Date: Feb 21, 2022, 11:43:37 AM
Date: Feb 21, 2022, 11:44:03 AM
Name: ISO/IEC 27002 [2013]
Name: ISO/IEC 27002 [2022]
Description: ISO/IEC 27002:2013 controls
Description: ISO/IEC 27002:2022 controls
| t | 1 | { | t | 1 | { |
| 2 | "label": "ISO/IEC 27002 [2013]", | 2 | "label": "ISO/IEC 27002 [2013]", | ||
| 3 | "language": "EN", | 3 | "language": "EN", | ||
| 4 | "refs": [ | 4 | "refs": [ | ||
| 5 | "https://www.iso.org/standard/54533.html" | 5 | "https://www.iso.org/standard/54533.html" | ||
| 6 | ], | 6 | ], | ||
| 7 | "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", | 7 | "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", | ||
| 8 | "values": [ | 8 | "values": [ | ||
| 9 | { | 9 | { | ||
| 10 | "category": "Information security policies", | 10 | "category": "Information security policies", | ||
| 11 | "code": "5.1.1", | 11 | "code": "5.1.1", | ||
| 12 | "label": "Policies for information security", | 12 | "label": "Policies for information security", | ||
| 13 | "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" | 13 | "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" | ||
| 14 | }, | 14 | }, | ||
| 15 | { | 15 | { | ||
| 16 | "category": "Information security policies", | 16 | "category": "Information security policies", | ||
| 17 | "code": "5.1.2", | 17 | "code": "5.1.2", | ||
| 18 | "label": "Review of the policies for information security", | 18 | "label": "Review of the policies for information security", | ||
| 19 | "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" | 19 | "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" | ||
| 20 | }, | 20 | }, | ||
| 21 | { | 21 | { | ||
| 22 | "category": "Organization of information security", | 22 | "category": "Organization of information security", | ||
| 23 | "code": "6.1.1", | 23 | "code": "6.1.1", | ||
| 24 | "label": "Information security roles and responsibilities", | 24 | "label": "Information security roles and responsibilities", | ||
| 25 | "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" | 25 | "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" | ||
| 26 | }, | 26 | }, | ||
| 27 | { | 27 | { | ||
| 28 | "category": "Organization of information security", | 28 | "category": "Organization of information security", | ||
| 29 | "code": "6.1.2", | 29 | "code": "6.1.2", | ||
| 30 | "label": "Segregation of duties", | 30 | "label": "Segregation of duties", | ||
| 31 | "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" | 31 | "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" | ||
| 32 | }, | 32 | }, | ||
| 33 | { | 33 | { | ||
| 34 | "category": "Organization of information security", | 34 | "category": "Organization of information security", | ||
| 35 | "code": "6.1.3", | 35 | "code": "6.1.3", | ||
| 36 | "label": "Contact with authorities", | 36 | "label": "Contact with authorities", | ||
| 37 | "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" | 37 | "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" | ||
| 38 | }, | 38 | }, | ||
| 39 | { | 39 | { | ||
| 40 | "category": "Organization of information security", | 40 | "category": "Organization of information security", | ||
| 41 | "code": "6.1.4", | 41 | "code": "6.1.4", | ||
| 42 | "label": "Contact with special interest groups", | 42 | "label": "Contact with special interest groups", | ||
| 43 | "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" | 43 | "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" | ||
| 44 | }, | 44 | }, | ||
| 45 | { | 45 | { | ||
| 46 | "category": "Organization of information security", | 46 | "category": "Organization of information security", | ||
| 47 | "code": "6.1.5", | 47 | "code": "6.1.5", | ||
| 48 | "label": "Information Security in Project Management", | 48 | "label": "Information Security in Project Management", | ||
| 49 | "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" | 49 | "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" | ||
| 50 | }, | 50 | }, | ||
| 51 | { | 51 | { | ||
| 52 | "category": "Organization of information security", | 52 | "category": "Organization of information security", | ||
| 53 | "code": "6.2.1", | 53 | "code": "6.2.1", | ||
| 54 | "label": "Mobile device policy", | 54 | "label": "Mobile device policy", | ||
| 55 | "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" | 55 | "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" | ||
| 56 | }, | 56 | }, | ||
| 57 | { | 57 | { | ||
| 58 | "category": "Organization of information security", | 58 | "category": "Organization of information security", | ||
| 59 | "code": "6.2.2", | 59 | "code": "6.2.2", | ||
| 60 | "label": "Teleworking", | 60 | "label": "Teleworking", | ||
| 61 | "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" | 61 | "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" | ||
| 62 | }, | 62 | }, | ||
| 63 | { | 63 | { | ||
| 64 | "category": "Human resource security", | 64 | "category": "Human resource security", | ||
| 65 | "code": "7.1.1", | 65 | "code": "7.1.1", | ||
| 66 | "label": "Screening", | 66 | "label": "Screening", | ||
| 67 | "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" | 67 | "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" | ||
| 68 | }, | 68 | }, | ||
| 69 | { | 69 | { | ||
| 70 | "category": "Human resource security", | 70 | "category": "Human resource security", | ||
| 71 | "code": "7.1.2", | 71 | "code": "7.1.2", | ||
| 72 | "label": "Terms and conditions of employment", | 72 | "label": "Terms and conditions of employment", | ||
| 73 | "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" | 73 | "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" | ||
| 74 | }, | 74 | }, | ||
| 75 | { | 75 | { | ||
| 76 | "category": "Human resource security", | 76 | "category": "Human resource security", | ||
| 77 | "code": "7.2.1", | 77 | "code": "7.2.1", | ||
| 78 | "label": "Management responsibilities", | 78 | "label": "Management responsibilities", | ||
| 79 | "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" | 79 | "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" | ||
| 80 | }, | 80 | }, | ||
| 81 | { | 81 | { | ||
| 82 | "category": "Human resource security", | 82 | "category": "Human resource security", | ||
| 83 | "code": "7.2.2", | 83 | "code": "7.2.2", | ||
| 84 | "label": "Information security awareness, education and training", | 84 | "label": "Information security awareness, education and training", | ||
| 85 | "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" | 85 | "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" | ||
| 86 | }, | 86 | }, | ||
| 87 | { | 87 | { | ||
| 88 | "category": "Human resource security", | 88 | "category": "Human resource security", | ||
| 89 | "code": "7.2.3", | 89 | "code": "7.2.3", | ||
| 90 | "label": "Disciplinary process", | 90 | "label": "Disciplinary process", | ||
| 91 | "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" | 91 | "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" | ||
| 92 | }, | 92 | }, | ||
| 93 | { | 93 | { | ||
| 94 | "category": "Human resource security", | 94 | "category": "Human resource security", | ||
| 95 | "code": "7.3.1", | 95 | "code": "7.3.1", | ||
| 96 | "label": "Termination or change of employment responsibilities", | 96 | "label": "Termination or change of employment responsibilities", | ||
| 97 | "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" | 97 | "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" | ||
| 98 | }, | 98 | }, | ||
| 99 | { | 99 | { | ||
| 100 | "category": "Asset management", | 100 | "category": "Asset management", | ||
| 101 | "code": "8.1.1", | 101 | "code": "8.1.1", | ||
| 102 | "label": "Inventory of Assets", | 102 | "label": "Inventory of Assets", | ||
| 103 | "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" | 103 | "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" | ||
| 104 | }, | 104 | }, | ||
| 105 | { | 105 | { | ||
| 106 | "category": "Asset management", | 106 | "category": "Asset management", | ||
| 107 | "code": "8.1.2", | 107 | "code": "8.1.2", | ||
| 108 | "label": "Ownership of assets", | 108 | "label": "Ownership of assets", | ||
| 109 | "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" | 109 | "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" | ||
| 110 | }, | 110 | }, | ||
| 111 | { | 111 | { | ||
| 112 | "category": "Asset management", | 112 | "category": "Asset management", | ||
| 113 | "code": "8.1.3", | 113 | "code": "8.1.3", | ||
| 114 | "label": "Acceptable use of assets", | 114 | "label": "Acceptable use of assets", | ||
| 115 | "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" | 115 | "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" | ||
| 116 | }, | 116 | }, | ||
| 117 | { | 117 | { | ||
| 118 | "category": "Asset management", | 118 | "category": "Asset management", | ||
| 119 | "code": "8.1.4", | 119 | "code": "8.1.4", | ||
| 120 | "label": "Return of assets", | 120 | "label": "Return of assets", | ||
| 121 | "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" | 121 | "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" | ||
| 122 | }, | 122 | }, | ||
| 123 | { | 123 | { | ||
| 124 | "category": "Asset management", | 124 | "category": "Asset management", | ||
| 125 | "code": "8.2.1", | 125 | "code": "8.2.1", | ||
| 126 | "label": "Classification guidelines", | 126 | "label": "Classification guidelines", | ||
| 127 | "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" | 127 | "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" | ||
| 128 | }, | 128 | }, | ||
| 129 | { | 129 | { | ||
| 130 | "category": "Asset management", | 130 | "category": "Asset management", | ||
| 131 | "code": "8.2.2", | 131 | "code": "8.2.2", | ||
| 132 | "label": "Labelling of information", | 132 | "label": "Labelling of information", | ||
| 133 | "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" | 133 | "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" | ||
| 134 | }, | 134 | }, | ||
| 135 | { | 135 | { | ||
| 136 | "category": "Asset management", | 136 | "category": "Asset management", | ||
| 137 | "code": "8.2.3", | 137 | "code": "8.2.3", | ||
| 138 | "label": "Handling of assets", | 138 | "label": "Handling of assets", | ||
| 139 | "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" | 139 | "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" | ||
| 140 | }, | 140 | }, | ||
| 141 | { | 141 | { | ||
| 142 | "category": "Asset management", | 142 | "category": "Asset management", | ||
| 143 | "code": "8.3.1", | 143 | "code": "8.3.1", | ||
| 144 | "label": "Management of removeable media", | 144 | "label": "Management of removeable media", | ||
| 145 | "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" | 145 | "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" | ||
| 146 | }, | 146 | }, | ||
| 147 | { | 147 | { | ||
| 148 | "category": "Asset management", | 148 | "category": "Asset management", | ||
| 149 | "code": "8.3.2", | 149 | "code": "8.3.2", | ||
| 150 | "label": "Disposal of media", | 150 | "label": "Disposal of media", | ||
| 151 | "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" | 151 | "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" | ||
| 152 | }, | 152 | }, | ||
| 153 | { | 153 | { | ||
| 154 | "category": "Asset management", | 154 | "category": "Asset management", | ||
| 155 | "code": "8.3.3", | 155 | "code": "8.3.3", | ||
| 156 | "label": "Physical Media transfer", | 156 | "label": "Physical Media transfer", | ||
| 157 | "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" | 157 | "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" | ||
| 158 | }, | 158 | }, | ||
| 159 | { | 159 | { | ||
| 160 | "category": "Access control", | 160 | "category": "Access control", | ||
| 161 | "code": "9.1.1", | 161 | "code": "9.1.1", | ||
| 162 | "label": "Access control policy", | 162 | "label": "Access control policy", | ||
| 163 | "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" | 163 | "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" | ||
| 164 | }, | 164 | }, | ||
| 165 | { | 165 | { | ||
| 166 | "category": "Access control", | 166 | "category": "Access control", | ||
| 167 | "code": "9.1.2", | 167 | "code": "9.1.2", | ||
| 168 | "label": "Access to networks and network services", | 168 | "label": "Access to networks and network services", | ||
| 169 | "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" | 169 | "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" | ||
| 170 | }, | 170 | }, | ||
| 171 | { | 171 | { | ||
| 172 | "category": "Access control", | 172 | "category": "Access control", | ||
| 173 | "code": "9.2.1", | 173 | "code": "9.2.1", | ||
| 174 | "label": "User registration and deregistration", | 174 | "label": "User registration and deregistration", | ||
| 175 | "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" | 175 | "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" | ||
| 176 | }, | 176 | }, | ||
| 177 | { | 177 | { | ||
| 178 | "category": "Access control", | 178 | "category": "Access control", | ||
| 179 | "code": "9.2.2", | 179 | "code": "9.2.2", | ||
| 180 | "label": "User access provisioning", | 180 | "label": "User access provisioning", | ||
| 181 | "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" | 181 | "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" | ||
| 182 | }, | 182 | }, | ||
| 183 | { | 183 | { | ||
| 184 | "category": "Access control", | 184 | "category": "Access control", | ||
| 185 | "code": "9.2.3", | 185 | "code": "9.2.3", | ||
| 186 | "label": "Management of privileged access rights", | 186 | "label": "Management of privileged access rights", | ||
| 187 | "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" | 187 | "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" | ||
| 188 | }, | 188 | }, | ||
| 189 | { | 189 | { | ||
| 190 | "category": "Access control", | 190 | "category": "Access control", | ||
| 191 | "code": "9.2.4", | 191 | "code": "9.2.4", | ||
| 192 | "label": "Management of secret authentication information of users", | 192 | "label": "Management of secret authentication information of users", | ||
| 193 | "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" | 193 | "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" | ||
| 194 | }, | 194 | }, | ||
| 195 | { | 195 | { | ||
| 196 | "category": "Access control", | 196 | "category": "Access control", | ||
| 197 | "code": "9.2.5", | 197 | "code": "9.2.5", | ||
| 198 | "label": "Review of user access rights", | 198 | "label": "Review of user access rights", | ||
| 199 | "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" | 199 | "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" | ||
| 200 | }, | 200 | }, | ||
| 201 | { | 201 | { | ||
| 202 | "category": "Access control", | 202 | "category": "Access control", | ||
| 203 | "code": "9.2.6", | 203 | "code": "9.2.6", | ||
| 204 | "label": "Removal or adjustment of access rights", | 204 | "label": "Removal or adjustment of access rights", | ||
| 205 | "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" | 205 | "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" | ||
| 206 | }, | 206 | }, | ||
| 207 | { | 207 | { | ||
| 208 | "category": "Access control", | 208 | "category": "Access control", | ||
| 209 | "code": "9.3.1", | 209 | "code": "9.3.1", | ||
| 210 | "label": "Use of secret authentication information", | 210 | "label": "Use of secret authentication information", | ||
| 211 | "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" | 211 | "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" | ||
| 212 | }, | 212 | }, | ||
| 213 | { | 213 | { | ||
| 214 | "category": "Access control", | 214 | "category": "Access control", | ||
| 215 | "code": "9.4.1", | 215 | "code": "9.4.1", | ||
| 216 | "label": "Information access restriction", | 216 | "label": "Information access restriction", | ||
| 217 | "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" | 217 | "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" | ||
| 218 | }, | 218 | }, | ||
| 219 | { | 219 | { | ||
| 220 | "category": "Access control", | 220 | "category": "Access control", | ||
| 221 | "code": "9.4.2", | 221 | "code": "9.4.2", | ||
| 222 | "label": "Secure log-on procedures", | 222 | "label": "Secure log-on procedures", | ||
| 223 | "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" | 223 | "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" | ||
| 224 | }, | 224 | }, | ||
| 225 | { | 225 | { | ||
| 226 | "category": "Access control", | 226 | "category": "Access control", | ||
| 227 | "code": "9.4.3", | 227 | "code": "9.4.3", | ||
| 228 | "label": "Password management system", | 228 | "label": "Password management system", | ||
| 229 | "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" | 229 | "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" | ||
| 230 | }, | 230 | }, | ||
| 231 | { | 231 | { | ||
| 232 | "category": "Access control", | 232 | "category": "Access control", | ||
| 233 | "code": "9.4.4", | 233 | "code": "9.4.4", | ||
| 234 | "label": "Use of privileged utility programs", | 234 | "label": "Use of privileged utility programs", | ||
| 235 | "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" | 235 | "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" | ||
| 236 | }, | 236 | }, | ||
| 237 | { | 237 | { | ||
| 238 | "category": "Access control", | 238 | "category": "Access control", | ||
| 239 | "code": "9.4.5", | 239 | "code": "9.4.5", | ||
| 240 | "label": "Access control to program source code", | 240 | "label": "Access control to program source code", | ||
| 241 | "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" | 241 | "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" | ||
| 242 | }, | 242 | }, | ||
| 243 | { | 243 | { | ||
| 244 | "category": "Cryptography", | 244 | "category": "Cryptography", | ||
| 245 | "code": "10.1.1", | 245 | "code": "10.1.1", | ||
| 246 | "label": "Policy on the use of cryptographic controls", | 246 | "label": "Policy on the use of cryptographic controls", | ||
| 247 | "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" | 247 | "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" | ||
| 248 | }, | 248 | }, | ||
| 249 | { | 249 | { | ||
| 250 | "category": "Cryptography", | 250 | "category": "Cryptography", | ||
| 251 | "code": "10.1.2", | 251 | "code": "10.1.2", | ||
| 252 | "label": "Key management", | 252 | "label": "Key management", | ||
| 253 | "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" | 253 | "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" | ||
| 254 | }, | 254 | }, | ||
| 255 | { | 255 | { | ||
| 256 | "category": "Physical and environmental security", | 256 | "category": "Physical and environmental security", | ||
| 257 | "code": "11.1.1", | 257 | "code": "11.1.1", | ||
| 258 | "label": "Physical security perimeter", | 258 | "label": "Physical security perimeter", | ||
| 259 | "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" | 259 | "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" | ||
| 260 | }, | 260 | }, | ||
| 261 | { | 261 | { | ||
| 262 | "category": "Physical and environmental security", | 262 | "category": "Physical and environmental security", | ||
| 263 | "code": "11.1.2", | 263 | "code": "11.1.2", | ||
| 264 | "label": "Physical entry controls", | 264 | "label": "Physical entry controls", | ||
| 265 | "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" | 265 | "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" | ||
| 266 | }, | 266 | }, | ||
| 267 | { | 267 | { | ||
| 268 | "category": "Physical and environmental security", | 268 | "category": "Physical and environmental security", | ||
| 269 | "code": "11.1.3", | 269 | "code": "11.1.3", | ||
| 270 | "label": "Securing offices, rooms and facilities", | 270 | "label": "Securing offices, rooms and facilities", | ||
| 271 | "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" | 271 | "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" | ||
| 272 | }, | 272 | }, | ||
| 273 | { | 273 | { | ||
| 274 | "category": "Physical and environmental security", | 274 | "category": "Physical and environmental security", | ||
| 275 | "code": "11.1.4", | 275 | "code": "11.1.4", | ||
| 276 | "label": "Protecting against external and environmental attacks", | 276 | "label": "Protecting against external and environmental attacks", | ||
| 277 | "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" | 277 | "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" | ||
| 278 | }, | 278 | }, | ||
| 279 | { | 279 | { | ||
| 280 | "category": "Physical and environmental security", | 280 | "category": "Physical and environmental security", | ||
| 281 | "code": "11.1.5", | 281 | "code": "11.1.5", | ||
| 282 | "label": "Working in secure areas", | 282 | "label": "Working in secure areas", | ||
| 283 | "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" | 283 | "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" | ||
| 284 | }, | 284 | }, | ||
| 285 | { | 285 | { | ||
| 286 | "category": "Physical and environmental security", | 286 | "category": "Physical and environmental security", | ||
| 287 | "code": "11.1.6", | 287 | "code": "11.1.6", | ||
| 288 | "label": "Delivery and loading areas", | 288 | "label": "Delivery and loading areas", | ||
| 289 | "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" | 289 | "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" | ||
| 290 | }, | 290 | }, | ||
| 291 | { | 291 | { | ||
| 292 | "category": "Physical and environmental security", | 292 | "category": "Physical and environmental security", | ||
| 293 | "code": "11.2.1", | 293 | "code": "11.2.1", | ||
| 294 | "label": "Equipment siting and protection", | 294 | "label": "Equipment siting and protection", | ||
| 295 | "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" | 295 | "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" | ||
| 296 | }, | 296 | }, | ||
| 297 | { | 297 | { | ||
| 298 | "category": "Physical and environmental security", | 298 | "category": "Physical and environmental security", | ||
| 299 | "code": "11.2.2", | 299 | "code": "11.2.2", | ||
| 300 | "label": "Supporting utilities", | 300 | "label": "Supporting utilities", | ||
| 301 | "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" | 301 | "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" | ||
| 302 | }, | 302 | }, | ||
| 303 | { | 303 | { | ||
| 304 | "category": "Physical and environmental security", | 304 | "category": "Physical and environmental security", | ||
| 305 | "code": "11.2.3", | 305 | "code": "11.2.3", | ||
| 306 | "label": "Cabling Security", | 306 | "label": "Cabling Security", | ||
| 307 | "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" | 307 | "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" | ||
| 308 | }, | 308 | }, | ||
| 309 | { | 309 | { | ||
| 310 | "category": "Physical and environmental security", | 310 | "category": "Physical and environmental security", | ||
| 311 | "code": "11.2.4", | 311 | "code": "11.2.4", | ||
| 312 | "label": "Equipment maintenance", | 312 | "label": "Equipment maintenance", | ||
| 313 | "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" | 313 | "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" | ||
| 314 | }, | 314 | }, | ||
| 315 | { | 315 | { | ||
| 316 | "category": "Physical and environmental security", | 316 | "category": "Physical and environmental security", | ||
| 317 | "code": "11.2.5", | 317 | "code": "11.2.5", | ||
| 318 | "label": "Security of equipment off-premises", | 318 | "label": "Security of equipment off-premises", | ||
| 319 | "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" | 319 | "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" | ||
| 320 | }, | 320 | }, | ||
| 321 | { | 321 | { | ||
| 322 | "category": "Physical and environmental security", | 322 | "category": "Physical and environmental security", | ||
| 323 | "code": "11.2.6", | 323 | "code": "11.2.6", | ||
| 324 | "label": "Security of equipment and assets off-premises", | 324 | "label": "Security of equipment and assets off-premises", | ||
| 325 | "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" | 325 | "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" | ||
| 326 | }, | 326 | }, | ||
| 327 | { | 327 | { | ||
| 328 | "category": "Physical and environmental security", | 328 | "category": "Physical and environmental security", | ||
| 329 | "code": "11.2.7", | 329 | "code": "11.2.7", | ||
| 330 | "label": "Secure disposal or re-use of equipment", | 330 | "label": "Secure disposal or re-use of equipment", | ||
| 331 | "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" | 331 | "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" | ||
| 332 | }, | 332 | }, | ||
| 333 | { | 333 | { | ||
| 334 | "category": "Physical and environmental security", | 334 | "category": "Physical and environmental security", | ||
| 335 | "code": "11.2.8", | 335 | "code": "11.2.8", | ||
| 336 | "label": "Unattended user equipment", | 336 | "label": "Unattended user equipment", | ||
| 337 | "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" | 337 | "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" | ||
| 338 | }, | 338 | }, | ||
| 339 | { | 339 | { | ||
| 340 | "category": "Physical and environmental security", | 340 | "category": "Physical and environmental security", | ||
| 341 | "code": "11.2.9", | 341 | "code": "11.2.9", | ||
| 342 | "label": "Clear desk and clear screen policy", | 342 | "label": "Clear desk and clear screen policy", | ||
| 343 | "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" | 343 | "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" | ||
| 344 | }, | 344 | }, | ||
| 345 | { | 345 | { | ||
| 346 | "category": "Operations security", | 346 | "category": "Operations security", | ||
| 347 | "code": "12.1.1", | 347 | "code": "12.1.1", | ||
| 348 | "label": "Documented operating procedures", | 348 | "label": "Documented operating procedures", | ||
| 349 | "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" | 349 | "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" | ||
| 350 | }, | 350 | }, | ||
| 351 | { | 351 | { | ||
| 352 | "category": "Operations security", | 352 | "category": "Operations security", | ||
| 353 | "code": "12.1.2", | 353 | "code": "12.1.2", | ||
| 354 | "label": "Change management", | 354 | "label": "Change management", | ||
| 355 | "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" | 355 | "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" | ||
| 356 | }, | 356 | }, | ||
| 357 | { | 357 | { | ||
| 358 | "category": "Operations security", | 358 | "category": "Operations security", | ||
| 359 | "code": "12.1.3", | 359 | "code": "12.1.3", | ||
| 360 | "label": "Capacity management", | 360 | "label": "Capacity management", | ||
| 361 | "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" | 361 | "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" | ||
| 362 | }, | 362 | }, | ||
| 363 | { | 363 | { | ||
| 364 | "category": "Operations security", | 364 | "category": "Operations security", | ||
| 365 | "code": "12.1.4", | 365 | "code": "12.1.4", | ||
| 366 | "label": "Separation of development, testing and operational environments", | 366 | "label": "Separation of development, testing and operational environments", | ||
| 367 | "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" | 367 | "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" | ||
| 368 | }, | 368 | }, | ||
| 369 | { | 369 | { | ||
| 370 | "category": "Operations security", | 370 | "category": "Operations security", | ||
| 371 | "code": "12.2.1", | 371 | "code": "12.2.1", | ||
| 372 | "label": "Controls against malicious code", | 372 | "label": "Controls against malicious code", | ||
| 373 | "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" | 373 | "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" | ||
| 374 | }, | 374 | }, | ||
| 375 | { | 375 | { | ||
| 376 | "category": "Operations security", | 376 | "category": "Operations security", | ||
| 377 | "code": "12.3.1", | 377 | "code": "12.3.1", | ||
| 378 | "label": "Information Backup", | 378 | "label": "Information Backup", | ||
| 379 | "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" | 379 | "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" | ||
| 380 | }, | 380 | }, | ||
| 381 | { | 381 | { | ||
| 382 | "category": "Operations security", | 382 | "category": "Operations security", | ||
| 383 | "code": "12.4.1", | 383 | "code": "12.4.1", | ||
| 384 | "label": "Event logging", | 384 | "label": "Event logging", | ||
| 385 | "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" | 385 | "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" | ||
| 386 | }, | 386 | }, | ||
| 387 | { | 387 | { | ||
| 388 | "category": "Operations security", | 388 | "category": "Operations security", | ||
| 389 | "code": "12.4.2", | 389 | "code": "12.4.2", | ||
| 390 | "label": "Protection of log information", | 390 | "label": "Protection of log information", | ||
| 391 | "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" | 391 | "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" | ||
| 392 | }, | 392 | }, | ||
| 393 | { | 393 | { | ||
| 394 | "category": "Operations security", | 394 | "category": "Operations security", | ||
| 395 | "code": "12.4.3", | 395 | "code": "12.4.3", | ||
| 396 | "label": "Administrator and operator logs", | 396 | "label": "Administrator and operator logs", | ||
| 397 | "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" | 397 | "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" | ||
| 398 | }, | 398 | }, | ||
| 399 | { | 399 | { | ||
| 400 | "category": "Operations security", | 400 | "category": "Operations security", | ||
| 401 | "code": "12.4.4", | 401 | "code": "12.4.4", | ||
| 402 | "label": "Clock synchronisation", | 402 | "label": "Clock synchronisation", | ||
| 403 | "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" | 403 | "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" | ||
| 404 | }, | 404 | }, | ||
| 405 | { | 405 | { | ||
| 406 | "category": "Operations security", | 406 | "category": "Operations security", | ||
| 407 | "code": "12.5.1", | 407 | "code": "12.5.1", | ||
| 408 | "label": "Installation of software on operational systems", | 408 | "label": "Installation of software on operational systems", | ||
| 409 | "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" | 409 | "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" | ||
| 410 | }, | 410 | }, | ||
| 411 | { | 411 | { | ||
| 412 | "category": "Operations security", | 412 | "category": "Operations security", | ||
| 413 | "code": "12.6.1", | 413 | "code": "12.6.1", | ||
| 414 | "label": "Management of technical vulnerabilities", | 414 | "label": "Management of technical vulnerabilities", | ||
| 415 | "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" | 415 | "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" | ||
| 416 | }, | 416 | }, | ||
| 417 | { | 417 | { | ||
| 418 | "category": "Operations security", | 418 | "category": "Operations security", | ||
| 419 | "code": "12.6.2", | 419 | "code": "12.6.2", | ||
| 420 | "label": "Restrictions on software installation", | 420 | "label": "Restrictions on software installation", | ||
| 421 | "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" | 421 | "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" | ||
| 422 | }, | 422 | }, | ||
| 423 | { | 423 | { | ||
| 424 | "category": "Operations security", | 424 | "category": "Operations security", | ||
| 425 | "code": "12.7.1", | 425 | "code": "12.7.1", | ||
| 426 | "label": "Information systems audit controls", | 426 | "label": "Information systems audit controls", | ||
| 427 | "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" | 427 | "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" | ||
| 428 | }, | 428 | }, | ||
| 429 | { | 429 | { | ||
| 430 | "category": "Communications security", | 430 | "category": "Communications security", | ||
| 431 | "code": "13.1.1", | 431 | "code": "13.1.1", | ||
| 432 | "label": "Network controls", | 432 | "label": "Network controls", | ||
| 433 | "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" | 433 | "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" | ||
| 434 | }, | 434 | }, | ||
| 435 | { | 435 | { | ||
| 436 | "category": "Communications security", | 436 | "category": "Communications security", | ||
| 437 | "code": "13.1.2", | 437 | "code": "13.1.2", | ||
| 438 | "label": "Security of network services", | 438 | "label": "Security of network services", | ||
| 439 | "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" | 439 | "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" | ||
| 440 | }, | 440 | }, | ||
| 441 | { | 441 | { | ||
| 442 | "category": "Communications security", | 442 | "category": "Communications security", | ||
| 443 | "code": "13.1.3", | 443 | "code": "13.1.3", | ||
| 444 | "label": "Segregation in networks", | 444 | "label": "Segregation in networks", | ||
| 445 | "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" | 445 | "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" | ||
| 446 | }, | 446 | }, | ||
| 447 | { | 447 | { | ||
| 448 | "category": "Communications security", | 448 | "category": "Communications security", | ||
| 449 | "code": "13.2.1", | 449 | "code": "13.2.1", | ||
| 450 | "label": "Information transfer policies and procedures", | 450 | "label": "Information transfer policies and procedures", | ||
| 451 | "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" | 451 | "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" | ||
| 452 | }, | 452 | }, | ||
| 453 | { | 453 | { | ||
| 454 | "category": "Communications security", | 454 | "category": "Communications security", | ||
| 455 | "code": "13.2.2", | 455 | "code": "13.2.2", | ||
| 456 | "label": "Agreements on information transfer", | 456 | "label": "Agreements on information transfer", | ||
| 457 | "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" | 457 | "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" | ||
| 458 | }, | 458 | }, | ||
| 459 | { | 459 | { | ||
| 460 | "category": "Communications security", | 460 | "category": "Communications security", | ||
| 461 | "code": "13.2.3", | 461 | "code": "13.2.3", | ||
| 462 | "label": "Electronic messaging", | 462 | "label": "Electronic messaging", | ||
| 463 | "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" | 463 | "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" | ||
| 464 | }, | 464 | }, | ||
| 465 | { | 465 | { | ||
| 466 | "category": "Communications security", | 466 | "category": "Communications security", | ||
| 467 | "code": "13.2.4", | 467 | "code": "13.2.4", | ||
| 468 | "label": "Confidentiality or non-disclosure agreements", | 468 | "label": "Confidentiality or non-disclosure agreements", | ||
| 469 | "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" | 469 | "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" | ||
| 470 | }, | 470 | }, | ||
| 471 | { | 471 | { | ||
| 472 | "category": "System acquisition, development and maintenance", | 472 | "category": "System acquisition, development and maintenance", | ||
| 473 | "code": "14.1.1", | 473 | "code": "14.1.1", | ||
| 474 | "label": "Information security requirements analysis and specification", | 474 | "label": "Information security requirements analysis and specification", | ||
| 475 | "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" | 475 | "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" | ||
| 476 | }, | 476 | }, | ||
| 477 | { | 477 | { | ||
| 478 | "category": "System acquisition, development and maintenance", | 478 | "category": "System acquisition, development and maintenance", | ||
| 479 | "code": "14.1.2", | 479 | "code": "14.1.2", | ||
| 480 | "label": "Securing application services on public networks", | 480 | "label": "Securing application services on public networks", | ||
| 481 | "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" | 481 | "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" | ||
| 482 | }, | 482 | }, | ||
| 483 | { | 483 | { | ||
| 484 | "category": "System acquisition, development and maintenance", | 484 | "category": "System acquisition, development and maintenance", | ||
| 485 | "code": "14.1.3", | 485 | "code": "14.1.3", | ||
| 486 | "label": "Protecting application services transactions", | 486 | "label": "Protecting application services transactions", | ||
| 487 | "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" | 487 | "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" | ||
| 488 | }, | 488 | }, | ||
| 489 | { | 489 | { | ||
| 490 | "category": "System acquisition, development and maintenance", | 490 | "category": "System acquisition, development and maintenance", | ||
| 491 | "code": "14.2.1", | 491 | "code": "14.2.1", | ||
| 492 | "label": "Secure development policy", | 492 | "label": "Secure development policy", | ||
| 493 | "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" | 493 | "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" | ||
| 494 | }, | 494 | }, | ||
| 495 | { | 495 | { | ||
| 496 | "category": "System acquisition, development and maintenance", | 496 | "category": "System acquisition, development and maintenance", | ||
| 497 | "code": "14.2.2", | 497 | "code": "14.2.2", | ||
| 498 | "label": "System change control procedures", | 498 | "label": "System change control procedures", | ||
| 499 | "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" | 499 | "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" | ||
| 500 | }, | 500 | }, | ||
| 501 | { | 501 | { | ||
| 502 | "category": "System acquisition, development and maintenance", | 502 | "category": "System acquisition, development and maintenance", | ||
| 503 | "code": "14.2.3", | 503 | "code": "14.2.3", | ||
| 504 | "label": "Technical review of applications after operating platform changes", | 504 | "label": "Technical review of applications after operating platform changes", | ||
| 505 | "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" | 505 | "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" | ||
| 506 | }, | 506 | }, | ||
| 507 | { | 507 | { | ||
| 508 | "category": "System acquisition, development and maintenance", | 508 | "category": "System acquisition, development and maintenance", | ||
| 509 | "code": "14.2.4", | 509 | "code": "14.2.4", | ||
| 510 | "label": "Restrictions on changes to software packages", | 510 | "label": "Restrictions on changes to software packages", | ||
| 511 | "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" | 511 | "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" | ||
| 512 | }, | 512 | }, | ||
| 513 | { | 513 | { | ||
| 514 | "category": "System acquisition, development and maintenance", | 514 | "category": "System acquisition, development and maintenance", | ||
| 515 | "code": "14.2.5", | 515 | "code": "14.2.5", | ||
| 516 | "label": "Secure system engineering principles", | 516 | "label": "Secure system engineering principles", | ||
| 517 | "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" | 517 | "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" | ||
| 518 | }, | 518 | }, | ||
| 519 | { | 519 | { | ||
| 520 | "category": "System acquisition, development and maintenance", | 520 | "category": "System acquisition, development and maintenance", | ||
| 521 | "code": "14.2.6", | 521 | "code": "14.2.6", | ||
| 522 | "label": "Secure development environment", | 522 | "label": "Secure development environment", | ||
| 523 | "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" | 523 | "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" | ||
| 524 | }, | 524 | }, | ||
| 525 | { | 525 | { | ||
| 526 | "category": "System acquisition, development and maintenance", | 526 | "category": "System acquisition, development and maintenance", | ||
| 527 | "code": "14.2.7", | 527 | "code": "14.2.7", | ||
| 528 | "label": "Outsourced software development", | 528 | "label": "Outsourced software development", | ||
| 529 | "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" | 529 | "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" | ||
| 530 | }, | 530 | }, | ||
| 531 | { | 531 | { | ||
| 532 | "category": "System acquisition, development and maintenance", | 532 | "category": "System acquisition, development and maintenance", | ||
| 533 | "code": "14.2.8", | 533 | "code": "14.2.8", | ||
| 534 | "label": "System security testing", | 534 | "label": "System security testing", | ||
| 535 | "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" | 535 | "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" | ||
| 536 | }, | 536 | }, | ||
| 537 | { | 537 | { | ||
| 538 | "category": "System acquisition, development and maintenance", | 538 | "category": "System acquisition, development and maintenance", | ||
| 539 | "code": "14.2.9", | 539 | "code": "14.2.9", | ||
| 540 | "label": "System acceptance testing", | 540 | "label": "System acceptance testing", | ||
| 541 | "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" | 541 | "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" | ||
| 542 | }, | 542 | }, | ||
| 543 | { | 543 | { | ||
| 544 | "category": "System acquisition, development and maintenance", | 544 | "category": "System acquisition, development and maintenance", | ||
| 545 | "code": "14.3.1", | 545 | "code": "14.3.1", | ||
| 546 | "label": "Protection of test data", | 546 | "label": "Protection of test data", | ||
| 547 | "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" | 547 | "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" | ||
| 548 | }, | 548 | }, | ||
| 549 | { | 549 | { | ||
| 550 | "category": "Supplier relationships", | 550 | "category": "Supplier relationships", | ||
| 551 | "code": "15.1.1", | 551 | "code": "15.1.1", | ||
| 552 | "label": "Information security policy for supplier relationships", | 552 | "label": "Information security policy for supplier relationships", | ||
| 553 | "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" | 553 | "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" | ||
| 554 | }, | 554 | }, | ||
| 555 | { | 555 | { | ||
| 556 | "category": "Supplier relationships", | 556 | "category": "Supplier relationships", | ||
| 557 | "code": "15.1.2", | 557 | "code": "15.1.2", | ||
| 558 | "label": "Addressing security within supplier agreements", | 558 | "label": "Addressing security within supplier agreements", | ||
| 559 | "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" | 559 | "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" | ||
| 560 | }, | 560 | }, | ||
| 561 | { | 561 | { | ||
| 562 | "category": "Supplier relationships", | 562 | "category": "Supplier relationships", | ||
| 563 | "code": "15.1.3", | 563 | "code": "15.1.3", | ||
| 564 | "label": "Informaiton and communication technology supply chain", | 564 | "label": "Informaiton and communication technology supply chain", | ||
| 565 | "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" | 565 | "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" | ||
| 566 | }, | 566 | }, | ||
| 567 | { | 567 | { | ||
| 568 | "category": "Supplier relationships", | 568 | "category": "Supplier relationships", | ||
| 569 | "code": "15.2.1", | 569 | "code": "15.2.1", | ||
| 570 | "label": "Monitoring and review of supplier services", | 570 | "label": "Monitoring and review of supplier services", | ||
| 571 | "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" | 571 | "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" | ||
| 572 | }, | 572 | }, | ||
| 573 | { | 573 | { | ||
| 574 | "category": "Supplier relationships", | 574 | "category": "Supplier relationships", | ||
| 575 | "code": "15.2.2", | 575 | "code": "15.2.2", | ||
| 576 | "label": "Managing changes to supplier services", | 576 | "label": "Managing changes to supplier services", | ||
| 577 | "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" | 577 | "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" | ||
| 578 | }, | 578 | }, | ||
| 579 | { | 579 | { | ||
| 580 | "category": "information security incident management", | 580 | "category": "information security incident management", | ||
| 581 | "code": "16.1.1", | 581 | "code": "16.1.1", | ||
| 582 | "label": "Responsibilities and procedures", | 582 | "label": "Responsibilities and procedures", | ||
| 583 | "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" | 583 | "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" | ||
| 584 | }, | 584 | }, | ||
| 585 | { | 585 | { | ||
| 586 | "category": "information security incident management", | 586 | "category": "information security incident management", | ||
| 587 | "code": "16.1.2", | 587 | "code": "16.1.2", | ||
| 588 | "label": "Reporting information security events", | 588 | "label": "Reporting information security events", | ||
| 589 | "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" | 589 | "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" | ||
| 590 | }, | 590 | }, | ||
| 591 | { | 591 | { | ||
| 592 | "category": "information security incident management", | 592 | "category": "information security incident management", | ||
| 593 | "code": "16.1.3", | 593 | "code": "16.1.3", | ||
| 594 | "label": "Reporting information security weaknesses", | 594 | "label": "Reporting information security weaknesses", | ||
| 595 | "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" | 595 | "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" | ||
| 596 | }, | 596 | }, | ||
| 597 | { | 597 | { | ||
| 598 | "category": "information security incident management", | 598 | "category": "information security incident management", | ||
| 599 | "code": "16.1.4", | 599 | "code": "16.1.4", | ||
| 600 | "label": "Assessment of and decision on information security events", | 600 | "label": "Assessment of and decision on information security events", | ||
| 601 | "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" | 601 | "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" | ||
| 602 | }, | 602 | }, | ||
| 603 | { | 603 | { | ||
| 604 | "category": "information security incident management", | 604 | "category": "information security incident management", | ||
| 605 | "code": "16.1.5", | 605 | "code": "16.1.5", | ||
| 606 | "label": "Response in information security incidents", | 606 | "label": "Response in information security incidents", | ||
| 607 | "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" | 607 | "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" | ||
| 608 | }, | 608 | }, | ||
| 609 | { | 609 | { | ||
| 610 | "category": "information security incident management", | 610 | "category": "information security incident management", | ||
| 611 | "code": "16.1.6", | 611 | "code": "16.1.6", | ||
| 612 | "label": "Learning from information security incidents", | 612 | "label": "Learning from information security incidents", | ||
| 613 | "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" | 613 | "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" | ||
| 614 | }, | 614 | }, | ||
| 615 | { | 615 | { | ||
| 616 | "category": "information security incident management", | 616 | "category": "information security incident management", | ||
| 617 | "code": "16.1.7", | 617 | "code": "16.1.7", | ||
| 618 | "label": "Collection of evidence", | 618 | "label": "Collection of evidence", | ||
| 619 | "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" | 619 | "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" | ||
| 620 | }, | 620 | }, | ||
| 621 | { | 621 | { | ||
| 622 | "category": "Information security aspects of business continuity management", | 622 | "category": "Information security aspects of business continuity management", | ||
| 623 | "code": "17.1.1", | 623 | "code": "17.1.1", | ||
| 624 | "label": "Planning information security continuity", | 624 | "label": "Planning information security continuity", | ||
| 625 | "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" | 625 | "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" | ||
| 626 | }, | 626 | }, | ||
| 627 | { | 627 | { | ||
| 628 | "category": "Information security aspects of business continuity management", | 628 | "category": "Information security aspects of business continuity management", | ||
| 629 | "code": "17.1.2", | 629 | "code": "17.1.2", | ||
| 630 | "label": "Implementing information security continuity", | 630 | "label": "Implementing information security continuity", | ||
| 631 | "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" | 631 | "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" | ||
| 632 | }, | 632 | }, | ||
| 633 | { | 633 | { | ||
| 634 | "category": "Information security aspects of business continuity management", | 634 | "category": "Information security aspects of business continuity management", | ||
| 635 | "code": "17.1.3", | 635 | "code": "17.1.3", | ||
| 636 | "label": "Verify, review and evaluate information security continuity", | 636 | "label": "Verify, review and evaluate information security continuity", | ||
| 637 | "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" | 637 | "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" | ||
| 638 | }, | 638 | }, | ||
| 639 | { | 639 | { | ||
| 640 | "category": "Information security aspects of business continuity management", | 640 | "category": "Information security aspects of business continuity management", | ||
| 641 | "code": "17.2.1", | 641 | "code": "17.2.1", | ||
| 642 | "label": "Availability of information processing facilities", | 642 | "label": "Availability of information processing facilities", | ||
| 643 | "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" | 643 | "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" | ||
| 644 | }, | 644 | }, | ||
| 645 | { | 645 | { | ||
| 646 | "category": "Compliance", | 646 | "category": "Compliance", | ||
| 647 | "code": "18.1.1", | 647 | "code": "18.1.1", | ||
| 648 | "label": "Identification of applicable legislation", | 648 | "label": "Identification of applicable legislation", | ||
| 649 | "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" | 649 | "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" | ||
| 650 | }, | 650 | }, | ||
| 651 | { | 651 | { | ||
| 652 | "category": "Compliance", | 652 | "category": "Compliance", | ||
| 653 | "code": "18.1.2", | 653 | "code": "18.1.2", | ||
| 654 | "label": "Intellectual Property Rights", | 654 | "label": "Intellectual Property Rights", | ||
| 655 | "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" | 655 | "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" | ||
| 656 | }, | 656 | }, | ||
| 657 | { | 657 | { | ||
| 658 | "category": "Compliance", | 658 | "category": "Compliance", | ||
| 659 | "code": "18.1.3", | 659 | "code": "18.1.3", | ||
| 660 | "label": "Protection of records", | 660 | "label": "Protection of records", | ||
| 661 | "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" | 661 | "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" | ||
| 662 | }, | 662 | }, | ||
| 663 | { | 663 | { | ||
| 664 | "category": "Compliance", | 664 | "category": "Compliance", | ||
| 665 | "code": "18.1.4", | 665 | "code": "18.1.4", | ||
| 666 | "label": "Privacy and protection of personally identifiable information", | 666 | "label": "Privacy and protection of personally identifiable information", | ||
| 667 | "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" | 667 | "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" | ||
| 668 | }, | 668 | }, | ||
| 669 | { | 669 | { | ||
| 670 | "category": "Compliance", | 670 | "category": "Compliance", | ||
| 671 | "code": "18.1.5", | 671 | "code": "18.1.5", | ||
| 672 | "label": "Regulation of cryptographic controls", | 672 | "label": "Regulation of cryptographic controls", | ||
| 673 | "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" | 673 | "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" | ||
| 674 | }, | 674 | }, | ||
| 675 | { | 675 | { | ||
| 676 | "category": "Compliance", | 676 | "category": "Compliance", | ||
| 677 | "code": "18.2.1", | 677 | "code": "18.2.1", | ||
| 678 | "label": "Independent review of information security", | 678 | "label": "Independent review of information security", | ||
| 679 | "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" | 679 | "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" | ||
| 680 | }, | 680 | }, | ||
| 681 | { | 681 | { | ||
| 682 | "category": "Compliance", | 682 | "category": "Compliance", | ||
| 683 | "code": "18.2.2", | 683 | "code": "18.2.2", | ||
| 684 | "label": "Compliance with security policies and standards", | 684 | "label": "Compliance with security policies and standards", | ||
| 685 | "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" | 685 | "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" | ||
| 686 | }, | 686 | }, | ||
| 687 | { | 687 | { | ||
| 688 | "category": "Compliance", | 688 | "category": "Compliance", | ||
| 689 | "code": "18.2.3", | 689 | "code": "18.2.3", | ||
| 690 | "label": "Technical compliance review", | 690 | "label": "Technical compliance review", | ||
| 691 | "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" | 691 | "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" | ||
| 692 | } | 692 | } | ||
| 693 | ], | 693 | ], | ||
| 694 | "version": 1, | 694 | "version": 1, | ||
| 695 | "version_ext": "ISO/IEC 27002:2013" | 695 | "version_ext": "ISO/IEC 27002:2013" | ||
| 696 | } | 696 | } |