Date: Sep 9, 2021, 7:40:04 AM
Date: Sep 9, 2021, 7:41:12 AM
Name: ISO/IEC 27002
Name: ISO/IEC 27002
Description: ISO/IEC 27002 controls
Description: ISO/IEC 27002 controls
t | 1 | { | t | 1 | { |
2 | "label": "ISO/IEC 27002", | 2 | "label": "ISO/IEC 27002", | ||
3 | "language": "EN", | 3 | "language": "EN", | ||
4 | "refs": [ | 4 | "refs": [ | ||
5 | "https://www.iso.org/standard/54533.html" | 5 | "https://www.iso.org/standard/54533.html" | ||
6 | ], | 6 | ], | ||
7 | "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", | 7 | "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", | ||
8 | "values": [ | 8 | "values": [ | ||
9 | { | 9 | { | ||
10 | "category": "Information security policies", | 10 | "category": "Information security policies", | ||
11 | "code": "5.1.1", | 11 | "code": "5.1.1", | ||
12 | "label": "Policies for information security", | 12 | "label": "Policies for information security", | ||
13 | "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" | 13 | "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" | ||
14 | }, | 14 | }, | ||
15 | { | 15 | { | ||
16 | "category": "Information security policies", | 16 | "category": "Information security policies", | ||
17 | "code": "5.1.2", | 17 | "code": "5.1.2", | ||
18 | "label": "Review of the policies for information security", | 18 | "label": "Review of the policies for information security", | ||
19 | "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" | 19 | "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" | ||
20 | }, | 20 | }, | ||
21 | { | 21 | { | ||
22 | "category": "Organization of information security", | 22 | "category": "Organization of information security", | ||
23 | "code": "6.1.1", | 23 | "code": "6.1.1", | ||
24 | "label": "Information security roles and responsibilities", | 24 | "label": "Information security roles and responsibilities", | ||
25 | "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" | 25 | "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" | ||
26 | }, | 26 | }, | ||
27 | { | 27 | { | ||
28 | "category": "Organization of information security", | 28 | "category": "Organization of information security", | ||
29 | "code": "6.1.2", | 29 | "code": "6.1.2", | ||
30 | "label": "Segregation of duties", | 30 | "label": "Segregation of duties", | ||
31 | "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" | 31 | "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" | ||
32 | }, | 32 | }, | ||
33 | { | 33 | { | ||
34 | "category": "Organization of information security", | 34 | "category": "Organization of information security", | ||
35 | "code": "6.1.3", | 35 | "code": "6.1.3", | ||
36 | "label": "Contact with authorities", | 36 | "label": "Contact with authorities", | ||
37 | "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" | 37 | "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" | ||
38 | }, | 38 | }, | ||
39 | { | 39 | { | ||
40 | "category": "Organization of information security", | 40 | "category": "Organization of information security", | ||
41 | "code": "6.1.4", | 41 | "code": "6.1.4", | ||
42 | "label": "Contact with special interest groups", | 42 | "label": "Contact with special interest groups", | ||
43 | "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" | 43 | "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" | ||
44 | }, | 44 | }, | ||
45 | { | 45 | { | ||
46 | "category": "Organization of information security", | 46 | "category": "Organization of information security", | ||
47 | "code": "6.1.5", | 47 | "code": "6.1.5", | ||
48 | "label": "Information Security in Project Management", | 48 | "label": "Information Security in Project Management", | ||
49 | "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" | 49 | "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" | ||
50 | }, | 50 | }, | ||
51 | { | 51 | { | ||
52 | "category": "Organization of information security", | 52 | "category": "Organization of information security", | ||
53 | "code": "6.2.1", | 53 | "code": "6.2.1", | ||
54 | "label": "Mobile device policy", | 54 | "label": "Mobile device policy", | ||
55 | "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" | 55 | "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" | ||
56 | }, | 56 | }, | ||
57 | { | 57 | { | ||
58 | "category": "Organization of information security", | 58 | "category": "Organization of information security", | ||
59 | "code": "6.2.2", | 59 | "code": "6.2.2", | ||
60 | "label": "Teleworking", | 60 | "label": "Teleworking", | ||
61 | "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" | 61 | "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" | ||
62 | }, | 62 | }, | ||
63 | { | 63 | { | ||
64 | "category": "Human resource security", | 64 | "category": "Human resource security", | ||
65 | "code": "7.1.1", | 65 | "code": "7.1.1", | ||
66 | "label": "Screening", | 66 | "label": "Screening", | ||
67 | "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" | 67 | "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" | ||
68 | }, | 68 | }, | ||
69 | { | 69 | { | ||
70 | "category": "Human resource security", | 70 | "category": "Human resource security", | ||
71 | "code": "7.1.2", | 71 | "code": "7.1.2", | ||
72 | "label": "Terms and conditions of employment", | 72 | "label": "Terms and conditions of employment", | ||
73 | "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" | 73 | "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" | ||
74 | }, | 74 | }, | ||
75 | { | 75 | { | ||
76 | "category": "Human resource security", | 76 | "category": "Human resource security", | ||
77 | "code": "7.2.1", | 77 | "code": "7.2.1", | ||
78 | "label": "Management responsibilities", | 78 | "label": "Management responsibilities", | ||
79 | "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" | 79 | "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" | ||
80 | }, | 80 | }, | ||
81 | { | 81 | { | ||
82 | "category": "Human resource security", | 82 | "category": "Human resource security", | ||
83 | "code": "7.2.2", | 83 | "code": "7.2.2", | ||
84 | "label": "Information security awareness, education and training", | 84 | "label": "Information security awareness, education and training", | ||
85 | "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" | 85 | "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" | ||
86 | }, | 86 | }, | ||
87 | { | 87 | { | ||
88 | "category": "Human resource security", | 88 | "category": "Human resource security", | ||
89 | "code": "7.2.3", | 89 | "code": "7.2.3", | ||
90 | "label": "Disciplinary process", | 90 | "label": "Disciplinary process", | ||
91 | "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" | 91 | "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" | ||
92 | }, | 92 | }, | ||
93 | { | 93 | { | ||
94 | "category": "Human resource security", | 94 | "category": "Human resource security", | ||
95 | "code": "7.3.1", | 95 | "code": "7.3.1", | ||
96 | "label": "Termination or change of employment responsibilities", | 96 | "label": "Termination or change of employment responsibilities", | ||
97 | "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" | 97 | "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" | ||
98 | }, | 98 | }, | ||
99 | { | 99 | { | ||
100 | "category": "Asset management", | 100 | "category": "Asset management", | ||
101 | "code": "8.1.1", | 101 | "code": "8.1.1", | ||
102 | "label": "Inventory of Assets", | 102 | "label": "Inventory of Assets", | ||
103 | "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" | 103 | "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" | ||
104 | }, | 104 | }, | ||
105 | { | 105 | { | ||
106 | "category": "Asset management", | 106 | "category": "Asset management", | ||
107 | "code": "8.1.2", | 107 | "code": "8.1.2", | ||
108 | "label": "Ownership of assets", | 108 | "label": "Ownership of assets", | ||
109 | "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" | 109 | "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" | ||
110 | }, | 110 | }, | ||
111 | { | 111 | { | ||
112 | "category": "Asset management", | 112 | "category": "Asset management", | ||
113 | "code": "8.1.3", | 113 | "code": "8.1.3", | ||
114 | "label": "Acceptable use of assets", | 114 | "label": "Acceptable use of assets", | ||
115 | "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" | 115 | "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" | ||
116 | }, | 116 | }, | ||
117 | { | 117 | { | ||
118 | "category": "Asset management", | 118 | "category": "Asset management", | ||
119 | "code": "8.1.4", | 119 | "code": "8.1.4", | ||
120 | "label": "Return of assets", | 120 | "label": "Return of assets", | ||
121 | "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" | 121 | "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" | ||
122 | }, | 122 | }, | ||
123 | { | 123 | { | ||
124 | "category": "Asset management", | 124 | "category": "Asset management", | ||
125 | "code": "8.2.1", | 125 | "code": "8.2.1", | ||
126 | "label": "Classification guidelines", | 126 | "label": "Classification guidelines", | ||
127 | "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" | 127 | "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" | ||
128 | }, | 128 | }, | ||
129 | { | 129 | { | ||
130 | "category": "Asset management", | 130 | "category": "Asset management", | ||
131 | "code": "8.2.2", | 131 | "code": "8.2.2", | ||
132 | "label": "Labelling of information", | 132 | "label": "Labelling of information", | ||
133 | "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" | 133 | "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" | ||
134 | }, | 134 | }, | ||
135 | { | 135 | { | ||
136 | "category": "Asset management", | 136 | "category": "Asset management", | ||
137 | "code": "8.2.3", | 137 | "code": "8.2.3", | ||
138 | "label": "Handling of assets", | 138 | "label": "Handling of assets", | ||
139 | "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" | 139 | "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" | ||
140 | }, | 140 | }, | ||
141 | { | 141 | { | ||
142 | "category": "Asset management", | 142 | "category": "Asset management", | ||
143 | "code": "8.3.1", | 143 | "code": "8.3.1", | ||
144 | "label": "Management of removeable media", | 144 | "label": "Management of removeable media", | ||
145 | "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" | 145 | "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" | ||
146 | }, | 146 | }, | ||
147 | { | 147 | { | ||
148 | "category": "Asset management", | 148 | "category": "Asset management", | ||
149 | "code": "8.3.2", | 149 | "code": "8.3.2", | ||
150 | "label": "Disposal of media", | 150 | "label": "Disposal of media", | ||
151 | "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" | 151 | "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" | ||
152 | }, | 152 | }, | ||
153 | { | 153 | { | ||
154 | "category": "Asset management", | 154 | "category": "Asset management", | ||
155 | "code": "8.3.3", | 155 | "code": "8.3.3", | ||
156 | "label": "Physical Media transfer", | 156 | "label": "Physical Media transfer", | ||
157 | "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" | 157 | "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" | ||
158 | }, | 158 | }, | ||
159 | { | 159 | { | ||
160 | "category": "Access control", | 160 | "category": "Access control", | ||
161 | "code": "9.1.1", | 161 | "code": "9.1.1", | ||
162 | "label": "Access control policy", | 162 | "label": "Access control policy", | ||
163 | "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" | 163 | "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" | ||
164 | }, | 164 | }, | ||
165 | { | 165 | { | ||
166 | "category": "Access control", | 166 | "category": "Access control", | ||
167 | "code": "9.1.2", | 167 | "code": "9.1.2", | ||
168 | "label": "Access to networks and network services", | 168 | "label": "Access to networks and network services", | ||
169 | "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" | 169 | "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" | ||
170 | }, | 170 | }, | ||
171 | { | 171 | { | ||
172 | "category": "Access control", | 172 | "category": "Access control", | ||
173 | "code": "9.2.1", | 173 | "code": "9.2.1", | ||
174 | "label": "User registration and deregistration", | 174 | "label": "User registration and deregistration", | ||
175 | "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" | 175 | "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" | ||
176 | }, | 176 | }, | ||
177 | { | 177 | { | ||
178 | "category": "Access control", | 178 | "category": "Access control", | ||
179 | "code": "9.2.2", | 179 | "code": "9.2.2", | ||
180 | "label": "User access provisioning", | 180 | "label": "User access provisioning", | ||
181 | "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" | 181 | "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" | ||
182 | }, | 182 | }, | ||
183 | { | 183 | { | ||
184 | "category": "Access control", | 184 | "category": "Access control", | ||
185 | "code": "9.2.3", | 185 | "code": "9.2.3", | ||
186 | "label": "Management of privileged access rights", | 186 | "label": "Management of privileged access rights", | ||
187 | "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" | 187 | "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" | ||
188 | }, | 188 | }, | ||
189 | { | 189 | { | ||
190 | "category": "Access control", | 190 | "category": "Access control", | ||
191 | "code": "9.2.4", | 191 | "code": "9.2.4", | ||
192 | "label": "Management of secret authentication information of users", | 192 | "label": "Management of secret authentication information of users", | ||
193 | "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" | 193 | "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" | ||
194 | }, | 194 | }, | ||
195 | { | 195 | { | ||
196 | "category": "Access control", | 196 | "category": "Access control", | ||
197 | "code": "9.2.5", | 197 | "code": "9.2.5", | ||
198 | "label": "Review of user access rights", | 198 | "label": "Review of user access rights", | ||
199 | "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" | 199 | "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" | ||
200 | }, | 200 | }, | ||
201 | { | 201 | { | ||
202 | "category": "Access control", | 202 | "category": "Access control", | ||
203 | "code": "9.2.6", | 203 | "code": "9.2.6", | ||
204 | "label": "Removal or adjustment of access rights", | 204 | "label": "Removal or adjustment of access rights", | ||
205 | "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" | 205 | "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" | ||
206 | }, | 206 | }, | ||
207 | { | 207 | { | ||
208 | "category": "Access control", | 208 | "category": "Access control", | ||
209 | "code": "9.3.1", | 209 | "code": "9.3.1", | ||
210 | "label": "Use of secret authentication information", | 210 | "label": "Use of secret authentication information", | ||
211 | "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" | 211 | "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" | ||
212 | }, | 212 | }, | ||
213 | { | 213 | { | ||
214 | "category": "Access control", | 214 | "category": "Access control", | ||
215 | "code": "9.4.1", | 215 | "code": "9.4.1", | ||
216 | "label": "Information access restriction", | 216 | "label": "Information access restriction", | ||
217 | "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" | 217 | "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" | ||
218 | }, | 218 | }, | ||
219 | { | 219 | { | ||
220 | "category": "Access control", | 220 | "category": "Access control", | ||
221 | "code": "9.4.2", | 221 | "code": "9.4.2", | ||
222 | "label": "Secure log-on procedures", | 222 | "label": "Secure log-on procedures", | ||
223 | "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" | 223 | "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" | ||
224 | }, | 224 | }, | ||
225 | { | 225 | { | ||
226 | "category": "Access control", | 226 | "category": "Access control", | ||
227 | "code": "9.4.3", | 227 | "code": "9.4.3", | ||
228 | "label": "Password management system", | 228 | "label": "Password management system", | ||
229 | "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" | 229 | "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" | ||
230 | }, | 230 | }, | ||
231 | { | 231 | { | ||
232 | "category": "Access control", | 232 | "category": "Access control", | ||
233 | "code": "9.4.4", | 233 | "code": "9.4.4", | ||
234 | "label": "Use of privileged utility programs", | 234 | "label": "Use of privileged utility programs", | ||
235 | "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" | 235 | "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" | ||
236 | }, | 236 | }, | ||
237 | { | 237 | { | ||
238 | "category": "Access control", | 238 | "category": "Access control", | ||
239 | "code": "9.4.5", | 239 | "code": "9.4.5", | ||
240 | "label": "Access control to program source code", | 240 | "label": "Access control to program source code", | ||
241 | "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" | 241 | "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" | ||
242 | }, | 242 | }, | ||
243 | { | 243 | { | ||
244 | "category": "Cryptography", | 244 | "category": "Cryptography", | ||
245 | "code": "10.1.1", | 245 | "code": "10.1.1", | ||
246 | "label": "Policy on the use of cryptographic controls", | 246 | "label": "Policy on the use of cryptographic controls", | ||
247 | "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" | 247 | "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" | ||
248 | }, | 248 | }, | ||
249 | { | 249 | { | ||
250 | "category": "Cryptography", | 250 | "category": "Cryptography", | ||
251 | "code": "10.1.2", | 251 | "code": "10.1.2", | ||
252 | "label": "Key management", | 252 | "label": "Key management", | ||
253 | "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" | 253 | "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" | ||
254 | }, | 254 | }, | ||
255 | { | 255 | { | ||
256 | "category": "Physical and environmental security", | 256 | "category": "Physical and environmental security", | ||
257 | "code": "11.1.1", | 257 | "code": "11.1.1", | ||
258 | "label": "Physical security perimeter", | 258 | "label": "Physical security perimeter", | ||
259 | "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" | 259 | "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" | ||
260 | }, | 260 | }, | ||
261 | { | 261 | { | ||
262 | "category": "Physical and environmental security", | 262 | "category": "Physical and environmental security", | ||
263 | "code": "11.1.2", | 263 | "code": "11.1.2", | ||
264 | "label": "Physical entry controls", | 264 | "label": "Physical entry controls", | ||
265 | "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" | 265 | "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" | ||
266 | }, | 266 | }, | ||
267 | { | 267 | { | ||
268 | "category": "Physical and environmental security", | 268 | "category": "Physical and environmental security", | ||
269 | "code": "11.1.3", | 269 | "code": "11.1.3", | ||
270 | "label": "Securing offices, rooms and facilities", | 270 | "label": "Securing offices, rooms and facilities", | ||
271 | "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" | 271 | "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" | ||
272 | }, | 272 | }, | ||
273 | { | 273 | { | ||
274 | "category": "Physical and environmental security", | 274 | "category": "Physical and environmental security", | ||
275 | "code": "11.1.4", | 275 | "code": "11.1.4", | ||
276 | "label": "Protecting against external and environmental attacks", | 276 | "label": "Protecting against external and environmental attacks", | ||
277 | "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" | 277 | "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" | ||
278 | }, | 278 | }, | ||
279 | { | 279 | { | ||
280 | "category": "Physical and environmental security", | 280 | "category": "Physical and environmental security", | ||
281 | "code": "11.1.5", | 281 | "code": "11.1.5", | ||
282 | "label": "Working in secure areas", | 282 | "label": "Working in secure areas", | ||
283 | "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" | 283 | "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" | ||
284 | }, | 284 | }, | ||
285 | { | 285 | { | ||
286 | "category": "Physical and environmental security", | 286 | "category": "Physical and environmental security", | ||
287 | "code": "11.1.6", | 287 | "code": "11.1.6", | ||
288 | "label": "Delivery and loading areas", | 288 | "label": "Delivery and loading areas", | ||
289 | "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" | 289 | "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" | ||
290 | }, | 290 | }, | ||
291 | { | 291 | { | ||
292 | "category": "Physical and environmental security", | 292 | "category": "Physical and environmental security", | ||
293 | "code": "11.2.1", | 293 | "code": "11.2.1", | ||
294 | "label": "Equipment siting and protection", | 294 | "label": "Equipment siting and protection", | ||
295 | "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" | 295 | "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" | ||
296 | }, | 296 | }, | ||
297 | { | 297 | { | ||
298 | "category": "Physical and environmental security", | 298 | "category": "Physical and environmental security", | ||
299 | "code": "11.2.2", | 299 | "code": "11.2.2", | ||
300 | "label": "Supporting utilities", | 300 | "label": "Supporting utilities", | ||
301 | "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" | 301 | "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" | ||
302 | }, | 302 | }, | ||
303 | { | 303 | { | ||
304 | "category": "Physical and environmental security", | 304 | "category": "Physical and environmental security", | ||
305 | "code": "11.2.3", | 305 | "code": "11.2.3", | ||
306 | "label": "Cabling Security", | 306 | "label": "Cabling Security", | ||
307 | "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" | 307 | "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" | ||
308 | }, | 308 | }, | ||
309 | { | 309 | { | ||
310 | "category": "Physical and environmental security", | 310 | "category": "Physical and environmental security", | ||
311 | "code": "11.2.4", | 311 | "code": "11.2.4", | ||
312 | "label": "Equipment maintenance", | 312 | "label": "Equipment maintenance", | ||
313 | "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" | 313 | "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" | ||
314 | }, | 314 | }, | ||
315 | { | 315 | { | ||
316 | "category": "Physical and environmental security", | 316 | "category": "Physical and environmental security", | ||
317 | "code": "11.2.5", | 317 | "code": "11.2.5", | ||
318 | "label": "Security of equipment off-premises", | 318 | "label": "Security of equipment off-premises", | ||
319 | "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" | 319 | "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" | ||
320 | }, | 320 | }, | ||
321 | { | 321 | { | ||
322 | "category": "Physical and environmental security", | 322 | "category": "Physical and environmental security", | ||
323 | "code": "11.2.6", | 323 | "code": "11.2.6", | ||
324 | "label": "Security of equipment and assets off-premises", | 324 | "label": "Security of equipment and assets off-premises", | ||
325 | "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" | 325 | "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" | ||
326 | }, | 326 | }, | ||
327 | { | 327 | { | ||
328 | "category": "Physical and environmental security", | 328 | "category": "Physical and environmental security", | ||
329 | "code": "11.2.7", | 329 | "code": "11.2.7", | ||
330 | "label": "Secure disposal or re-use of equipment", | 330 | "label": "Secure disposal or re-use of equipment", | ||
331 | "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" | 331 | "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" | ||
332 | }, | 332 | }, | ||
333 | { | 333 | { | ||
334 | "category": "Physical and environmental security", | 334 | "category": "Physical and environmental security", | ||
335 | "code": "11.2.8", | 335 | "code": "11.2.8", | ||
336 | "label": "Unattended user equipment", | 336 | "label": "Unattended user equipment", | ||
337 | "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" | 337 | "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" | ||
338 | }, | 338 | }, | ||
339 | { | 339 | { | ||
340 | "category": "Physical and environmental security", | 340 | "category": "Physical and environmental security", | ||
341 | "code": "11.2.9", | 341 | "code": "11.2.9", | ||
342 | "label": "Clear desk and clear screen policy", | 342 | "label": "Clear desk and clear screen policy", | ||
343 | "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" | 343 | "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" | ||
344 | }, | 344 | }, | ||
345 | { | 345 | { | ||
346 | "category": "Operations security", | 346 | "category": "Operations security", | ||
347 | "code": "12.1.1", | 347 | "code": "12.1.1", | ||
348 | "label": "Documented operating procedures", | 348 | "label": "Documented operating procedures", | ||
349 | "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" | 349 | "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" | ||
350 | }, | 350 | }, | ||
351 | { | 351 | { | ||
352 | "category": "Operations security", | 352 | "category": "Operations security", | ||
353 | "code": "12.1.2", | 353 | "code": "12.1.2", | ||
354 | "label": "Change management", | 354 | "label": "Change management", | ||
355 | "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" | 355 | "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" | ||
356 | }, | 356 | }, | ||
357 | { | 357 | { | ||
358 | "category": "Operations security", | 358 | "category": "Operations security", | ||
359 | "code": "12.1.3", | 359 | "code": "12.1.3", | ||
360 | "label": "Capacity management", | 360 | "label": "Capacity management", | ||
361 | "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" | 361 | "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" | ||
362 | }, | 362 | }, | ||
363 | { | 363 | { | ||
364 | "category": "Operations security", | 364 | "category": "Operations security", | ||
365 | "code": "12.1.4", | 365 | "code": "12.1.4", | ||
366 | "label": "Separation of development, testing and operational environments", | 366 | "label": "Separation of development, testing and operational environments", | ||
367 | "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" | 367 | "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" | ||
368 | }, | 368 | }, | ||
369 | { | 369 | { | ||
370 | "category": "Operations security", | 370 | "category": "Operations security", | ||
371 | "code": "12.2.1", | 371 | "code": "12.2.1", | ||
372 | "label": "Controls against malicious code", | 372 | "label": "Controls against malicious code", | ||
373 | "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" | 373 | "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" | ||
374 | }, | 374 | }, | ||
375 | { | 375 | { | ||
376 | "category": "Operations security", | 376 | "category": "Operations security", | ||
377 | "code": "12.3.1", | 377 | "code": "12.3.1", | ||
378 | "label": "Information Backup", | 378 | "label": "Information Backup", | ||
379 | "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" | 379 | "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" | ||
380 | }, | 380 | }, | ||
381 | { | 381 | { | ||
382 | "category": "Operations security", | 382 | "category": "Operations security", | ||
383 | "code": "12.4.1", | 383 | "code": "12.4.1", | ||
384 | "label": "Event logging", | 384 | "label": "Event logging", | ||
385 | "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" | 385 | "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" | ||
386 | }, | 386 | }, | ||
387 | { | 387 | { | ||
388 | "category": "Operations security", | 388 | "category": "Operations security", | ||
389 | "code": "12.4.2", | 389 | "code": "12.4.2", | ||
390 | "label": "Protection of log information", | 390 | "label": "Protection of log information", | ||
391 | "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" | 391 | "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" | ||
392 | }, | 392 | }, | ||
393 | { | 393 | { | ||
394 | "category": "Operations security", | 394 | "category": "Operations security", | ||
395 | "code": "12.4.3", | 395 | "code": "12.4.3", | ||
396 | "label": "Administrator and operator logs", | 396 | "label": "Administrator and operator logs", | ||
397 | "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" | 397 | "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" | ||
398 | }, | 398 | }, | ||
399 | { | 399 | { | ||
400 | "category": "Operations security", | 400 | "category": "Operations security", | ||
401 | "code": "12.4.4", | 401 | "code": "12.4.4", | ||
402 | "label": "Clock synchronisation", | 402 | "label": "Clock synchronisation", | ||
403 | "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" | 403 | "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" | ||
404 | }, | 404 | }, | ||
405 | { | 405 | { | ||
406 | "category": "Operations security", | 406 | "category": "Operations security", | ||
407 | "code": "12.5.1", | 407 | "code": "12.5.1", | ||
408 | "label": "Installation of software on operational systems", | 408 | "label": "Installation of software on operational systems", | ||
409 | "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" | 409 | "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" | ||
410 | }, | 410 | }, | ||
411 | { | 411 | { | ||
412 | "category": "Operations security", | 412 | "category": "Operations security", | ||
413 | "code": "12.6.1", | 413 | "code": "12.6.1", | ||
414 | "label": "Management of technical vulnerabilities", | 414 | "label": "Management of technical vulnerabilities", | ||
415 | "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" | 415 | "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" | ||
416 | }, | 416 | }, | ||
417 | { | 417 | { | ||
418 | "category": "Operations security", | 418 | "category": "Operations security", | ||
419 | "code": "12.6.2", | 419 | "code": "12.6.2", | ||
420 | "label": "Restrictions on software installation", | 420 | "label": "Restrictions on software installation", | ||
421 | "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" | 421 | "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" | ||
422 | }, | 422 | }, | ||
423 | { | 423 | { | ||
424 | "category": "Operations security", | 424 | "category": "Operations security", | ||
425 | "code": "12.7.1", | 425 | "code": "12.7.1", | ||
426 | "label": "Information systems audit controls", | 426 | "label": "Information systems audit controls", | ||
427 | "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" | 427 | "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" | ||
428 | }, | 428 | }, | ||
429 | { | 429 | { | ||
430 | "category": "Communications security", | 430 | "category": "Communications security", | ||
431 | "code": "13.1.1", | 431 | "code": "13.1.1", | ||
432 | "label": "Network controls", | 432 | "label": "Network controls", | ||
433 | "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" | 433 | "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" | ||
434 | }, | 434 | }, | ||
435 | { | 435 | { | ||
436 | "category": "Communications security", | 436 | "category": "Communications security", | ||
437 | "code": "13.1.2", | 437 | "code": "13.1.2", | ||
438 | "label": "Security of network services", | 438 | "label": "Security of network services", | ||
439 | "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" | 439 | "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" | ||
440 | }, | 440 | }, | ||
441 | { | 441 | { | ||
442 | "category": "Communications security", | 442 | "category": "Communications security", | ||
443 | "code": "13.1.3", | 443 | "code": "13.1.3", | ||
444 | "label": "Segregation in networks", | 444 | "label": "Segregation in networks", | ||
445 | "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" | 445 | "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" | ||
446 | }, | 446 | }, | ||
447 | { | 447 | { | ||
448 | "category": "Communications security", | 448 | "category": "Communications security", | ||
449 | "code": "13.2.1", | 449 | "code": "13.2.1", | ||
450 | "label": "Information transfer policies and procedures", | 450 | "label": "Information transfer policies and procedures", | ||
451 | "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" | 451 | "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" | ||
452 | }, | 452 | }, | ||
453 | { | 453 | { | ||
454 | "category": "Communications security", | 454 | "category": "Communications security", | ||
455 | "code": "13.2.2", | 455 | "code": "13.2.2", | ||
456 | "label": "Agreements on information transfer", | 456 | "label": "Agreements on information transfer", | ||
457 | "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" | 457 | "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" | ||
458 | }, | 458 | }, | ||
459 | { | 459 | { | ||
460 | "category": "Communications security", | 460 | "category": "Communications security", | ||
461 | "code": "13.2.3", | 461 | "code": "13.2.3", | ||
462 | "label": "Electronic messaging", | 462 | "label": "Electronic messaging", | ||
463 | "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" | 463 | "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" | ||
464 | }, | 464 | }, | ||
465 | { | 465 | { | ||
466 | "category": "Communications security", | 466 | "category": "Communications security", | ||
467 | "code": "13.2.4", | 467 | "code": "13.2.4", | ||
468 | "label": "Confidentiality or non-disclosure agreements", | 468 | "label": "Confidentiality or non-disclosure agreements", | ||
469 | "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" | 469 | "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" | ||
470 | }, | 470 | }, | ||
471 | { | 471 | { | ||
472 | "category": "System acquisition, development and maintenance", | 472 | "category": "System acquisition, development and maintenance", | ||
473 | "code": "14.1.1", | 473 | "code": "14.1.1", | ||
474 | "label": "Information security requirements analysis and specification", | 474 | "label": "Information security requirements analysis and specification", | ||
475 | "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" | 475 | "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" | ||
476 | }, | 476 | }, | ||
477 | { | 477 | { | ||
478 | "category": "System acquisition, development and maintenance", | 478 | "category": "System acquisition, development and maintenance", | ||
479 | "code": "14.1.2", | 479 | "code": "14.1.2", | ||
480 | "label": "Securing application services on public networks", | 480 | "label": "Securing application services on public networks", | ||
481 | "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" | 481 | "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" | ||
482 | }, | 482 | }, | ||
483 | { | 483 | { | ||
484 | "category": "System acquisition, development and maintenance", | 484 | "category": "System acquisition, development and maintenance", | ||
485 | "code": "14.1.3", | 485 | "code": "14.1.3", | ||
486 | "label": "Protecting application services transactions", | 486 | "label": "Protecting application services transactions", | ||
487 | "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" | 487 | "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" | ||
488 | }, | 488 | }, | ||
489 | { | 489 | { | ||
490 | "category": "System acquisition, development and maintenance", | 490 | "category": "System acquisition, development and maintenance", | ||
491 | "code": "14.2.1", | 491 | "code": "14.2.1", | ||
492 | "label": "Secure development policy", | 492 | "label": "Secure development policy", | ||
493 | "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" | 493 | "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" | ||
494 | }, | 494 | }, | ||
495 | { | 495 | { | ||
496 | "category": "System acquisition, development and maintenance", | 496 | "category": "System acquisition, development and maintenance", | ||
497 | "code": "14.2.2", | 497 | "code": "14.2.2", | ||
498 | "label": "System change control procedures", | 498 | "label": "System change control procedures", | ||
499 | "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" | 499 | "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" | ||
500 | }, | 500 | }, | ||
501 | { | 501 | { | ||
502 | "category": "System acquisition, development and maintenance", | 502 | "category": "System acquisition, development and maintenance", | ||
503 | "code": "14.2.3", | 503 | "code": "14.2.3", | ||
504 | "label": "Technical review of applications after operating platform changes", | 504 | "label": "Technical review of applications after operating platform changes", | ||
505 | "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" | 505 | "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" | ||
506 | }, | 506 | }, | ||
507 | { | 507 | { | ||
508 | "category": "System acquisition, development and maintenance", | 508 | "category": "System acquisition, development and maintenance", | ||
509 | "code": "14.2.4", | 509 | "code": "14.2.4", | ||
510 | "label": "Restrictions on changes to software packages", | 510 | "label": "Restrictions on changes to software packages", | ||
511 | "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" | 511 | "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" | ||
512 | }, | 512 | }, | ||
513 | { | 513 | { | ||
514 | "category": "System acquisition, development and maintenance", | 514 | "category": "System acquisition, development and maintenance", | ||
515 | "code": "14.2.5", | 515 | "code": "14.2.5", | ||
516 | "label": "Secure system engineering principles", | 516 | "label": "Secure system engineering principles", | ||
517 | "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" | 517 | "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" | ||
518 | }, | 518 | }, | ||
519 | { | 519 | { | ||
520 | "category": "System acquisition, development and maintenance", | 520 | "category": "System acquisition, development and maintenance", | ||
521 | "code": "14.2.6", | 521 | "code": "14.2.6", | ||
522 | "label": "Secure development environment", | 522 | "label": "Secure development environment", | ||
523 | "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" | 523 | "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" | ||
524 | }, | 524 | }, | ||
525 | { | 525 | { | ||
526 | "category": "System acquisition, development and maintenance", | 526 | "category": "System acquisition, development and maintenance", | ||
527 | "code": "14.2.7", | 527 | "code": "14.2.7", | ||
528 | "label": "Outsourced software development", | 528 | "label": "Outsourced software development", | ||
529 | "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" | 529 | "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" | ||
530 | }, | 530 | }, | ||
531 | { | 531 | { | ||
532 | "category": "System acquisition, development and maintenance", | 532 | "category": "System acquisition, development and maintenance", | ||
533 | "code": "14.2.8", | 533 | "code": "14.2.8", | ||
534 | "label": "System security testing", | 534 | "label": "System security testing", | ||
535 | "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" | 535 | "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" | ||
536 | }, | 536 | }, | ||
537 | { | 537 | { | ||
538 | "category": "System acquisition, development and maintenance", | 538 | "category": "System acquisition, development and maintenance", | ||
539 | "code": "14.2.9", | 539 | "code": "14.2.9", | ||
540 | "label": "System acceptance testing", | 540 | "label": "System acceptance testing", | ||
541 | "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" | 541 | "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" | ||
542 | }, | 542 | }, | ||
543 | { | 543 | { | ||
544 | "category": "System acquisition, development and maintenance", | 544 | "category": "System acquisition, development and maintenance", | ||
545 | "code": "14.3.1", | 545 | "code": "14.3.1", | ||
546 | "label": "Protection of test data", | 546 | "label": "Protection of test data", | ||
547 | "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" | 547 | "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" | ||
548 | }, | 548 | }, | ||
549 | { | 549 | { | ||
550 | "category": "Supplier relationships", | 550 | "category": "Supplier relationships", | ||
551 | "code": "15.1.1", | 551 | "code": "15.1.1", | ||
552 | "label": "Information security policy for supplier relationships", | 552 | "label": "Information security policy for supplier relationships", | ||
553 | "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" | 553 | "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" | ||
554 | }, | 554 | }, | ||
555 | { | 555 | { | ||
556 | "category": "Supplier relationships", | 556 | "category": "Supplier relationships", | ||
557 | "code": "15.1.2", | 557 | "code": "15.1.2", | ||
558 | "label": "Addressing security within supplier agreements", | 558 | "label": "Addressing security within supplier agreements", | ||
559 | "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" | 559 | "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" | ||
560 | }, | 560 | }, | ||
561 | { | 561 | { | ||
562 | "category": "Supplier relationships", | 562 | "category": "Supplier relationships", | ||
563 | "code": "15.1.3", | 563 | "code": "15.1.3", | ||
564 | "label": "Informaiton and communication technology supply chain", | 564 | "label": "Informaiton and communication technology supply chain", | ||
565 | "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" | 565 | "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" | ||
566 | }, | 566 | }, | ||
567 | { | 567 | { | ||
568 | "category": "Supplier relationships", | 568 | "category": "Supplier relationships", | ||
569 | "code": "15.2.1", | 569 | "code": "15.2.1", | ||
570 | "label": "Monitoring and review of supplier services", | 570 | "label": "Monitoring and review of supplier services", | ||
571 | "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" | 571 | "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" | ||
572 | }, | 572 | }, | ||
573 | { | 573 | { | ||
574 | "category": "Supplier relationships", | 574 | "category": "Supplier relationships", | ||
575 | "code": "15.2.2", | 575 | "code": "15.2.2", | ||
576 | "label": "Managing changes to supplier services", | 576 | "label": "Managing changes to supplier services", | ||
577 | "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" | 577 | "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" | ||
578 | }, | 578 | }, | ||
579 | { | 579 | { | ||
580 | "category": "information security incident management", | 580 | "category": "information security incident management", | ||
581 | "code": "16.1.1", | 581 | "code": "16.1.1", | ||
582 | "label": "Responsibilities and procedures", | 582 | "label": "Responsibilities and procedures", | ||
583 | "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" | 583 | "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" | ||
584 | }, | 584 | }, | ||
585 | { | 585 | { | ||
586 | "category": "information security incident management", | 586 | "category": "information security incident management", | ||
587 | "code": "16.1.2", | 587 | "code": "16.1.2", | ||
588 | "label": "Reporting information security events", | 588 | "label": "Reporting information security events", | ||
589 | "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" | 589 | "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" | ||
590 | }, | 590 | }, | ||
591 | { | 591 | { | ||
592 | "category": "information security incident management", | 592 | "category": "information security incident management", | ||
593 | "code": "16.1.3", | 593 | "code": "16.1.3", | ||
594 | "label": "Reporting information security weaknesses", | 594 | "label": "Reporting information security weaknesses", | ||
595 | "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" | 595 | "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" | ||
596 | }, | 596 | }, | ||
597 | { | 597 | { | ||
598 | "category": "information security incident management", | 598 | "category": "information security incident management", | ||
599 | "code": "16.1.4", | 599 | "code": "16.1.4", | ||
600 | "label": "Assessment of and decision on information security events", | 600 | "label": "Assessment of and decision on information security events", | ||
601 | "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" | 601 | "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" | ||
602 | }, | 602 | }, | ||
603 | { | 603 | { | ||
604 | "category": "information security incident management", | 604 | "category": "information security incident management", | ||
605 | "code": "16.1.5", | 605 | "code": "16.1.5", | ||
606 | "label": "Response in information security incidents", | 606 | "label": "Response in information security incidents", | ||
607 | "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" | 607 | "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" | ||
608 | }, | 608 | }, | ||
609 | { | 609 | { | ||
610 | "category": "information security incident management", | 610 | "category": "information security incident management", | ||
611 | "code": "16.1.6", | 611 | "code": "16.1.6", | ||
612 | "label": "Learning from information security incidents", | 612 | "label": "Learning from information security incidents", | ||
613 | "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" | 613 | "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" | ||
614 | }, | 614 | }, | ||
615 | { | 615 | { | ||
616 | "category": "information security incident management", | 616 | "category": "information security incident management", | ||
617 | "code": "16.1.7", | 617 | "code": "16.1.7", | ||
618 | "label": "Collection of evidence", | 618 | "label": "Collection of evidence", | ||
619 | "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" | 619 | "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" | ||
620 | }, | 620 | }, | ||
621 | { | 621 | { | ||
622 | "category": "Information security aspects of business continuity management", | 622 | "category": "Information security aspects of business continuity management", | ||
623 | "code": "17.1.1", | 623 | "code": "17.1.1", | ||
624 | "label": "Planning information security continuity", | 624 | "label": "Planning information security continuity", | ||
625 | "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" | 625 | "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" | ||
626 | }, | 626 | }, | ||
627 | { | 627 | { | ||
628 | "category": "Information security aspects of business continuity management", | 628 | "category": "Information security aspects of business continuity management", | ||
629 | "code": "17.1.2", | 629 | "code": "17.1.2", | ||
630 | "label": "Implementing information security continuity", | 630 | "label": "Implementing information security continuity", | ||
631 | "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" | 631 | "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" | ||
632 | }, | 632 | }, | ||
633 | { | 633 | { | ||
634 | "category": "Information security aspects of business continuity management", | 634 | "category": "Information security aspects of business continuity management", | ||
635 | "code": "17.1.3", | 635 | "code": "17.1.3", | ||
636 | "label": "Verify, review and evaluate information security continuity", | 636 | "label": "Verify, review and evaluate information security continuity", | ||
637 | "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" | 637 | "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" | ||
638 | }, | 638 | }, | ||
639 | { | 639 | { | ||
640 | "category": "Information security aspects of business continuity management", | 640 | "category": "Information security aspects of business continuity management", | ||
641 | "code": "17.2.1", | 641 | "code": "17.2.1", | ||
642 | "label": "Availability of information processing facilities", | 642 | "label": "Availability of information processing facilities", | ||
643 | "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" | 643 | "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" | ||
644 | }, | 644 | }, | ||
645 | { | 645 | { | ||
646 | "category": "Compliance", | 646 | "category": "Compliance", | ||
647 | "code": "18.1.1", | 647 | "code": "18.1.1", | ||
648 | "label": "Identification of applicable legislation", | 648 | "label": "Identification of applicable legislation", | ||
649 | "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" | 649 | "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" | ||
650 | }, | 650 | }, | ||
651 | { | 651 | { | ||
652 | "category": "Compliance", | 652 | "category": "Compliance", | ||
653 | "code": "18.1.2", | 653 | "code": "18.1.2", | ||
654 | "label": "Intellectual Property Rights", | 654 | "label": "Intellectual Property Rights", | ||
655 | "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" | 655 | "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" | ||
656 | }, | 656 | }, | ||
657 | { | 657 | { | ||
658 | "category": "Compliance", | 658 | "category": "Compliance", | ||
659 | "code": "18.1.3", | 659 | "code": "18.1.3", | ||
660 | "label": "Protection of records", | 660 | "label": "Protection of records", | ||
661 | "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" | 661 | "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" | ||
662 | }, | 662 | }, | ||
663 | { | 663 | { | ||
664 | "category": "Compliance", | 664 | "category": "Compliance", | ||
665 | "code": "18.1.4", | 665 | "code": "18.1.4", | ||
666 | "label": "Privacy and protection of personally identifiable information", | 666 | "label": "Privacy and protection of personally identifiable information", | ||
667 | "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" | 667 | "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" | ||
668 | }, | 668 | }, | ||
669 | { | 669 | { | ||
670 | "category": "Compliance", | 670 | "category": "Compliance", | ||
671 | "code": "18.1.5", | 671 | "code": "18.1.5", | ||
672 | "label": "Regulation of cryptographic controls", | 672 | "label": "Regulation of cryptographic controls", | ||
673 | "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" | 673 | "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" | ||
674 | }, | 674 | }, | ||
675 | { | 675 | { | ||
676 | "category": "Compliance", | 676 | "category": "Compliance", | ||
677 | "code": "18.2.1", | 677 | "code": "18.2.1", | ||
678 | "label": "Independent review of information security", | 678 | "label": "Independent review of information security", | ||
679 | "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" | 679 | "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" | ||
680 | }, | 680 | }, | ||
681 | { | 681 | { | ||
682 | "category": "Compliance", | 682 | "category": "Compliance", | ||
683 | "code": "18.2.2", | 683 | "code": "18.2.2", | ||
684 | "label": "Compliance with security policies and standards", | 684 | "label": "Compliance with security policies and standards", | ||
685 | "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" | 685 | "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" | ||
686 | }, | 686 | }, | ||
687 | { | 687 | { | ||
688 | "category": "Compliance", | 688 | "category": "Compliance", | ||
689 | "code": "18.2.3", | 689 | "code": "18.2.3", | ||
690 | "label": "Technical compliance review", | 690 | "label": "Technical compliance review", | ||
691 | "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" | 691 | "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" | ||
692 | } | 692 | } | ||
693 | ], | 693 | ], | ||
694 | "version": 1, | 694 | "version": 1, | ||
695 | "version_ext": "ISO/IEC 27002:2013" | 695 | "version_ext": "ISO/IEC 27002:2013" | ||
696 | } | 696 | } |