MOSP

f

1

{

f

1

{

2

"authors": [

2

"authors": [

3

"CASES Team"

3

"CASES Team"

4

],

4

],

5

"label": "ISO/IEC 27002 [2022]",

5

"label": "ISO/IEC 27002 [2022]",

6

"language": "EN",

6

"language": "EN",

7

"refs": [

7

"refs": [

8

"https://www.iso.org/standard/54533.html"

8

"https://www.iso.org/standard/54533.html"

9

],

9

],

10

"uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

10

"uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

t

11

"values": [],

t

11

"values": [

12

{

13

"category": "Organizational controls",

14

"code": "5.1",

15

"label": "Policies for information security",

16

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

17

"referential_label": "ISO/IEC 27002 [2022]",

18

"uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831"

19

},

20

{

21

"category": "Organizational controls",

22

"code": "5.2",

23

"label": "Information security roles and responsibilities",

24

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

25

"referential_label": "ISO/IEC 27002 [2022]",

26

"uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5"

27

},

28

{

29

"category": "Organizational controls",

30

"code": "5.3",

31

"label": "Segregation of duties",

32

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

33

"referential_label": "ISO/IEC 27002 [2022]",

34

"uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252"

35

},

36

{

37

"category": "Organizational controls",

38

"code": "5.4",

39

"label": "Management responsibilities",

40

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

41

"referential_label": "ISO/IEC 27002 [2022]",

42

"uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f"

43

},

44

{

45

"category": "Organizational controls",

46

"code": "5.5",

47

"label": "Contact with authorities",

48

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

49

"referential_label": "ISO/IEC 27002 [2022]",

50

"uuid": "7a5c4510-1d09-481b-822d-2d58745d390b"

51

},

52

{

53

"category": "Organizational controls",

54

"code": "5.6",

55

"label": "Contact with special interest groups",

56

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

57

"referential_label": "ISO/IEC 27002 [2022]",

58

"uuid": "33aa534c-482a-4503-919c-635ac65d084e"

59

},

60

{

61

"category": "Organizational controls",

62

"code": "5.7",

63

"label": "Threat intelligence",

64

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

65

"referential_label": "ISO/IEC 27002 [2022]",

66

"uuid": "dca62889-6240-406e-8c94-5f418e7e004e"

67

},

68

{

69

"category": "Organizational controls",

70

"code": "5.8",

71

"label": "Information security in project management",

72

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

73

"referential_label": "ISO/IEC 27002 [2022]",

74

"uuid": "45d81142-d8b8-45c5-811b-8a636c404af8"

75

},

76

{

77

"category": "Organizational controls",

78

"code": "5.9",

79

"label": "Inventory of information and other associated assets",

80

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

81

"referential_label": "ISO/IEC 27002 [2022]",

82

"uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70"

83

},

84

{

85

"category": "Organizational controls",

86

"code": "5.1",

87

"label": "Acceptable use of information and other associated assets",

88

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

89

"referential_label": "ISO/IEC 27002 [2022]",

90

"uuid": "95882551-578c-4c0d-afe8-1dff2b251da4"

91

},

92

{

93

"category": "Organizational controls",

94

"code": "5.11",

95

"label": "Return of assets",

96

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

97

"referential_label": "ISO/IEC 27002 [2022]",

98

"uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5"

99

},

100

{

101

"category": "Organizational controls",

102

"code": "5.12",

103

"label": "Classification of information",

104

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

105

"referential_label": "ISO/IEC 27002 [2022]",

106

"uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1"

107

},

108

{

109

"category": "Organizational controls",

110

"code": "5.13",

111

"label": "Labelling of information",

112

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

113

"referential_label": "ISO/IEC 27002 [2022]",

114

"uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd"

115

},

116

{

117

"category": "Organizational controls",

118

"code": "5.14",

119

"label": "Information transfer",

120

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

121

"referential_label": "ISO/IEC 27002 [2022]",

122

"uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79"

123

},

124

{

125

"category": "Organizational controls",

126

"code": "5.15",

127

"label": "Access control",

128

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

129

"referential_label": "ISO/IEC 27002 [2022]",

130

"uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3"

131

},

132

{

133

"category": "Organizational controls",

134

"code": "5.16",

135

"label": "Identity management",

136

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

137

"referential_label": "ISO/IEC 27002 [2022]",

138

"uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626"

139

},

140

{

141

"category": "Organizational controls",

142

"code": "5.17",

143

"label": "Authentication information",

144

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

145

"referential_label": "ISO/IEC 27002 [2022]",

146

"uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3"

147

},

148

{

149

"category": "Organizational controls",

150

"code": "5.18",

151

"label": "Access rights",

152

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

153

"referential_label": "ISO/IEC 27002 [2022]",

154

"uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe"

155

},

156

{

157

"category": "Organizational controls",

158

"code": "5.19",

159

"label": "Information security in supplier relationships",

160

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

161

"referential_label": "ISO/IEC 27002 [2022]",

162

"uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40"

163

},

164

{

165

"category": "Organizational controls",

166

"code": "5.2",

167

"label": "Addressing information security within supplier agreements",

168

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

169

"referential_label": "ISO/IEC 27002 [2022]",

170

"uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0"

171

},

172

{

173

"category": "Organizational controls",

174

"code": "5.21",

175

"label": "Managing information security in the ICT supply chain",

176

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

177

"referential_label": "ISO/IEC 27002 [2022]",

178

"uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7"

179

},

180

{

181

"category": "Organizational controls",

182

"code": "5.22",

183

"label": "Monitoring, review and change management of supplier services",

184

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

185

"referential_label": "ISO/IEC 27002 [2022]",

186

"uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a"

187

},

188

{

189

"category": "Organizational controls",

190

"code": "5.23",

191

"label": "Information security for use of cloud services",

192

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

193

"referential_label": "ISO/IEC 27002 [2022]",

194

"uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d"

195

},

196

{

197

"category": "Organizational controls",

198

"code": "5.24",

199

"label": "Information security incident management planning and preparation",

200

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

201

"referential_label": "ISO/IEC 27002 [2022]",

202

"uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1"

203

},

204

{

205

"category": "Organizational controls",

206

"code": "5.25",

207

"label": "Assessment and decision on information security events",

208

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

209

"referential_label": "ISO/IEC 27002 [2022]",

210

"uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e"

211

},

212

{

213

"category": "Organizational controls",

214

"code": "5.26",

215

"label": "Response to information security incidents",

216

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

217

"referential_label": "ISO/IEC 27002 [2022]",

218

"uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72"

219

},

220

{

221

"category": "Organizational controls",

222

"code": "5.27",

223

"label": "Learning from information security incidents",

224

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

225

"referential_label": "ISO/IEC 27002 [2022]",

226

"uuid": "1c03c68f-29a0-4606-b99d-072491f53e96"

227

},

228

{

229

"category": "Organizational controls",

230

"code": "5.28",

231

"label": "Collection of evidence",

232

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

233

"referential_label": "ISO/IEC 27002 [2022]",

234

"uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590"

235

},

236

{

237

"category": "Organizational controls",

238

"code": "5.29",

239

"label": "Information security during disruption",

240

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

241

"referential_label": "ISO/IEC 27002 [2022]",

242

"uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2"

243

},

244

{

245

"category": "Organizational controls",

246

"code": "5.3",

247

"label": "ICT readiness for business continuity",

248

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

249

"referential_label": "ISO/IEC 27002 [2022]",

250

"uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8"

251

},

252

{

253

"category": "Organizational controls",

254

"code": "5.31",

255

"label": "Legal, statutory, regulatory and contractual requirements",

256

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

257

"referential_label": "ISO/IEC 27002 [2022]",

258

"uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1"

259

},

260

{

261

"category": "Organizational controls",

262

"code": "5.32",

263

"label": "Intellectual property rights",

264

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

265

"referential_label": "ISO/IEC 27002 [2022]",

266

"uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd"

267

},

268

{

269

"category": "Organizational controls",

270

"code": "5.33",

271

"label": "Protection of records",

272

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

273

"referential_label": "ISO/IEC 27002 [2022]",

274

"uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8"

275

},

276

{

277

"category": "Organizational controls",

278

"code": "5.34",

279

"label": "Privacy and protection of PII",

280

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

281

"referential_label": "ISO/IEC 27002 [2022]",

282

"uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9"

283

},

284

{

285

"category": "Organizational controls",

286

"code": "5.35",

287

"label": "Independent review of information security",

288

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

289

"referential_label": "ISO/IEC 27002 [2022]",

290

"uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9"

291

},

292

{

293

"category": "Organizational controls",

294

"code": "5.36",

295

"label": "Compliance with policies, rules and standards for information security",

296

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

297

"referential_label": "ISO/IEC 27002 [2022]",

298

"uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3"

299

},

300

{

301

"category": "Organizational controls",

302

"code": "5.37",

303

"label": "Documented operating procedures",

304

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

305

"referential_label": "ISO/IEC 27002 [2022]",

306

"uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3"

307

},

308

{

309

"category": "People controls",

310

"code": "6.1",

311

"label": "Screening",

312

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

313

"referential_label": "ISO/IEC 27002 [2022]",

314

"uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37"

315

},

316

{

317

"category": "People controls",

318

"code": "6.2",

319

"label": "Terms and conditions of employment",

320

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

321

"referential_label": "ISO/IEC 27002 [2022]",

322

"uuid": "83389b64-b080-4625-8e81-05174311e2d8"

323

},

324

{

325

"category": "People controls",

326

"code": "6.3",

327

"label": "Information security awareness, education and training",

328

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

329

"referential_label": "ISO/IEC 27002 [2022]",

330

"uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680"

331

},

332

{

333

"category": "People controls",

334

"code": "6.4",

335

"label": "Disciplinary process",

336

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

337

"referential_label": "ISO/IEC 27002 [2022]",

338

"uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6"

339

},

340

{

341

"category": "People controls",

342

"code": "6.5",

343

"label": "Responsibilities after termination or change of employment",

344

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

345

"referential_label": "ISO/IEC 27002 [2022]",

346

"uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8"

347

},

348

{

349

"category": "People controls",

350

"code": "6.6",

351

"label": "Confidentiality or non-disclosure agreements",

352

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

353

"referential_label": "ISO/IEC 27002 [2022]",

354

"uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6"

355

},

356

{

357

"category": "People controls",

358

"code": "6.7",

359

"label": "Remote working",

360

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

361

"referential_label": "ISO/IEC 27002 [2022]",

362

"uuid": "276430e7-47c5-461b-a5c4-7b46dae11759"

363

},

364

{

365

"category": "People controls",

366

"code": "6.8",

367

"label": "Information security event reporting",

368

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

369

"referential_label": "ISO/IEC 27002 [2022]",

370

"uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5"

371

},

372

{

373

"category": "Physical controls",

374

"code": "7.1",

375

"label": "Physical security perimeters",

376

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

377

"referential_label": "ISO/IEC 27002 [2022]",

378

"uuid": "26fbd0ef-28da-4930-850f-8519da290fd4"

379

},

380

{

381

"category": "Physical controls",

382

"code": "7.2",

383

"label": "Physical entry",

384

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

385

"referential_label": "ISO/IEC 27002 [2022]",

386

"uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3"

387

},

388

{

389

"category": "Physical controls",

390

"code": "7.3",

391

"label": "Securing offices, rooms and facilities",

392

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

393

"referential_label": "ISO/IEC 27002 [2022]",

394

"uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420"

395

},

396

{

397

"category": "Physical controls",

398

"code": "7.4",

399

"label": "Physical security monitoring",

400

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

401

"referential_label": "ISO/IEC 27002 [2022]",

402

"uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf"

403

},

404

{

405

"category": "Physical controls",

406

"code": "7.5",

407

"label": "Protecting against physical and environmental threats",

408

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

409

"referential_label": "ISO/IEC 27002 [2022]",

410

"uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b"

411

},

412

{

413

"category": "Physical controls",

414

"code": "7.6",

415

"label": "Working in secure areas",

416

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

417

"referential_label": "ISO/IEC 27002 [2022]",

418

"uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268"

419

},

420

{

421

"category": "Physical controls",

422

"code": "7.7",

423

"label": "Clear desk and clear screen",

424

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

425

"referential_label": "ISO/IEC 27002 [2022]",

426

"uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614"

427

},

428

{

429

"category": "Physical controls",

430

"code": "7.8",

431

"label": "Equipment siting and protection",

432

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

433

"referential_label": "ISO/IEC 27002 [2022]",

434

"uuid": "a3897661-541e-4c4c-9844-2981d8288ec6"

435

},

436

{

437

"category": "Physical controls",

438

"code": "7.9",

439

"label": "Security of assets off-premises",

440

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

441

"referential_label": "ISO/IEC 27002 [2022]",

442

"uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6"

443

},

444

{

445

"category": "Physical controls",

446

"code": "7.1",

447

"label": "Storage media",

448

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

449

"referential_label": "ISO/IEC 27002 [2022]",

450

"uuid": "1167decd-0e55-4359-8fb2-599c490d89fa"

451

},

452

{

453

"category": "Physical controls",

454

"code": "7.11",

455

"label": "Supporting utilities",

456

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

457

"referential_label": "ISO/IEC 27002 [2022]",

458

"uuid": "fc66f113-3f02-4354-8610-879b5467971a"

459

},

460

{

461

"category": "Physical controls",

462

"code": "7.12",

463

"label": "Cabling security",

464

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

465

"referential_label": "ISO/IEC 27002 [2022]",

466

"uuid": "00e9c4c9-c718-4834-a312-c08abb03838c"

467

},

468

{

469

"category": "Physical controls",

470

"code": "7.13",

471

"label": "Equipment maintenance",

472

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

473

"referential_label": "ISO/IEC 27002 [2022]",

474

"uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c"

475

},

476

{

477

"category": "Physical controls",

478

"code": "7.14",

479

"label": "Secure disposal or re-use of equipment",

480

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

481

"referential_label": "ISO/IEC 27002 [2022]",

482

"uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33"

483

},

484

{

485

"category": "Technological controls",

486

"code": "8.1",

487

"label": "User endpoint devices",

488

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

489

"referential_label": "ISO/IEC 27002 [2022]",

490

"uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f"

491

},

492

{

493

"category": "Technological controls",

494

"code": "8.2",

495

"label": "Privileged access rights",

496

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

497

"referential_label": "ISO/IEC 27002 [2022]",

498

"uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd"

499

},

500

{

501

"category": "Technological controls",

502

"code": "8.3",

503

"label": "Information access restriction",

504

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

505

"referential_label": "ISO/IEC 27002 [2022]",

506

"uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d"

507

},

508

{

509

"category": "Technological controls",

510

"code": "8.4",

511

"label": "Access to source code",

512

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

513

"referential_label": "ISO/IEC 27002 [2022]",

514

"uuid": "b56726a8-3883-4893-ae75-2ba555411148"

515

},

516

{

517

"category": "Technological controls",

518

"code": "8.5",

519

"label": "Secure authentication",

520

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

521

"referential_label": "ISO/IEC 27002 [2022]",

522

"uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd"

523

},

524

{

525

"category": "Technological controls",

526

"code": "8.6",

527

"label": "Capacity management",

528

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

529

"referential_label": "ISO/IEC 27002 [2022]",

530

"uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e"

531

},

532

{

533

"category": "Technological controls",

534

"code": "8.7",

535

"label": "Protection against malware",

536

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

537

"referential_label": "ISO/IEC 27002 [2022]",

538

"uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0"

539

},

540

{

541

"category": "Technological controls",

542

"code": "8.8",

543

"label": "Management of technical vulnerabilities",

544

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

545

"referential_label": "ISO/IEC 27002 [2022]",

546

"uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d"

547

},

548

{

549

"category": "Technological controls",

550

"code": "8.9",

551

"label": "Configuration management",

552

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

553

"referential_label": "ISO/IEC 27002 [2022]",

554

"uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9"

555

},

556

{

557

"category": "Technological controls",

558

"code": "8.1",

559

"label": "Information deletion",

560

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

561

"referential_label": "ISO/IEC 27002 [2022]",

562

"uuid": "af8efe54-1e09-44e8-818d-22dc5446b234"

563

},

564

{

565

"category": "Technological controls",

566

"code": "8.11",

567

"label": "Data masking",

568

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

569

"referential_label": "ISO/IEC 27002 [2022]",

570

"uuid": "082e34b9-5811-485b-a81a-761e79918ebc"

571

},

572

{

573

"category": "Technological controls",

574

"code": "8.12",

575

"label": "Data leakage prevention",

576

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

577

"referential_label": "ISO/IEC 27002 [2022]",

578

"uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6"

579

},

580

{

581

"category": "Technological controls",

582

"code": "8.13",

583

"label": "Information backup",

584

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

585

"referential_label": "ISO/IEC 27002 [2022]",

586

"uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7"

587

},

588

{

589

"category": "Technological controls",

590

"code": "8.14",

591

"label": "Redundancy of information processing facilities",

592

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

593

"referential_label": "ISO/IEC 27002 [2022]",

594

"uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4"

595

},

596

{

597

"category": "Technological controls",

598

"code": "8.15",

599

"label": "Logging",

600

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

601

"referential_label": "ISO/IEC 27002 [2022]",

602

"uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029"

603

},

604

{

605

"category": "Technological controls",

606

"code": "8.16",

607

"label": "Monitoring activities",

608

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

609

"referential_label": "ISO/IEC 27002 [2022]",

610

"uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff"

611

},

612

{

613

"category": "Technological controls",

614

"code": "8.17",

615

"label": "Clock synchronization",

616

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

617

"referential_label": "ISO/IEC 27002 [2022]",

618

"uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2"

619

},

620

{

621

"category": "Technological controls",

622

"code": "8.18",

623

"label": "Use of privileged utility programs",

624

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

625

"referential_label": "ISO/IEC 27002 [2022]",

626

"uuid": "9389f178-57cb-4b52-b464-5b983d10ae90"

627

},

628

{

629

"category": "Technological controls",

630

"code": "8.19",

631

"label": "Installation of software on operational systems",

632

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

633

"referential_label": "ISO/IEC 27002 [2022]",

634

"uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5"

635

},

636

{

637

"category": "Technological controls",

638

"code": "8.2",

639

"label": "Networks security",

640

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

641

"referential_label": "ISO/IEC 27002 [2022]",

642

"uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5"

643

},

644

{

645

"category": "Technological controls",

646

"code": "8.21",

647

"label": "Security of network services",

648

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

649

"referential_label": "ISO/IEC 27002 [2022]",

650

"uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637"

651

},

652

{

653

"category": "Technological controls",

654

"code": "8.22",

655

"label": "Segregation of networks",

656

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

657

"referential_label": "ISO/IEC 27002 [2022]",

658

"uuid": "6c305573-67ac-488e-882a-8e94e6373355"

659

},

660

{

661

"category": "Technological controls",

662

"code": "8.23",

663

"label": "Web filtering",

664

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

665

"referential_label": "ISO/IEC 27002 [2022]",

666

"uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771"

667

},

668

{

669

"category": "Technological controls",

670

"code": "8.24",

671

"label": "Use of cryptography",

672

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

673

"referential_label": "ISO/IEC 27002 [2022]",

674

"uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9"

675

},

676

{

677

"category": "Technological controls",

678

"code": "8.25",

679

"label": "Secure development life cycle",

680

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

681

"referential_label": "ISO/IEC 27002 [2022]",

682

"uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2"

683

},

684

{

685

"category": "Technological controls",

686

"code": "8.26",

687

"label": "Application security requirements",

688

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

689

"referential_label": "ISO/IEC 27002 [2022]",

690

"uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716"

691

},

692

{

693

"category": "Technological controls",

694

"code": "8.27",

695

"label": "Secure system architecture and engineering principles",

696

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

697

"referential_label": "ISO/IEC 27002 [2022]",

698

"uuid": "497618e9-e495-42b6-b04e-21801f9c01f7"

699

},

700

{

701

"category": "Technological controls",

702

"code": "8.28",

703

"label": "Secure coding",

704

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

705

"referential_label": "ISO/IEC 27002 [2022]",

706

"uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09"

707

},

708

{

709

"category": "Technological controls",

710

"code": "8.29",

711

"label": "Security testing in development and acceptance",

712

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

713

"referential_label": "ISO/IEC 27002 [2022]",

714

"uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389"

715

},

716

{

717

"category": "Technological controls",

718

"code": "8.3",

719

"label": "Outsourced development",

720

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

721

"referential_label": "ISO/IEC 27002 [2022]",

722

"uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4"

723

},

724

{

725

"category": "Technological controls",

726

"code": "8.31",

727

"label": "Separation of development, test and production environments",

728

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

729

"referential_label": "ISO/IEC 27002 [2022]",

730

"uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb"

731

},

732

{

733

"category": "Technological controls",

734

"code": "8.32",

735

"label": "Change management",

736

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

737

"referential_label": "ISO/IEC 27002 [2022]",

738

"uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a"

739

},

740

{

741

"category": "Technological controls",

742

"code": "8.33",

743

"label": "Test information",

744

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

745

"referential_label": "ISO/IEC 27002 [2022]",

746

"uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5"

747

},

748

{

749

"category": "Technological controls",

750

"code": "8.34",

751

"label": "Protection of information systems during audit testing",

752

"referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",

753

"referential_label": "ISO/IEC 27002 [2022]",

754

"uuid": "744146f1-5a14-43c0-b675-8c2649486f64"

755

}

756

],

12

"version": 1,

757

"version": 1,

13

"version_ext": "ISO/IEC 27002:2013"

758

"version_ext": "ISO/IEC 27002:2013"

14

}

759

}

+    "authors": [
+        "CASES Team"
+    ],
+    "label": "ISO/IEC 27002 [2022]",
+    "language": "EN",
+    "refs": [
+        "https://www.iso.org/standard/54533.html"
+    ],
+    "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+    "values": [
+            "category": "Organizational controls",
+            "code": "5.1",
+            "label": "Policies for information security",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831"
+        },
+            "category": "Organizational controls",
+            "code": "5.2",
+            "label": "Information security roles and responsibilities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5"
+        },
+            "category": "Organizational controls",
+            "code": "5.3",
+            "label": "Segregation of duties",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252"
+        },
+            "category": "Organizational controls",
+            "code": "5.4",
+            "label": "Management responsibilities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f"
+        },
+            "category": "Organizational controls",
+            "code": "5.5",
+            "label": "Contact with authorities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "7a5c4510-1d09-481b-822d-2d58745d390b"
+        },
+            "category": "Organizational controls",
+            "code": "5.6",
+            "label": "Contact with special interest groups",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "33aa534c-482a-4503-919c-635ac65d084e"
+        },
+            "category": "Organizational controls",
+            "code": "5.7",
+            "label": "Threat intelligence",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "dca62889-6240-406e-8c94-5f418e7e004e"
+        },
+            "category": "Organizational controls",
+            "code": "5.8",
+            "label": "Information security in project management",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "45d81142-d8b8-45c5-811b-8a636c404af8"
+        },
+            "category": "Organizational controls",
+            "code": "5.9",
+            "label": "Inventory of information and other associated assets",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70"
+        },
+            "category": "Organizational controls",
+            "code": "5.1",
+            "label": "Acceptable use of information and other associated assets",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "95882551-578c-4c0d-afe8-1dff2b251da4"
+        },
+            "category": "Organizational controls",
+            "code": "5.11",
+            "label": "Return of assets",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5"
+        },
+            "category": "Organizational controls",
+            "code": "5.12",
+            "label": "Classification of information",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1"
+        },
+            "category": "Organizational controls",
+            "code": "5.13",
+            "label": "Labelling of information",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd"
+        },
+            "category": "Organizational controls",
+            "code": "5.14",
+            "label": "Information transfer",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79"
+        },
+            "category": "Organizational controls",
+            "code": "5.15",
+            "label": "Access control",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3"
+        },
+            "category": "Organizational controls",
+            "code": "5.16",
+            "label": "Identity management",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626"
+        },
+            "category": "Organizational controls",
+            "code": "5.17",
+            "label": "Authentication information",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3"
+        },
+            "category": "Organizational controls",
+            "code": "5.18",
+            "label": "Access rights",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe"
+        },
+            "category": "Organizational controls",
+            "code": "5.19",
+            "label": "Information security in supplier relationships",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40"
+        },
+            "category": "Organizational controls",
+            "code": "5.2",
+            "label": "Addressing information security within supplier agreements",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0"
+        },
+            "category": "Organizational controls",
+            "code": "5.21",
+            "label": "Managing information security in the ICT supply chain",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7"
+        },
+            "category": "Organizational controls",
+            "code": "5.22",
+            "label": "Monitoring, review and change management of supplier services",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a"
+        },
+            "category": "Organizational controls",
+            "code": "5.23",
+            "label": "Information security for use of cloud services",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d"
+        },
+            "category": "Organizational controls",
+            "code": "5.24",
+            "label": "Information security incident management planning and preparation",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1"
+        },
+            "category": "Organizational controls",
+            "code": "5.25",
+            "label": "Assessment and decision on information security events",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e"
+        },
+            "category": "Organizational controls",
+            "code": "5.26",
+            "label": "Response to information security incidents",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72"
+        },
+            "category": "Organizational controls",
+            "code": "5.27",
+            "label": "Learning from information security incidents",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "1c03c68f-29a0-4606-b99d-072491f53e96"
+        },
+            "category": "Organizational controls",
+            "code": "5.28",
+            "label": "Collection of evidence",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590"
+        },
+            "category": "Organizational controls",
+            "code": "5.29",
+            "label": "Information security during disruption",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2"
+        },
+            "category": "Organizational controls",
+            "code": "5.3",
+            "label": "ICT readiness for business continuity",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8"
+        },
+            "category": "Organizational controls",
+            "code": "5.31",
+            "label": "Legal, statutory, regulatory and contractual requirements",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1"
+        },
+            "category": "Organizational controls",
+            "code": "5.32",
+            "label": "Intellectual property rights",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd"
+        },
+            "category": "Organizational controls",
+            "code": "5.33",
+            "label": "Protection of records",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8"
+        },
+            "category": "Organizational controls",
+            "code": "5.34",
+            "label": "Privacy and protection of PII",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9"
+        },
+            "category": "Organizational controls",
+            "code": "5.35",
+            "label": "Independent review of information security",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9"
+        },
+            "category": "Organizational controls",
+            "code": "5.36",
+            "label": "Compliance with policies, rules and standards for information security",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3"
+        },
+            "category": "Organizational controls",
+            "code": "5.37",
+            "label": "Documented operating procedures",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3"
+        },
+            "category": "People controls",
+            "code": "6.1",
+            "label": "Screening",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37"
+        },
+            "category": "People controls",
+            "code": "6.2",
+            "label": "Terms and conditions of employment",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "83389b64-b080-4625-8e81-05174311e2d8"
+        },
+            "category": "People controls",
+            "code": "6.3",
+            "label": "Information security awareness, education and training",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680"
+        },
+            "category": "People controls",
+            "code": "6.4",
+            "label": "Disciplinary process",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6"
+        },
+            "category": "People controls",
+            "code": "6.5",
+            "label": "Responsibilities after termination or change of employment",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8"
+        },
+            "category": "People controls",
+            "code": "6.6",
+            "label": "Confidentiality or non-disclosure agreements",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6"
+        },
+            "category": "People controls",
+            "code": "6.7",
+            "label": "Remote working",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "276430e7-47c5-461b-a5c4-7b46dae11759"
+        },
+            "category": "People controls",
+            "code": "6.8",
+            "label": "Information security event reporting",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5"
+        },
+            "category": "Physical controls",
+            "code": "7.1",
+            "label": "Physical security perimeters",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "26fbd0ef-28da-4930-850f-8519da290fd4"
+        },
+            "category": "Physical controls",
+            "code": "7.2",
+            "label": "Physical entry",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3"
+        },
+            "category": "Physical controls",
+            "code": "7.3",
+            "label": "Securing offices, rooms and facilities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420"
+        },
+            "category": "Physical controls",
+            "code": "7.4",
+            "label": "Physical security monitoring",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf"
+        },
+            "category": "Physical controls",
+            "code": "7.5",
+            "label": "Protecting against physical and environmental threats",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b"
+        },
+            "category": "Physical controls",
+            "code": "7.6",
+            "label": "Working in secure areas",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268"
+        },
+            "category": "Physical controls",
+            "code": "7.7",
+            "label": "Clear desk and clear screen",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614"
+        },
+            "category": "Physical controls",
+            "code": "7.8",
+            "label": "Equipment siting and protection",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "a3897661-541e-4c4c-9844-2981d8288ec6"
+        },
+            "category": "Physical controls",
+            "code": "7.9",
+            "label": "Security of assets off-premises",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6"
+        },
+            "category": "Physical controls",
+            "code": "7.1",
+            "label": "Storage media",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "1167decd-0e55-4359-8fb2-599c490d89fa"
+        },
+            "category": "Physical controls",
+            "code": "7.11",
+            "label": "Supporting utilities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "fc66f113-3f02-4354-8610-879b5467971a"
+        },
+            "category": "Physical controls",
+            "code": "7.12",
+            "label": "Cabling security",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "00e9c4c9-c718-4834-a312-c08abb03838c"
+        },
+            "category": "Physical controls",
+            "code": "7.13",
+            "label": "Equipment maintenance",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c"
+        },
+            "category": "Physical controls",
+            "code": "7.14",
+            "label": "Secure disposal or re-use of equipment",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33"
+        },
+            "category": "Technological controls",
+            "code": "8.1",
+            "label": "User endpoint devices",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f"
+        },
+            "category": "Technological controls",
+            "code": "8.2",
+            "label": "Privileged access rights",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd"
+        },
+            "category": "Technological controls",
+            "code": "8.3",
+            "label": "Information access restriction",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d"
+        },
+            "category": "Technological controls",
+            "code": "8.4",
+            "label": "Access to source code",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "b56726a8-3883-4893-ae75-2ba555411148"
+        },
+            "category": "Technological controls",
+            "code": "8.5",
+            "label": "Secure authentication",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd"
+        },
+            "category": "Technological controls",
+            "code": "8.6",
+            "label": "Capacity management",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e"
+        },
+            "category": "Technological controls",
+            "code": "8.7",
+            "label": "Protection against malware",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0"
+        },
+            "category": "Technological controls",
+            "code": "8.8",
+            "label": "Management of technical vulnerabilities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d"
+        },
+            "category": "Technological controls",
+            "code": "8.9",
+            "label": "Configuration management",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9"
+        },
+            "category": "Technological controls",
+            "code": "8.1",
+            "label": "Information deletion",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "af8efe54-1e09-44e8-818d-22dc5446b234"
+        },
+            "category": "Technological controls",
+            "code": "8.11",
+            "label": "Data masking",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "082e34b9-5811-485b-a81a-761e79918ebc"
+        },
+            "category": "Technological controls",
+            "code": "8.12",
+            "label": "Data leakage prevention",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6"
+        },
+            "category": "Technological controls",
+            "code": "8.13",
+            "label": "Information backup",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7"
+        },
+            "category": "Technological controls",
+            "code": "8.14",
+            "label": "Redundancy of information processing facilities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4"
+        },
+            "category": "Technological controls",
+            "code": "8.15",
+            "label": "Logging",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029"
+        },
+            "category": "Technological controls",
+            "code": "8.16",
+            "label": "Monitoring activities",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff"
+        },
+            "category": "Technological controls",
+            "code": "8.17",
+            "label": "Clock synchronization",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2"
+        },
+            "category": "Technological controls",
+            "code": "8.18",
+            "label": "Use of privileged utility programs",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "9389f178-57cb-4b52-b464-5b983d10ae90"
+        },
+            "category": "Technological controls",
+            "code": "8.19",
+            "label": "Installation of software on operational systems",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5"
+        },
+            "category": "Technological controls",
+            "code": "8.2",
+            "label": "Networks security",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5"
+        },
+            "category": "Technological controls",
+            "code": "8.21",
+            "label": "Security of network services",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637"
+        },
+            "category": "Technological controls",
+            "code": "8.22",
+            "label": "Segregation of networks",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "6c305573-67ac-488e-882a-8e94e6373355"
+        },
+            "category": "Technological controls",
+            "code": "8.23",
+            "label": "Web filtering",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771"
+        },
+            "category": "Technological controls",
+            "code": "8.24",
+            "label": "Use of cryptography",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9"
+        },
+            "category": "Technological controls",
+            "code": "8.25",
+            "label": "Secure development life cycle",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2"
+        },
+            "category": "Technological controls",
+            "code": "8.26",
+            "label": "Application security requirements",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716"
+        },
+            "category": "Technological controls",
+            "code": "8.27",
+            "label": "Secure system architecture and engineering principles",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "497618e9-e495-42b6-b04e-21801f9c01f7"
+        },
+            "category": "Technological controls",
+            "code": "8.28",
+            "label": "Secure coding",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09"
+        },
+            "category": "Technological controls",
+            "code": "8.29",
+            "label": "Security testing in development and acceptance",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389"
+        },
+            "category": "Technological controls",
+            "code": "8.3",
+            "label": "Outsourced development",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4"
+        },
+            "category": "Technological controls",
+            "code": "8.31",
+            "label": "Separation of development, test and production environments",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb"
+        },
+            "category": "Technological controls",
+            "code": "8.32",
+            "label": "Change management",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a"
+        },
+            "category": "Technological controls",
+            "code": "8.33",
+            "label": "Test information",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5"
+        },
+            "category": "Technological controls",
+            "code": "8.34",
+            "label": "Protection of information systems during audit testing",
+            "referential": "98ca84fb-db87-11e8-ac77-0800279aaa2b",
+            "referential_label": "ISO/IEC 27002 [2022]",
+            "uuid": "744146f1-5a14-43c0-b675-8c2649486f64"
+    ],
+    "version": 1,
+    "version_ext": "ISO/IEC 27002:2013"