Date: Feb 21, 2022, 11:43:37 AM
Date: Feb 21, 2022, 11:44:03 AM
Editor: Juan
Editor: Juan
Name: ISO/IEC 27002 [2013]
Name: ISO/IEC 27002 [2022]
Description: ISO/IEC 27002:2013 controls
Description: ISO/IEC 27002:2022 controls

t1{t1{
2    "label": "ISO/IEC 27002 [2013]",2    "label": "ISO/IEC 27002 [2013]",
3    "language": "EN",3    "language": "EN",
4    "refs": [4    "refs": [
5        "https://www.iso.org/standard/54533.html"5        "https://www.iso.org/standard/54533.html"
6    ],6    ],
7    "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",7    "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
8    "values": [8    "values": [
9        {9        {
10            "category": "Information security policies",10            "category": "Information security policies",
11            "code": "5.1.1",11            "code": "5.1.1",
12            "label": "Policies for information security",12            "label": "Policies for information security",
13            "uuid": "267fc596-f705-11e8-b555-0800279aaa2b"13            "uuid": "267fc596-f705-11e8-b555-0800279aaa2b"
14        },14        },
15        {15        {
16            "category": "Information security policies",16            "category": "Information security policies",
17            "code": "5.1.2",17            "code": "5.1.2",
18            "label": "Review of the policies for information security",18            "label": "Review of the policies for information security",
19            "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b"19            "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b"
20        },20        },
21        {21        {
22            "category": "Organization of information security",22            "category": "Organization of information security",
23            "code": "6.1.1",23            "code": "6.1.1",
24            "label": "Information security roles and responsibilities",24            "label": "Information security roles and responsibilities",
25            "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b"25            "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b"
26        },26        },
27        {27        {
28            "category": "Organization of information security",28            "category": "Organization of information security",
29            "code": "6.1.2",29            "code": "6.1.2",
30            "label": "Segregation of duties",30            "label": "Segregation of duties",
31            "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b"31            "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b"
32        },32        },
33        {33        {
34            "category": "Organization of information security",34            "category": "Organization of information security",
35            "code": "6.1.3",35            "code": "6.1.3",
36            "label": "Contact with authorities",36            "label": "Contact with authorities",
37            "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b"37            "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b"
38        },38        },
39        {39        {
40            "category": "Organization of information security",40            "category": "Organization of information security",
41            "code": "6.1.4",41            "code": "6.1.4",
42            "label": "Contact with special interest groups",42            "label": "Contact with special interest groups",
43            "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b"43            "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b"
44        },44        },
45        {45        {
46            "category": "Organization of information security",46            "category": "Organization of information security",
47            "code": "6.1.5",47            "code": "6.1.5",
48            "label": "Information Security in Project Management",48            "label": "Information Security in Project Management",
49            "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b"49            "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b"
50        },50        },
51        {51        {
52            "category": "Organization of information security",52            "category": "Organization of information security",
53            "code": "6.2.1",53            "code": "6.2.1",
54            "label": "Mobile device policy",54            "label": "Mobile device policy",
55            "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b"55            "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b"
56        },56        },
57        {57        {
58            "category": "Organization of information security",58            "category": "Organization of information security",
59            "code": "6.2.2",59            "code": "6.2.2",
60            "label": "Teleworking",60            "label": "Teleworking",
61            "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b"61            "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b"
62        },62        },
63        {63        {
64            "category": "Human resource security",64            "category": "Human resource security",
65            "code": "7.1.1",65            "code": "7.1.1",
66            "label": "Screening",66            "label": "Screening",
67            "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b"67            "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b"
68        },68        },
69        {69        {
70            "category": "Human resource security",70            "category": "Human resource security",
71            "code": "7.1.2",71            "code": "7.1.2",
72            "label": "Terms and conditions of employment",72            "label": "Terms and conditions of employment",
73            "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b"73            "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b"
74        },74        },
75        {75        {
76            "category": "Human resource security",76            "category": "Human resource security",
77            "code": "7.2.1",77            "code": "7.2.1",
78            "label": "Management responsibilities",78            "label": "Management responsibilities",
79            "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b"79            "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b"
80        },80        },
81        {81        {
82            "category": "Human resource security",82            "category": "Human resource security",
83            "code": "7.2.2",83            "code": "7.2.2",
84            "label": "Information security awareness, education and training",84            "label": "Information security awareness, education and training",
85            "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b"85            "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b"
86        },86        },
87        {87        {
88            "category": "Human resource security",88            "category": "Human resource security",
89            "code": "7.2.3",89            "code": "7.2.3",
90            "label": "Disciplinary process",90            "label": "Disciplinary process",
91            "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b"91            "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b"
92        },92        },
93        {93        {
94            "category": "Human resource security",94            "category": "Human resource security",
95            "code": "7.3.1",95            "code": "7.3.1",
96            "label": "Termination or change of employment responsibilities",96            "label": "Termination or change of employment responsibilities",
97            "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b"97            "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b"
98        },98        },
99        {99        {
100            "category": "Asset management",100            "category": "Asset management",
101            "code": "8.1.1",101            "code": "8.1.1",
102            "label": "Inventory of Assets",102            "label": "Inventory of Assets",
103            "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b"103            "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b"
104        },104        },
105        {105        {
106            "category": "Asset management",106            "category": "Asset management",
107            "code": "8.1.2",107            "code": "8.1.2",
108            "label": "Ownership of assets",108            "label": "Ownership of assets",
109            "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b"109            "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b"
110        },110        },
111        {111        {
112            "category": "Asset management",112            "category": "Asset management",
113            "code": "8.1.3",113            "code": "8.1.3",
114            "label": "Acceptable use of assets",114            "label": "Acceptable use of assets",
115            "uuid": "267fc989-f705-11e8-b555-0800279aaa2b"115            "uuid": "267fc989-f705-11e8-b555-0800279aaa2b"
116        },116        },
117        {117        {
118            "category": "Asset management",118            "category": "Asset management",
119            "code": "8.1.4",119            "code": "8.1.4",
120            "label": "Return of assets",120            "label": "Return of assets",
121            "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b"121            "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b"
122        },122        },
123        {123        {
124            "category": "Asset management",124            "category": "Asset management",
125            "code": "8.2.1",125            "code": "8.2.1",
126            "label": "Classification guidelines",126            "label": "Classification guidelines",
127            "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b"127            "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b"
128        },128        },
129        {129        {
130            "category": "Asset management",130            "category": "Asset management",
131            "code": "8.2.2",131            "code": "8.2.2",
132            "label": "Labelling of information",132            "label": "Labelling of information",
133            "uuid": "267fca19-f705-11e8-b555-0800279aaa2b"133            "uuid": "267fca19-f705-11e8-b555-0800279aaa2b"
134        },134        },
135        {135        {
136            "category": "Asset management",136            "category": "Asset management",
137            "code": "8.2.3",137            "code": "8.2.3",
138            "label": "Handling of assets",138            "label": "Handling of assets",
139            "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b"139            "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b"
140        },140        },
141        {141        {
142            "category": "Asset management",142            "category": "Asset management",
143            "code": "8.3.1",143            "code": "8.3.1",
144            "label": "Management of removeable media",144            "label": "Management of removeable media",
145            "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b"145            "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b"
146        },146        },
147        {147        {
148            "category": "Asset management",148            "category": "Asset management",
149            "code": "8.3.2",149            "code": "8.3.2",
150            "label": "Disposal of media",150            "label": "Disposal of media",
151            "uuid": "267fd369-f705-11e8-b555-0800279aaa2b"151            "uuid": "267fd369-f705-11e8-b555-0800279aaa2b"
152        },152        },
153        {153        {
154            "category": "Asset management",154            "category": "Asset management",
155            "code": "8.3.3",155            "code": "8.3.3",
156            "label": "Physical Media transfer",156            "label": "Physical Media transfer",
157            "uuid": "267fd421-f705-11e8-b555-0800279aaa2b"157            "uuid": "267fd421-f705-11e8-b555-0800279aaa2b"
158        },158        },
159        {159        {
160            "category": "Access control",160            "category": "Access control",
161            "code": "9.1.1",161            "code": "9.1.1",
162            "label": "Access control policy",162            "label": "Access control policy",
163            "uuid": "267fd659-f705-11e8-b555-0800279aaa2b"163            "uuid": "267fd659-f705-11e8-b555-0800279aaa2b"
164        },164        },
165        {165        {
166            "category": "Access control",166            "category": "Access control",
167            "code": "9.1.2",167            "code": "9.1.2",
168            "label": "Access to networks and network services",168            "label": "Access to networks and network services",
169            "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b"169            "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b"
170        },170        },
171        {171        {
172            "category": "Access control",172            "category": "Access control",
173            "code": "9.2.1",173            "code": "9.2.1",
174            "label": "User registration and deregistration",174            "label": "User registration and deregistration",
175            "uuid": "267fd899-f705-11e8-b555-0800279aaa2b"175            "uuid": "267fd899-f705-11e8-b555-0800279aaa2b"
176        },176        },
177        {177        {
178            "category": "Access control",178            "category": "Access control",
179            "code": "9.2.2",179            "code": "9.2.2",
180            "label": "User access provisioning",180            "label": "User access provisioning",
181            "uuid": "267fe782-f705-11e8-b555-0800279aaa2b"181            "uuid": "267fe782-f705-11e8-b555-0800279aaa2b"
182        },182        },
183        {183        {
184            "category": "Access control",184            "category": "Access control",
185            "code": "9.2.3",185            "code": "9.2.3",
186            "label": "Management of privileged access rights",186            "label": "Management of privileged access rights",
187            "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b"187            "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b"
188        },188        },
189        {189        {
190            "category": "Access control",190            "category": "Access control",
191            "code": "9.2.4",191            "code": "9.2.4",
192            "label": "Management of secret authentication information of users",192            "label": "Management of secret authentication information of users",
193            "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b"193            "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b"
194        },194        },
195        {195        {
196            "category": "Access control",196            "category": "Access control",
197            "code": "9.2.5",197            "code": "9.2.5",
198            "label": "Review of user access rights",198            "label": "Review of user access rights",
199            "uuid": "267fd723-f705-11e8-b555-0800279aaa2b"199            "uuid": "267fd723-f705-11e8-b555-0800279aaa2b"
200        },200        },
201        {201        {
202            "category": "Access control",202            "category": "Access control",
203            "code": "9.2.6",203            "code": "9.2.6",
204            "label": "Removal or adjustment of access rights",204            "label": "Removal or adjustment of access rights",
205            "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b"205            "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b"
206        },206        },
207        {207        {
208            "category": "Access control",208            "category": "Access control",
209            "code": "9.3.1",209            "code": "9.3.1",
210            "label": "Use of secret authentication information",210            "label": "Use of secret authentication information",
211            "uuid": "267fd761-f705-11e8-b555-0800279aaa2b"211            "uuid": "267fd761-f705-11e8-b555-0800279aaa2b"
212        },212        },
213        {213        {
214            "category": "Access control",214            "category": "Access control",
215            "code": "9.4.1",215            "code": "9.4.1",
216            "label": "Information access restriction",216            "label": "Information access restriction",
217            "uuid": "267fd993-f705-11e8-b555-0800279aaa2b"217            "uuid": "267fd993-f705-11e8-b555-0800279aaa2b"
218        },218        },
219        {219        {
220            "category": "Access control",220            "category": "Access control",
221            "code": "9.4.2",221            "code": "9.4.2",
222            "label": "Secure log-on procedures",222            "label": "Secure log-on procedures",
223            "uuid": "267fd954-f705-11e8-b555-0800279aaa2b"223            "uuid": "267fd954-f705-11e8-b555-0800279aaa2b"
224        },224        },
225        {225        {
226            "category": "Access control",226            "category": "Access control",
227            "code": "9.4.3",227            "code": "9.4.3",
228            "label": "Password management system",228            "label": "Password management system",
229            "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b"229            "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b"
230        },230        },
231        {231        {
232            "category": "Access control",232            "category": "Access control",
233            "code": "9.4.4",233            "code": "9.4.4",
234            "label": "Use of privileged utility programs",234            "label": "Use of privileged utility programs",
235            "uuid": "267fd917-f705-11e8-b555-0800279aaa2b"235            "uuid": "267fd917-f705-11e8-b555-0800279aaa2b"
236        },236        },
237        {237        {
238            "category": "Access control",238            "category": "Access control",
239            "code": "9.4.5",239            "code": "9.4.5",
240            "label": "Access control to program source code",240            "label": "Access control to program source code",
241            "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b"241            "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b"
242        },242        },
243        {243        {
244            "category": "Cryptography",244            "category": "Cryptography",
245            "code": "10.1.1",245            "code": "10.1.1",
246            "label": "Policy on the use of cryptographic controls",246            "label": "Policy on the use of cryptographic controls",
247            "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b"247            "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b"
248        },248        },
249        {249        {
250            "category": "Cryptography",250            "category": "Cryptography",
251            "code": "10.1.2",251            "code": "10.1.2",
252            "label": "Key management",252            "label": "Key management",
253            "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b"253            "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b"
254        },254        },
255        {255        {
256            "category": "Physical and environmental security",256            "category": "Physical and environmental security",
257            "code": "11.1.1",257            "code": "11.1.1",
258            "label": "Physical security perimeter",258            "label": "Physical security perimeter",
259            "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b"259            "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b"
260        },260        },
261        {261        {
262            "category": "Physical and environmental security",262            "category": "Physical and environmental security",
263            "code": "11.1.2",263            "code": "11.1.2",
264            "label": "Physical entry controls",264            "label": "Physical entry controls",
265            "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b"265            "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b"
266        },266        },
267        {267        {
268            "category": "Physical and environmental security",268            "category": "Physical and environmental security",
269            "code": "11.1.3",269            "code": "11.1.3",
270            "label": "Securing offices, rooms and facilities",270            "label": "Securing offices, rooms and facilities",
271            "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b"271            "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b"
272        },272        },
273        {273        {
274            "category": "Physical and environmental security",274            "category": "Physical and environmental security",
275            "code": "11.1.4",275            "code": "11.1.4",
276            "label": "Protecting against external and environmental attacks",276            "label": "Protecting against external and environmental attacks",
277            "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b"277            "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b"
278        },278        },
279        {279        {
280            "category": "Physical and environmental security",280            "category": "Physical and environmental security",
281            "code": "11.1.5",281            "code": "11.1.5",
282            "label": "Working in secure areas",282            "label": "Working in secure areas",
283            "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b"283            "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b"
284        },284        },
285        {285        {
286            "category": "Physical and environmental security",286            "category": "Physical and environmental security",
287            "code": "11.1.6",287            "code": "11.1.6",
288            "label": "Delivery and loading areas",288            "label": "Delivery and loading areas",
289            "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b"289            "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b"
290        },290        },
291        {291        {
292            "category": "Physical and environmental security",292            "category": "Physical and environmental security",
293            "code": "11.2.1",293            "code": "11.2.1",
294            "label": "Equipment siting and protection",294            "label": "Equipment siting and protection",
295            "uuid": "267fce44-f705-11e8-b555-0800279aaa2b"295            "uuid": "267fce44-f705-11e8-b555-0800279aaa2b"
296        },296        },
297        {297        {
298            "category": "Physical and environmental security",298            "category": "Physical and environmental security",
299            "code": "11.2.2",299            "code": "11.2.2",
300            "label": "Supporting utilities",300            "label": "Supporting utilities",
301            "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b"301            "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b"
302        },302        },
303        {303        {
304            "category": "Physical and environmental security",304            "category": "Physical and environmental security",
305            "code": "11.2.3",305            "code": "11.2.3",
306            "label": "Cabling Security",306            "label": "Cabling Security",
307            "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b"307            "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b"
308        },308        },
309        {309        {
310            "category": "Physical and environmental security",310            "category": "Physical and environmental security",
311            "code": "11.2.4",311            "code": "11.2.4",
312            "label": "Equipment maintenance",312            "label": "Equipment maintenance",
313            "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b"313            "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b"
314        },314        },
315        {315        {
316            "category": "Physical and environmental security",316            "category": "Physical and environmental security",
317            "code": "11.2.5",317            "code": "11.2.5",
318            "label": "Security of equipment off-premises",318            "label": "Security of equipment off-premises",
319            "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b"319            "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b"
320        },320        },
321        {321        {
322            "category": "Physical and environmental security",322            "category": "Physical and environmental security",
323            "code": "11.2.6",323            "code": "11.2.6",
324            "label": "Security of equipment and assets off-premises",324            "label": "Security of equipment and assets off-premises",
325            "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b"325            "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b"
326        },326        },
327        {327        {
328            "category": "Physical and environmental security",328            "category": "Physical and environmental security",
329            "code": "11.2.7",329            "code": "11.2.7",
330            "label": "Secure disposal or re-use of equipment",330            "label": "Secure disposal or re-use of equipment",
331            "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b"331            "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b"
332        },332        },
333        {333        {
334            "category": "Physical and environmental security",334            "category": "Physical and environmental security",
335            "code": "11.2.8",335            "code": "11.2.8",
336            "label": "Unattended user equipment",336            "label": "Unattended user equipment",
337            "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b"337            "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b"
338        },338        },
339        {339        {
340            "category": "Physical and environmental security",340            "category": "Physical and environmental security",
341            "code": "11.2.9",341            "code": "11.2.9",
342            "label": "Clear desk and clear screen policy",342            "label": "Clear desk and clear screen policy",
343            "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b"343            "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b"
344        },344        },
345        {345        {
346            "category": "Operations security",346            "category": "Operations security",
347            "code": "12.1.1",347            "code": "12.1.1",
348            "label": "Documented operating procedures",348            "label": "Documented operating procedures",
349            "uuid": "267fd029-f705-11e8-b555-0800279aaa2b"349            "uuid": "267fd029-f705-11e8-b555-0800279aaa2b"
350        },350        },
351        {351        {
352            "category": "Operations security",352            "category": "Operations security",
353            "code": "12.1.2",353            "code": "12.1.2",
354            "label": "Change management",354            "label": "Change management",
355            "uuid": "267fd073-f705-11e8-b555-0800279aaa2b"355            "uuid": "267fd073-f705-11e8-b555-0800279aaa2b"
356        },356        },
357        {357        {
358            "category": "Operations security",358            "category": "Operations security",
359            "code": "12.1.3",359            "code": "12.1.3",
360            "label": "Capacity management",360            "label": "Capacity management",
361            "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b"361            "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b"
362        },362        },
363        {363        {
364            "category": "Operations security",364            "category": "Operations security",
365            "code": "12.1.4",365            "code": "12.1.4",
366            "label": "Separation of development, testing and operational environments",366            "label": "Separation of development, testing and operational environments",
367            "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b"367            "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b"
368        },368        },
369        {369        {
370            "category": "Operations security",370            "category": "Operations security",
371            "code": "12.2.1",371            "code": "12.2.1",
372            "label": "Controls against malicious code",372            "label": "Controls against malicious code",
373            "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b"373            "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b"
374        },374        },
375        {375        {
376            "category": "Operations security",376            "category": "Operations security",
377            "code": "12.3.1",377            "code": "12.3.1",
378            "label": "Information Backup",378            "label": "Information Backup",
379            "uuid": "267fd272-f705-11e8-b555-0800279aaa2b"379            "uuid": "267fd272-f705-11e8-b555-0800279aaa2b"
380        },380        },
381        {381        {
382            "category": "Operations security",382            "category": "Operations security",
383            "code": "12.4.1",383            "code": "12.4.1",
384            "label": "Event logging",384            "label": "Event logging",
385            "uuid": "267fd529-f705-11e8-b555-0800279aaa2b"385            "uuid": "267fd529-f705-11e8-b555-0800279aaa2b"
386        },386        },
387        {387        {
388            "category": "Operations security",388            "category": "Operations security",
389            "code": "12.4.2",389            "code": "12.4.2",
390            "label": "Protection of log information",390            "label": "Protection of log information",
391            "uuid": "267fd567-f705-11e8-b555-0800279aaa2b"391            "uuid": "267fd567-f705-11e8-b555-0800279aaa2b"
392        },392        },
393        {393        {
394            "category": "Operations security",394            "category": "Operations security",
395            "code": "12.4.3",395            "code": "12.4.3",
396            "label": "Administrator and operator logs",396            "label": "Administrator and operator logs",
397            "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b"397            "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b"
398        },398        },
399        {399        {
400            "category": "Operations security",400            "category": "Operations security",
401            "code": "12.4.4",401            "code": "12.4.4",
402            "label": "Clock synchronisation",402            "label": "Clock synchronisation",
403            "uuid": "267fd610-f705-11e8-b555-0800279aaa2b"403            "uuid": "267fd610-f705-11e8-b555-0800279aaa2b"
404        },404        },
405        {405        {
406            "category": "Operations security",406            "category": "Operations security",
407            "code": "12.5.1",407            "code": "12.5.1",
408            "label": "Installation of software on operational systems",408            "label": "Installation of software on operational systems",
409            "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b"409            "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b"
410        },410        },
411        {411        {
412            "category": "Operations security",412            "category": "Operations security",
413            "code": "12.6.1",413            "code": "12.6.1",
414            "label": "Management of technical vulnerabilities",414            "label": "Management of technical vulnerabilities",
415            "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b"415            "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b"
416        },416        },
417        {417        {
418            "category": "Operations security",418            "category": "Operations security",
419            "code": "12.6.2",419            "code": "12.6.2",
420            "label": "Restrictions on software installation",420            "label": "Restrictions on software installation",
421            "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b"421            "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b"
422        },422        },
423        {423        {
424            "category": "Operations security",424            "category": "Operations security",
425            "code": "12.7.1",425            "code": "12.7.1",
426            "label": "Information systems audit controls",426            "label": "Information systems audit controls",
427            "uuid": "267fe660-f705-11e8-b555-0800279aaa2b"427            "uuid": "267fe660-f705-11e8-b555-0800279aaa2b"
428        },428        },
429        {429        {
430            "category": "Communications security",430            "category": "Communications security",
431            "code": "13.1.1",431            "code": "13.1.1",
432            "label": "Network controls",432            "label": "Network controls",
433            "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b"433            "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b"
434        },434        },
435        {435        {
436            "category": "Communications security",436            "category": "Communications security",
437            "code": "13.1.2",437            "code": "13.1.2",
438            "label": "Security of network services",438            "label": "Security of network services",
439            "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b"439            "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b"
440        },440        },
441        {441        {
442            "category": "Communications security",442            "category": "Communications security",
443            "code": "13.1.3",443            "code": "13.1.3",
444            "label": "Segregation in networks",444            "label": "Segregation in networks",
445            "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b"445            "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b"
446        },446        },
447        {447        {
448            "category": "Communications security",448            "category": "Communications security",
449            "code": "13.2.1",449            "code": "13.2.1",
450            "label": "Information transfer policies and procedures",450            "label": "Information transfer policies and procedures",
451            "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b"451            "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b"
452        },452        },
453        {453        {
454            "category": "Communications security",454            "category": "Communications security",
455            "code": "13.2.2",455            "code": "13.2.2",
456            "label": "Agreements on information transfer",456            "label": "Agreements on information transfer",
457            "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b"457            "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b"
458        },458        },
459        {459        {
460            "category": "Communications security",460            "category": "Communications security",
461            "code": "13.2.3",461            "code": "13.2.3",
462            "label": "Electronic messaging",462            "label": "Electronic messaging",
463            "uuid": "267fd462-f705-11e8-b555-0800279aaa2b"463            "uuid": "267fd462-f705-11e8-b555-0800279aaa2b"
464        },464        },
465        {465        {
466            "category": "Communications security",466            "category": "Communications security",
467            "code": "13.2.4",467            "code": "13.2.4",
468            "label": "Confidentiality or non-disclosure agreements",468            "label": "Confidentiality or non-disclosure agreements",
469            "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b"469            "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b"
470        },470        },
471        {471        {
472            "category": "System acquisition, development and maintenance",472            "category": "System acquisition, development and maintenance",
473            "code": "14.1.1",473            "code": "14.1.1",
474            "label": "Information security requirements analysis and specification",474            "label": "Information security requirements analysis and specification",
475            "uuid": "267fda50-f705-11e8-b555-0800279aaa2b"475            "uuid": "267fda50-f705-11e8-b555-0800279aaa2b"
476        },476        },
477        {477        {
478            "category": "System acquisition, development and maintenance",478            "category": "System acquisition, development and maintenance",
479            "code": "14.1.2",479            "code": "14.1.2",
480            "label": "Securing application services on public networks",480            "label": "Securing application services on public networks",
481            "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b"481            "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b"
482        },482        },
483        {483        {
484            "category": "System acquisition, development and maintenance",484            "category": "System acquisition, development and maintenance",
485            "code": "14.1.3",485            "code": "14.1.3",
486            "label": "Protecting application services transactions",486            "label": "Protecting application services transactions",
487            "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b"487            "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b"
488        },488        },
489        {489        {
490            "category": "System acquisition, development and maintenance",490            "category": "System acquisition, development and maintenance",
491            "code": "14.2.1",491            "code": "14.2.1",
492            "label": "Secure development policy",492            "label": "Secure development policy",
493            "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b"493            "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b"
494        },494        },
495        {495        {
496            "category": "System acquisition, development and maintenance",496            "category": "System acquisition, development and maintenance",
497            "code": "14.2.2",497            "code": "14.2.2",
498            "label": "System change control procedures",498            "label": "System change control procedures",
499            "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b"499            "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b"
500        },500        },
501        {501        {
502            "category": "System acquisition, development and maintenance",502            "category": "System acquisition, development and maintenance",
503            "code": "14.2.3",503            "code": "14.2.3",
504            "label": "Technical review of applications after operating platform changes",504            "label": "Technical review of applications after operating platform changes",
505            "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b"505            "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b"
506        },506        },
507        {507        {
508            "category": "System acquisition, development and maintenance",508            "category": "System acquisition, development and maintenance",
509            "code": "14.2.4",509            "code": "14.2.4",
510            "label": "Restrictions on changes to software packages",510            "label": "Restrictions on changes to software packages",
511            "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b"511            "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b"
512        },512        },
513        {513        {
514            "category": "System acquisition, development and maintenance",514            "category": "System acquisition, development and maintenance",
515            "code": "14.2.5",515            "code": "14.2.5",
516            "label": "Secure system engineering principles",516            "label": "Secure system engineering principles",
517            "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b"517            "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b"
518        },518        },
519        {519        {
520            "category": "System acquisition, development and maintenance",520            "category": "System acquisition, development and maintenance",
521            "code": "14.2.6",521            "code": "14.2.6",
522            "label": "Secure development environment",522            "label": "Secure development environment",
523            "uuid": "267fe847-f705-11e8-b555-0800279aaa2b"523            "uuid": "267fe847-f705-11e8-b555-0800279aaa2b"
524        },524        },
525        {525        {
526            "category": "System acquisition, development and maintenance",526            "category": "System acquisition, development and maintenance",
527            "code": "14.2.7",527            "code": "14.2.7",
528            "label": "Outsourced software development",528            "label": "Outsourced software development",
529            "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b"529            "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b"
530        },530        },
531        {531        {
532            "category": "System acquisition, development and maintenance",532            "category": "System acquisition, development and maintenance",
533            "code": "14.2.8",533            "code": "14.2.8",
534            "label": "System security testing",534            "label": "System security testing",
535            "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b"535            "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b"
536        },536        },
537        {537        {
538            "category": "System acquisition, development and maintenance",538            "category": "System acquisition, development and maintenance",
539            "code": "14.2.9",539            "code": "14.2.9",
540            "label": "System acceptance testing",540            "label": "System acceptance testing",
541            "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b"541            "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b"
542        },542        },
543        {543        {
544            "category": "System acquisition, development and maintenance",544            "category": "System acquisition, development and maintenance",
545            "code": "14.3.1",545            "code": "14.3.1",
546            "label": "Protection of test data",546            "label": "Protection of test data",
547            "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b"547            "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b"
548        },548        },
549        {549        {
550            "category": "Supplier relationships",550            "category": "Supplier relationships",
551            "code": "15.1.1",551            "code": "15.1.1",
552            "label": "Information security policy for supplier relationships",552            "label": "Information security policy for supplier relationships",
553            "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b"553            "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b"
554        },554        },
555        {555        {
556            "category": "Supplier relationships",556            "category": "Supplier relationships",
557            "code": "15.1.2",557            "code": "15.1.2",
558            "label": "Addressing security within supplier agreements",558            "label": "Addressing security within supplier agreements",
559            "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b"559            "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b"
560        },560        },
561        {561        {
562            "category": "Supplier relationships",562            "category": "Supplier relationships",
563            "code": "15.1.3",563            "code": "15.1.3",
564            "label": "Informaiton and communication technology supply chain",564            "label": "Informaiton and communication technology supply chain",
565            "uuid": "267fe959-f705-11e8-b555-0800279aaa2b"565            "uuid": "267fe959-f705-11e8-b555-0800279aaa2b"
566        },566        },
567        {567        {
568            "category": "Supplier relationships",568            "category": "Supplier relationships",
569            "code": "15.2.1",569            "code": "15.2.1",
570            "label": "Monitoring and review of supplier services",570            "label": "Monitoring and review of supplier services",
571            "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b"571            "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b"
572        },572        },
573        {573        {
574            "category": "Supplier relationships",574            "category": "Supplier relationships",
575            "code": "15.2.2",575            "code": "15.2.2",
576            "label": "Managing changes to supplier services",576            "label": "Managing changes to supplier services",
577            "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b"577            "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b"
578        },578        },
579        {579        {
580            "category": "information security incident management",580            "category": "information security incident management",
581            "code": "16.1.1",581            "code": "16.1.1",
582            "label": "Responsibilities and procedures",582            "label": "Responsibilities and procedures",
583            "uuid": "267fde78-f705-11e8-b555-0800279aaa2b"583            "uuid": "267fde78-f705-11e8-b555-0800279aaa2b"
584        },584        },
585        {585        {
586            "category": "information security incident management",586            "category": "information security incident management",
587            "code": "16.1.2",587            "code": "16.1.2",
588            "label": "Reporting information security events",588            "label": "Reporting information security events",
589            "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b"589            "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b"
590        },590        },
591        {591        {
592            "category": "information security incident management",592            "category": "information security incident management",
593            "code": "16.1.3",593            "code": "16.1.3",
594            "label": "Reporting information security weaknesses",594            "label": "Reporting information security weaknesses",
595            "uuid": "267fde31-f705-11e8-b555-0800279aaa2b"595            "uuid": "267fde31-f705-11e8-b555-0800279aaa2b"
596        },596        },
597        {597        {
598            "category": "information security incident management",598            "category": "information security incident management",
599            "code": "16.1.4",599            "code": "16.1.4",
600            "label": "Assessment of and decision on information security events",600            "label": "Assessment of and decision on information security events",
601            "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b"601            "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b"
602        },602        },
603        {603        {
604            "category": "information security incident management",604            "category": "information security incident management",
605            "code": "16.1.5",605            "code": "16.1.5",
606            "label": "Response in information security incidents",606            "label": "Response in information security incidents",
607            "uuid": "267fea11-f705-11e8-b555-0800279aaa2b"607            "uuid": "267fea11-f705-11e8-b555-0800279aaa2b"
608        },608        },
609        {609        {
610            "category": "information security incident management",610            "category": "information security incident management",
611            "code": "16.1.6",611            "code": "16.1.6",
612            "label": "Learning from information security incidents",612            "label": "Learning from information security incidents",
613            "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b"613            "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b"
614        },614        },
615        {615        {
616            "category": "information security incident management",616            "category": "information security incident management",
617            "code": "16.1.7",617            "code": "16.1.7",
618            "label": "Collection of evidence",618            "label": "Collection of evidence",
619            "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b"619            "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b"
620        },620        },
621        {621        {
622            "category": "Information security aspects of business continuity management",622            "category": "Information security aspects of business continuity management",
623            "code": "17.1.1",623            "code": "17.1.1",
624            "label": "Planning information security continuity",624            "label": "Planning information security continuity",
625            "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b"625            "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b"
626        },626        },
627        {627        {
628            "category": "Information security aspects of business continuity management",628            "category": "Information security aspects of business continuity management",
629            "code": "17.1.2",629            "code": "17.1.2",
630            "label": "Implementing information security continuity",630            "label": "Implementing information security continuity",
631            "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b"631            "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b"
632        },632        },
633        {633        {
634            "category": "Information security aspects of business continuity management",634            "category": "Information security aspects of business continuity management",
635            "code": "17.1.3",635            "code": "17.1.3",
636            "label": "Verify, review and evaluate information security continuity",636            "label": "Verify, review and evaluate information security continuity",
637            "uuid": "267fe022-f705-11e8-b555-0800279aaa2b"637            "uuid": "267fe022-f705-11e8-b555-0800279aaa2b"
638        },638        },
639        {639        {
640            "category": "Information security aspects of business continuity management",640            "category": "Information security aspects of business continuity management",
641            "code": "17.2.1",641            "code": "17.2.1",
642            "label": "Availability of information processing facilities",642            "label": "Availability of information processing facilities",
643            "uuid": "267fea72-f705-11e8-b555-0800279aaa2b"643            "uuid": "267fea72-f705-11e8-b555-0800279aaa2b"
644        },644        },
645        {645        {
646            "category": "Compliance",646            "category": "Compliance",
647            "code": "18.1.1",647            "code": "18.1.1",
648            "label": "Identification of applicable legislation",648            "label": "Identification of applicable legislation",
649            "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b"649            "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b"
650        },650        },
651        {651        {
652            "category": "Compliance",652            "category": "Compliance",
653            "code": "18.1.2",653            "code": "18.1.2",
654            "label": "Intellectual Property Rights",654            "label": "Intellectual Property Rights",
655            "uuid": "267fe307-f705-11e8-b555-0800279aaa2b"655            "uuid": "267fe307-f705-11e8-b555-0800279aaa2b"
656        },656        },
657        {657        {
658            "category": "Compliance",658            "category": "Compliance",
659            "code": "18.1.3",659            "code": "18.1.3",
660            "label": "Protection of records",660            "label": "Protection of records",
661            "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b"661            "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b"
662        },662        },
663        {663        {
664            "category": "Compliance",664            "category": "Compliance",
665            "code": "18.1.4",665            "code": "18.1.4",
666            "label": "Privacy and protection of personally identifiable information",666            "label": "Privacy and protection of personally identifiable information",
667            "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b"667            "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b"
668        },668        },
669        {669        {
670            "category": "Compliance",670            "category": "Compliance",
671            "code": "18.1.5",671            "code": "18.1.5",
672            "label": "Regulation of cryptographic controls",672            "label": "Regulation of cryptographic controls",
673            "uuid": "267fe510-f705-11e8-b555-0800279aaa2b"673            "uuid": "267fe510-f705-11e8-b555-0800279aaa2b"
674        },674        },
675        {675        {
676            "category": "Compliance",676            "category": "Compliance",
677            "code": "18.2.1",677            "code": "18.2.1",
678            "label": "Independent review of information security",678            "label": "Independent review of information security",
679            "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b"679            "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b"
680        },680        },
681        {681        {
682            "category": "Compliance",682            "category": "Compliance",
683            "code": "18.2.2",683            "code": "18.2.2",
684            "label": "Compliance with security policies and standards",684            "label": "Compliance with security policies and standards",
685            "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b"685            "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b"
686        },686        },
687        {687        {
688            "category": "Compliance",688            "category": "Compliance",
689            "code": "18.2.3",689            "code": "18.2.3",
690            "label": "Technical compliance review",690            "label": "Technical compliance review",
691            "uuid": "267fe600-f705-11e8-b555-0800279aaa2b"691            "uuid": "267fe600-f705-11e8-b555-0800279aaa2b"
692        }692        }
693    ],693    ],
694    "version": 1,694    "version": 1,
695    "version_ext": "ISO/IEC 27002:2013"695    "version_ext": "ISO/IEC 27002:2013"
696}696}