668

},

668

},

669

{

669

{

670

"category": "Compliance",

670

"category": "Compliance",

671

"code": "18.1.5",

671

"code": "18.1.5",

672

"label": "Regulation of cryptographic controls",

672

"label": "Regulation of cryptographic controls",

673

"uuid": "267fe510-f705-11e8-b555-0800279aaa2b"

673

"uuid": "267fe510-f705-11e8-b555-0800279aaa2b"

674

},

674

},

675

{

675

{

676

"category": "Compliance",

676

"category": "Compliance",

677

"code": "18.2.1",

677

"code": "18.2.1",

678

"label": "Independent review of information security",

678

"label": "Independent review of information security",

679

"uuid": "267fc84f-f705-11e8-b555-0800279aaa2b"

679

"uuid": "267fc84f-f705-11e8-b555-0800279aaa2b"

680

},

680

},

681

{

681

{

682

"category": "Compliance",

682

"category": "Compliance",

683

"code": "18.2.2",

683

"code": "18.2.2",

684

"label": "Compliance with security policies and standards",

684

"label": "Compliance with security policies and standards",

685

"uuid": "267fe58f-f705-11e8-b555-0800279aaa2b"

685

"uuid": "267fe58f-f705-11e8-b555-0800279aaa2b"

686

},

686

},

687

{

687

{

688

"category": "Compliance",

688

"category": "Compliance",

689

"code": "18.2.3",

689

"code": "18.2.3",

690

"label": "Technical compliance review",

690

"label": "Technical compliance review",

691

"uuid": "267fe600-f705-11e8-b555-0800279aaa2b"

691

"uuid": "267fe600-f705-11e8-b555-0800279aaa2b"

692

}

692

}

693

],

693

],

694

"version": 1,

694

"version": 1,

695

"version_ext": "ISO/IEC 27002:2013"

695

"version_ext": "ISO/IEC 27002:2013"

696

}

696

}