Date: Feb 21, 2022, 12:26:21 PM
Date: Feb 21, 2022, 12:37:31 PM
Editor: Juan
Editor: Juan
Name: ISO/IEC 27002 [2022]
Name: ISO/IEC 27002 [2022]
Description: ISO/IEC 27002:2022 controls
Description: ISO/IEC 27002:2022 controls

f1{f1{
2    "authors": [2    "authors": [
3        "CASES Team"3        "CASES Team"
4    ],4    ],
5    "label": "ISO/IEC 27002 [2022]",5    "label": "ISO/IEC 27002 [2022]",
6    "language": "EN",6    "language": "EN",
7    "refs": [7    "refs": [
8        "https://www.iso.org/standard/54533.html"8        "https://www.iso.org/standard/54533.html"
9    ],9    ],
10    "uuid": "831acc76-2bcc-4376-836a-f6b0ee6df568",10    "uuid": "831acc76-2bcc-4376-836a-f6b0ee6df568",
11    "values": [11    "values": [
12        {12        {
13            "category": "Organizational controls",13            "category": "Organizational controls",
14            "code": "5.1",14            "code": "5.1",
15            "label": "Policies for information security",15            "label": "Policies for information security",
16            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",16            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
17            "referential_label": "ISO/IEC 27002 [2022]",17            "referential_label": "ISO/IEC 27002 [2022]",
18            "uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831"18            "uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831"
19        },19        },
20        {20        {
21            "category": "Organizational controls",21            "category": "Organizational controls",
22            "code": "5.2",22            "code": "5.2",
23            "label": "Information security roles and responsibilities",23            "label": "Information security roles and responsibilities",
24            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",24            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
25            "referential_label": "ISO/IEC 27002 [2022]",25            "referential_label": "ISO/IEC 27002 [2022]",
26            "uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5"26            "uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5"
27        },27        },
28        {28        {
29            "category": "Organizational controls",29            "category": "Organizational controls",
30            "code": "5.3",30            "code": "5.3",
31            "label": "Segregation of duties",31            "label": "Segregation of duties",
32            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",32            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
33            "referential_label": "ISO/IEC 27002 [2022]",33            "referential_label": "ISO/IEC 27002 [2022]",
34            "uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252"34            "uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252"
35        },35        },
36        {36        {
37            "category": "Organizational controls",37            "category": "Organizational controls",
38            "code": "5.4",38            "code": "5.4",
39            "label": "Management responsibilities",39            "label": "Management responsibilities",
40            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",40            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
41            "referential_label": "ISO/IEC 27002 [2022]",41            "referential_label": "ISO/IEC 27002 [2022]",
42            "uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f"42            "uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f"
43        },43        },
44        {44        {
45            "category": "Organizational controls",45            "category": "Organizational controls",
46            "code": "5.5",46            "code": "5.5",
47            "label": "Contact with authorities",47            "label": "Contact with authorities",
48            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",48            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
49            "referential_label": "ISO/IEC 27002 [2022]",49            "referential_label": "ISO/IEC 27002 [2022]",
50            "uuid": "7a5c4510-1d09-481b-822d-2d58745d390b"50            "uuid": "7a5c4510-1d09-481b-822d-2d58745d390b"
51        },51        },
52        {52        {
53            "category": "Organizational controls",53            "category": "Organizational controls",
54            "code": "5.6",54            "code": "5.6",
55            "label": "Contact with special interest groups",55            "label": "Contact with special interest groups",
56            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",56            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
57            "referential_label": "ISO/IEC 27002 [2022]",57            "referential_label": "ISO/IEC 27002 [2022]",
58            "uuid": "33aa534c-482a-4503-919c-635ac65d084e"58            "uuid": "33aa534c-482a-4503-919c-635ac65d084e"
59        },59        },
60        {60        {
61            "category": "Organizational controls",61            "category": "Organizational controls",
62            "code": "5.7",62            "code": "5.7",
63            "label": "Threat intelligence",63            "label": "Threat intelligence",
64            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",64            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
65            "referential_label": "ISO/IEC 27002 [2022]",65            "referential_label": "ISO/IEC 27002 [2022]",
66            "uuid": "dca62889-6240-406e-8c94-5f418e7e004e"66            "uuid": "dca62889-6240-406e-8c94-5f418e7e004e"
67        },67        },
68        {68        {
69            "category": "Organizational controls",69            "category": "Organizational controls",
70            "code": "5.8",70            "code": "5.8",
71            "label": "Information security in project management",71            "label": "Information security in project management",
72            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",72            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
73            "referential_label": "ISO/IEC 27002 [2022]",73            "referential_label": "ISO/IEC 27002 [2022]",
74            "uuid": "45d81142-d8b8-45c5-811b-8a636c404af8"74            "uuid": "45d81142-d8b8-45c5-811b-8a636c404af8"
75        },75        },
76        {76        {
77            "category": "Organizational controls",77            "category": "Organizational controls",
78            "code": "5.9",78            "code": "5.9",
79            "label": "Inventory of information and other associated assets",79            "label": "Inventory of information and other associated assets",
80            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",80            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
81            "referential_label": "ISO/IEC 27002 [2022]",81            "referential_label": "ISO/IEC 27002 [2022]",
82            "uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70"82            "uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70"
83        },83        },
84        {84        {
85            "category": "Organizational controls",85            "category": "Organizational controls",
n86            "code": "5.1",n86            "code": "5.10",
87            "label": "Acceptable use of information and other associated assets",87            "label": "Acceptable use of information and other associated assets",
88            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",88            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
89            "referential_label": "ISO/IEC 27002 [2022]",89            "referential_label": "ISO/IEC 27002 [2022]",
90            "uuid": "95882551-578c-4c0d-afe8-1dff2b251da4"90            "uuid": "95882551-578c-4c0d-afe8-1dff2b251da4"
91        },91        },
92        {92        {
93            "category": "Organizational controls",93            "category": "Organizational controls",
94            "code": "5.11",94            "code": "5.11",
95            "label": "Return of assets",95            "label": "Return of assets",
96            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",96            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
97            "referential_label": "ISO/IEC 27002 [2022]",97            "referential_label": "ISO/IEC 27002 [2022]",
98            "uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5"98            "uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5"
99        },99        },
100        {100        {
101            "category": "Organizational controls",101            "category": "Organizational controls",
102            "code": "5.12",102            "code": "5.12",
103            "label": "Classification of information",103            "label": "Classification of information",
104            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",104            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
105            "referential_label": "ISO/IEC 27002 [2022]",105            "referential_label": "ISO/IEC 27002 [2022]",
106            "uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1"106            "uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1"
107        },107        },
108        {108        {
109            "category": "Organizational controls",109            "category": "Organizational controls",
110            "code": "5.13",110            "code": "5.13",
111            "label": "Labelling of information",111            "label": "Labelling of information",
112            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",112            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
113            "referential_label": "ISO/IEC 27002 [2022]",113            "referential_label": "ISO/IEC 27002 [2022]",
114            "uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd"114            "uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd"
115        },115        },
116        {116        {
117            "category": "Organizational controls",117            "category": "Organizational controls",
118            "code": "5.14",118            "code": "5.14",
119            "label": "Information transfer",119            "label": "Information transfer",
120            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",120            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
121            "referential_label": "ISO/IEC 27002 [2022]",121            "referential_label": "ISO/IEC 27002 [2022]",
122            "uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79"122            "uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79"
123        },123        },
124        {124        {
125            "category": "Organizational controls",125            "category": "Organizational controls",
126            "code": "5.15",126            "code": "5.15",
127            "label": "Access control",127            "label": "Access control",
128            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",128            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
129            "referential_label": "ISO/IEC 27002 [2022]",129            "referential_label": "ISO/IEC 27002 [2022]",
130            "uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3"130            "uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3"
131        },131        },
132        {132        {
133            "category": "Organizational controls",133            "category": "Organizational controls",
134            "code": "5.16",134            "code": "5.16",
135            "label": "Identity management",135            "label": "Identity management",
136            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",136            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
137            "referential_label": "ISO/IEC 27002 [2022]",137            "referential_label": "ISO/IEC 27002 [2022]",
138            "uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626"138            "uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626"
139        },139        },
140        {140        {
141            "category": "Organizational controls",141            "category": "Organizational controls",
142            "code": "5.17",142            "code": "5.17",
143            "label": "Authentication information",143            "label": "Authentication information",
144            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",144            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
145            "referential_label": "ISO/IEC 27002 [2022]",145            "referential_label": "ISO/IEC 27002 [2022]",
146            "uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3"146            "uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3"
147        },147        },
148        {148        {
149            "category": "Organizational controls",149            "category": "Organizational controls",
150            "code": "5.18",150            "code": "5.18",
151            "label": "Access rights",151            "label": "Access rights",
152            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",152            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
153            "referential_label": "ISO/IEC 27002 [2022]",153            "referential_label": "ISO/IEC 27002 [2022]",
154            "uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe"154            "uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe"
155        },155        },
156        {156        {
157            "category": "Organizational controls",157            "category": "Organizational controls",
158            "code": "5.19",158            "code": "5.19",
159            "label": "Information security in supplier relationships",159            "label": "Information security in supplier relationships",
160            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",160            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
161            "referential_label": "ISO/IEC 27002 [2022]",161            "referential_label": "ISO/IEC 27002 [2022]",
162            "uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40"162            "uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40"
163        },163        },
164        {164        {
165            "category": "Organizational controls",165            "category": "Organizational controls",
n166            "code": "5.2",n166            "code": "5.20",
167            "label": "Addressing information security within supplier agreements",167            "label": "Addressing information security within supplier agreements",
168            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",168            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
169            "referential_label": "ISO/IEC 27002 [2022]",169            "referential_label": "ISO/IEC 27002 [2022]",
170            "uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0"170            "uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0"
171        },171        },
172        {172        {
173            "category": "Organizational controls",173            "category": "Organizational controls",
174            "code": "5.21",174            "code": "5.21",
175            "label": "Managing information security in the ICT supply chain",175            "label": "Managing information security in the ICT supply chain",
176            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",176            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
177            "referential_label": "ISO/IEC 27002 [2022]",177            "referential_label": "ISO/IEC 27002 [2022]",
178            "uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7"178            "uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7"
179        },179        },
180        {180        {
181            "category": "Organizational controls",181            "category": "Organizational controls",
182            "code": "5.22",182            "code": "5.22",
183            "label": "Monitoring, review and change management of supplier services",183            "label": "Monitoring, review and change management of supplier services",
184            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",184            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
185            "referential_label": "ISO/IEC 27002 [2022]",185            "referential_label": "ISO/IEC 27002 [2022]",
186            "uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a"186            "uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a"
187        },187        },
188        {188        {
189            "category": "Organizational controls",189            "category": "Organizational controls",
190            "code": "5.23",190            "code": "5.23",
191            "label": "Information security for use of cloud services",191            "label": "Information security for use of cloud services",
192            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",192            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
193            "referential_label": "ISO/IEC 27002 [2022]",193            "referential_label": "ISO/IEC 27002 [2022]",
194            "uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d"194            "uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d"
195        },195        },
196        {196        {
197            "category": "Organizational controls",197            "category": "Organizational controls",
198            "code": "5.24",198            "code": "5.24",
199            "label": "Information security incident management planning and preparation",199            "label": "Information security incident management planning and preparation",
200            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",200            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
201            "referential_label": "ISO/IEC 27002 [2022]",201            "referential_label": "ISO/IEC 27002 [2022]",
202            "uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1"202            "uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1"
203        },203        },
204        {204        {
205            "category": "Organizational controls",205            "category": "Organizational controls",
206            "code": "5.25",206            "code": "5.25",
207            "label": "Assessment and decision on information security events",207            "label": "Assessment and decision on information security events",
208            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",208            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
209            "referential_label": "ISO/IEC 27002 [2022]",209            "referential_label": "ISO/IEC 27002 [2022]",
210            "uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e"210            "uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e"
211        },211        },
212        {212        {
213            "category": "Organizational controls",213            "category": "Organizational controls",
214            "code": "5.26",214            "code": "5.26",
215            "label": "Response to information security incidents",215            "label": "Response to information security incidents",
216            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",216            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
217            "referential_label": "ISO/IEC 27002 [2022]",217            "referential_label": "ISO/IEC 27002 [2022]",
218            "uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72"218            "uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72"
219        },219        },
220        {220        {
221            "category": "Organizational controls",221            "category": "Organizational controls",
222            "code": "5.27",222            "code": "5.27",
223            "label": "Learning from information security incidents",223            "label": "Learning from information security incidents",
224            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",224            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
225            "referential_label": "ISO/IEC 27002 [2022]",225            "referential_label": "ISO/IEC 27002 [2022]",
226            "uuid": "1c03c68f-29a0-4606-b99d-072491f53e96"226            "uuid": "1c03c68f-29a0-4606-b99d-072491f53e96"
227        },227        },
228        {228        {
229            "category": "Organizational controls",229            "category": "Organizational controls",
230            "code": "5.28",230            "code": "5.28",
231            "label": "Collection of evidence",231            "label": "Collection of evidence",
232            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",232            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
233            "referential_label": "ISO/IEC 27002 [2022]",233            "referential_label": "ISO/IEC 27002 [2022]",
234            "uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590"234            "uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590"
235        },235        },
236        {236        {
237            "category": "Organizational controls",237            "category": "Organizational controls",
238            "code": "5.29",238            "code": "5.29",
239            "label": "Information security during disruption",239            "label": "Information security during disruption",
240            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",240            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
241            "referential_label": "ISO/IEC 27002 [2022]",241            "referential_label": "ISO/IEC 27002 [2022]",
242            "uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2"242            "uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2"
243        },243        },
244        {244        {
245            "category": "Organizational controls",245            "category": "Organizational controls",
n246            "code": "5.3",n246            "code": "5.30",
247            "label": "ICT readiness for business continuity",247            "label": "ICT readiness for business continuity",
248            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",248            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
249            "referential_label": "ISO/IEC 27002 [2022]",249            "referential_label": "ISO/IEC 27002 [2022]",
250            "uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8"250            "uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8"
251        },251        },
252        {252        {
253            "category": "Organizational controls",253            "category": "Organizational controls",
254            "code": "5.31",254            "code": "5.31",
255            "label": "Legal, statutory, regulatory and contractual requirements",255            "label": "Legal, statutory, regulatory and contractual requirements",
256            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",256            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
257            "referential_label": "ISO/IEC 27002 [2022]",257            "referential_label": "ISO/IEC 27002 [2022]",
258            "uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1"258            "uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1"
259        },259        },
260        {260        {
261            "category": "Organizational controls",261            "category": "Organizational controls",
262            "code": "5.32",262            "code": "5.32",
263            "label": "Intellectual property rights",263            "label": "Intellectual property rights",
264            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",264            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
265            "referential_label": "ISO/IEC 27002 [2022]",265            "referential_label": "ISO/IEC 27002 [2022]",
266            "uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd"266            "uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd"
267        },267        },
268        {268        {
269            "category": "Organizational controls",269            "category": "Organizational controls",
270            "code": "5.33",270            "code": "5.33",
271            "label": "Protection of records",271            "label": "Protection of records",
272            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",272            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
273            "referential_label": "ISO/IEC 27002 [2022]",273            "referential_label": "ISO/IEC 27002 [2022]",
274            "uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8"274            "uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8"
275        },275        },
276        {276        {
277            "category": "Organizational controls",277            "category": "Organizational controls",
278            "code": "5.34",278            "code": "5.34",
279            "label": "Privacy and protection of PII",279            "label": "Privacy and protection of PII",
280            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",280            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
281            "referential_label": "ISO/IEC 27002 [2022]",281            "referential_label": "ISO/IEC 27002 [2022]",
282            "uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9"282            "uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9"
283        },283        },
284        {284        {
285            "category": "Organizational controls",285            "category": "Organizational controls",
286            "code": "5.35",286            "code": "5.35",
287            "label": "Independent review of information security",287            "label": "Independent review of information security",
288            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",288            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
289            "referential_label": "ISO/IEC 27002 [2022]",289            "referential_label": "ISO/IEC 27002 [2022]",
290            "uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9"290            "uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9"
291        },291        },
292        {292        {
293            "category": "Organizational controls",293            "category": "Organizational controls",
294            "code": "5.36",294            "code": "5.36",
295            "label": "Compliance with policies, rules and standards for information security",295            "label": "Compliance with policies, rules and standards for information security",
296            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",296            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
297            "referential_label": "ISO/IEC 27002 [2022]",297            "referential_label": "ISO/IEC 27002 [2022]",
298            "uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3"298            "uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3"
299        },299        },
300        {300        {
301            "category": "Organizational controls",301            "category": "Organizational controls",
302            "code": "5.37",302            "code": "5.37",
303            "label": "Documented operating procedures",303            "label": "Documented operating procedures",
304            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",304            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
305            "referential_label": "ISO/IEC 27002 [2022]",305            "referential_label": "ISO/IEC 27002 [2022]",
306            "uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3"306            "uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3"
307        },307        },
308        {308        {
309            "category": "People controls",309            "category": "People controls",
310            "code": "6.1",310            "code": "6.1",
311            "label": "Screening",311            "label": "Screening",
312            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",312            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
313            "referential_label": "ISO/IEC 27002 [2022]",313            "referential_label": "ISO/IEC 27002 [2022]",
314            "uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37"314            "uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37"
315        },315        },
316        {316        {
317            "category": "People controls",317            "category": "People controls",
318            "code": "6.2",318            "code": "6.2",
319            "label": "Terms and conditions of employment",319            "label": "Terms and conditions of employment",
320            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",320            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
321            "referential_label": "ISO/IEC 27002 [2022]",321            "referential_label": "ISO/IEC 27002 [2022]",
322            "uuid": "83389b64-b080-4625-8e81-05174311e2d8"322            "uuid": "83389b64-b080-4625-8e81-05174311e2d8"
323        },323        },
324        {324        {
325            "category": "People controls",325            "category": "People controls",
326            "code": "6.3",326            "code": "6.3",
327            "label": "Information security awareness, education and training",327            "label": "Information security awareness, education and training",
328            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",328            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
329            "referential_label": "ISO/IEC 27002 [2022]",329            "referential_label": "ISO/IEC 27002 [2022]",
330            "uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680"330            "uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680"
331        },331        },
332        {332        {
333            "category": "People controls",333            "category": "People controls",
334            "code": "6.4",334            "code": "6.4",
335            "label": "Disciplinary process",335            "label": "Disciplinary process",
336            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",336            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
337            "referential_label": "ISO/IEC 27002 [2022]",337            "referential_label": "ISO/IEC 27002 [2022]",
338            "uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6"338            "uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6"
339        },339        },
340        {340        {
341            "category": "People controls",341            "category": "People controls",
342            "code": "6.5",342            "code": "6.5",
343            "label": "Responsibilities after termination or change of employment",343            "label": "Responsibilities after termination or change of employment",
344            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",344            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
345            "referential_label": "ISO/IEC 27002 [2022]",345            "referential_label": "ISO/IEC 27002 [2022]",
346            "uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8"346            "uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8"
347        },347        },
348        {348        {
349            "category": "People controls",349            "category": "People controls",
350            "code": "6.6",350            "code": "6.6",
351            "label": "Confidentiality or non-disclosure agreements",351            "label": "Confidentiality or non-disclosure agreements",
352            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",352            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
353            "referential_label": "ISO/IEC 27002 [2022]",353            "referential_label": "ISO/IEC 27002 [2022]",
354            "uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6"354            "uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6"
355        },355        },
356        {356        {
357            "category": "People controls",357            "category": "People controls",
358            "code": "6.7",358            "code": "6.7",
359            "label": "Remote working",359            "label": "Remote working",
360            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",360            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
361            "referential_label": "ISO/IEC 27002 [2022]",361            "referential_label": "ISO/IEC 27002 [2022]",
362            "uuid": "276430e7-47c5-461b-a5c4-7b46dae11759"362            "uuid": "276430e7-47c5-461b-a5c4-7b46dae11759"
363        },363        },
364        {364        {
365            "category": "People controls",365            "category": "People controls",
366            "code": "6.8",366            "code": "6.8",
367            "label": "Information security event reporting",367            "label": "Information security event reporting",
368            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",368            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
369            "referential_label": "ISO/IEC 27002 [2022]",369            "referential_label": "ISO/IEC 27002 [2022]",
370            "uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5"370            "uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5"
371        },371        },
372        {372        {
373            "category": "Physical controls",373            "category": "Physical controls",
374            "code": "7.1",374            "code": "7.1",
375            "label": "Physical security perimeters",375            "label": "Physical security perimeters",
376            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",376            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
377            "referential_label": "ISO/IEC 27002 [2022]",377            "referential_label": "ISO/IEC 27002 [2022]",
378            "uuid": "26fbd0ef-28da-4930-850f-8519da290fd4"378            "uuid": "26fbd0ef-28da-4930-850f-8519da290fd4"
379        },379        },
380        {380        {
381            "category": "Physical controls",381            "category": "Physical controls",
382            "code": "7.2",382            "code": "7.2",
383            "label": "Physical entry",383            "label": "Physical entry",
384            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",384            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
385            "referential_label": "ISO/IEC 27002 [2022]",385            "referential_label": "ISO/IEC 27002 [2022]",
386            "uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3"386            "uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3"
387        },387        },
388        {388        {
389            "category": "Physical controls",389            "category": "Physical controls",
390            "code": "7.3",390            "code": "7.3",
391            "label": "Securing offices, rooms and facilities",391            "label": "Securing offices, rooms and facilities",
392            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",392            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
393            "referential_label": "ISO/IEC 27002 [2022]",393            "referential_label": "ISO/IEC 27002 [2022]",
394            "uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420"394            "uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420"
395        },395        },
396        {396        {
397            "category": "Physical controls",397            "category": "Physical controls",
398            "code": "7.4",398            "code": "7.4",
399            "label": "Physical security monitoring",399            "label": "Physical security monitoring",
400            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",400            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
401            "referential_label": "ISO/IEC 27002 [2022]",401            "referential_label": "ISO/IEC 27002 [2022]",
402            "uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf"402            "uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf"
403        },403        },
404        {404        {
405            "category": "Physical controls",405            "category": "Physical controls",
406            "code": "7.5",406            "code": "7.5",
407            "label": "Protecting against physical and environmental threats",407            "label": "Protecting against physical and environmental threats",
408            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",408            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
409            "referential_label": "ISO/IEC 27002 [2022]",409            "referential_label": "ISO/IEC 27002 [2022]",
410            "uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b"410            "uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b"
411        },411        },
412        {412        {
413            "category": "Physical controls",413            "category": "Physical controls",
414            "code": "7.6",414            "code": "7.6",
415            "label": "Working in secure areas",415            "label": "Working in secure areas",
416            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",416            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
417            "referential_label": "ISO/IEC 27002 [2022]",417            "referential_label": "ISO/IEC 27002 [2022]",
418            "uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268"418            "uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268"
419        },419        },
420        {420        {
421            "category": "Physical controls",421            "category": "Physical controls",
422            "code": "7.7",422            "code": "7.7",
423            "label": "Clear desk and clear screen",423            "label": "Clear desk and clear screen",
424            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",424            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
425            "referential_label": "ISO/IEC 27002 [2022]",425            "referential_label": "ISO/IEC 27002 [2022]",
426            "uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614"426            "uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614"
427        },427        },
428        {428        {
429            "category": "Physical controls",429            "category": "Physical controls",
430            "code": "7.8",430            "code": "7.8",
431            "label": "Equipment siting and protection",431            "label": "Equipment siting and protection",
432            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",432            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
433            "referential_label": "ISO/IEC 27002 [2022]",433            "referential_label": "ISO/IEC 27002 [2022]",
434            "uuid": "a3897661-541e-4c4c-9844-2981d8288ec6"434            "uuid": "a3897661-541e-4c4c-9844-2981d8288ec6"
435        },435        },
436        {436        {
437            "category": "Physical controls",437            "category": "Physical controls",
438            "code": "7.9",438            "code": "7.9",
439            "label": "Security of assets off-premises",439            "label": "Security of assets off-premises",
440            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",440            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
441            "referential_label": "ISO/IEC 27002 [2022]",441            "referential_label": "ISO/IEC 27002 [2022]",
442            "uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6"442            "uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6"
443        },443        },
444        {444        {
445            "category": "Physical controls",445            "category": "Physical controls",
n446            "code": "7.1",n446            "code": "7.10",
447            "label": "Storage media",447            "label": "Storage media",
448            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",448            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
449            "referential_label": "ISO/IEC 27002 [2022]",449            "referential_label": "ISO/IEC 27002 [2022]",
450            "uuid": "1167decd-0e55-4359-8fb2-599c490d89fa"450            "uuid": "1167decd-0e55-4359-8fb2-599c490d89fa"
451        },451        },
452        {452        {
453            "category": "Physical controls",453            "category": "Physical controls",
454            "code": "7.11",454            "code": "7.11",
455            "label": "Supporting utilities",455            "label": "Supporting utilities",
456            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",456            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
457            "referential_label": "ISO/IEC 27002 [2022]",457            "referential_label": "ISO/IEC 27002 [2022]",
458            "uuid": "fc66f113-3f02-4354-8610-879b5467971a"458            "uuid": "fc66f113-3f02-4354-8610-879b5467971a"
459        },459        },
460        {460        {
461            "category": "Physical controls",461            "category": "Physical controls",
462            "code": "7.12",462            "code": "7.12",
463            "label": "Cabling security",463            "label": "Cabling security",
464            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",464            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
465            "referential_label": "ISO/IEC 27002 [2022]",465            "referential_label": "ISO/IEC 27002 [2022]",
466            "uuid": "00e9c4c9-c718-4834-a312-c08abb03838c"466            "uuid": "00e9c4c9-c718-4834-a312-c08abb03838c"
467        },467        },
468        {468        {
469            "category": "Physical controls",469            "category": "Physical controls",
470            "code": "7.13",470            "code": "7.13",
471            "label": "Equipment maintenance",471            "label": "Equipment maintenance",
472            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",472            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
473            "referential_label": "ISO/IEC 27002 [2022]",473            "referential_label": "ISO/IEC 27002 [2022]",
474            "uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c"474            "uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c"
475        },475        },
476        {476        {
477            "category": "Physical controls",477            "category": "Physical controls",
478            "code": "7.14",478            "code": "7.14",
479            "label": "Secure disposal or re-use of equipment",479            "label": "Secure disposal or re-use of equipment",
480            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",480            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
481            "referential_label": "ISO/IEC 27002 [2022]",481            "referential_label": "ISO/IEC 27002 [2022]",
482            "uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33"482            "uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33"
483        },483        },
484        {484        {
485            "category": "Technological controls",485            "category": "Technological controls",
486            "code": "8.1",486            "code": "8.1",
487            "label": "User endpoint devices",487            "label": "User endpoint devices",
488            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",488            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
489            "referential_label": "ISO/IEC 27002 [2022]",489            "referential_label": "ISO/IEC 27002 [2022]",
490            "uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f"490            "uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f"
491        },491        },
492        {492        {
493            "category": "Technological controls",493            "category": "Technological controls",
494            "code": "8.2",494            "code": "8.2",
495            "label": "Privileged access rights",495            "label": "Privileged access rights",
496            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",496            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
497            "referential_label": "ISO/IEC 27002 [2022]",497            "referential_label": "ISO/IEC 27002 [2022]",
498            "uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd"498            "uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd"
499        },499        },
500        {500        {
501            "category": "Technological controls",501            "category": "Technological controls",
502            "code": "8.3",502            "code": "8.3",
503            "label": "Information access restriction",503            "label": "Information access restriction",
504            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",504            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
505            "referential_label": "ISO/IEC 27002 [2022]",505            "referential_label": "ISO/IEC 27002 [2022]",
506            "uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d"506            "uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d"
507        },507        },
508        {508        {
509            "category": "Technological controls",509            "category": "Technological controls",
510            "code": "8.4",510            "code": "8.4",
511            "label": "Access to source code",511            "label": "Access to source code",
512            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",512            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
513            "referential_label": "ISO/IEC 27002 [2022]",513            "referential_label": "ISO/IEC 27002 [2022]",
514            "uuid": "b56726a8-3883-4893-ae75-2ba555411148"514            "uuid": "b56726a8-3883-4893-ae75-2ba555411148"
515        },515        },
516        {516        {
517            "category": "Technological controls",517            "category": "Technological controls",
518            "code": "8.5",518            "code": "8.5",
519            "label": "Secure authentication",519            "label": "Secure authentication",
520            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",520            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
521            "referential_label": "ISO/IEC 27002 [2022]",521            "referential_label": "ISO/IEC 27002 [2022]",
522            "uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd"522            "uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd"
523        },523        },
524        {524        {
525            "category": "Technological controls",525            "category": "Technological controls",
526            "code": "8.6",526            "code": "8.6",
527            "label": "Capacity management",527            "label": "Capacity management",
528            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",528            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
529            "referential_label": "ISO/IEC 27002 [2022]",529            "referential_label": "ISO/IEC 27002 [2022]",
530            "uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e"530            "uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e"
531        },531        },
532        {532        {
533            "category": "Technological controls",533            "category": "Technological controls",
534            "code": "8.7",534            "code": "8.7",
535            "label": "Protection against malware",535            "label": "Protection against malware",
536            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",536            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
537            "referential_label": "ISO/IEC 27002 [2022]",537            "referential_label": "ISO/IEC 27002 [2022]",
538            "uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0"538            "uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0"
539        },539        },
540        {540        {
541            "category": "Technological controls",541            "category": "Technological controls",
542            "code": "8.8",542            "code": "8.8",
543            "label": "Management of technical vulnerabilities",543            "label": "Management of technical vulnerabilities",
544            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",544            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
545            "referential_label": "ISO/IEC 27002 [2022]",545            "referential_label": "ISO/IEC 27002 [2022]",
546            "uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d"546            "uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d"
547        },547        },
548        {548        {
549            "category": "Technological controls",549            "category": "Technological controls",
550            "code": "8.9",550            "code": "8.9",
551            "label": "Configuration management",551            "label": "Configuration management",
552            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",552            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
553            "referential_label": "ISO/IEC 27002 [2022]",553            "referential_label": "ISO/IEC 27002 [2022]",
554            "uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9"554            "uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9"
555        },555        },
556        {556        {
557            "category": "Technological controls",557            "category": "Technological controls",
n558            "code": "8.1",n558            "code": "8.10",
559            "label": "Information deletion",559            "label": "Information deletion",
560            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",560            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
561            "referential_label": "ISO/IEC 27002 [2022]",561            "referential_label": "ISO/IEC 27002 [2022]",
562            "uuid": "af8efe54-1e09-44e8-818d-22dc5446b234"562            "uuid": "af8efe54-1e09-44e8-818d-22dc5446b234"
563        },563        },
564        {564        {
565            "category": "Technological controls",565            "category": "Technological controls",
566            "code": "8.11",566            "code": "8.11",
567            "label": "Data masking",567            "label": "Data masking",
568            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",568            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
569            "referential_label": "ISO/IEC 27002 [2022]",569            "referential_label": "ISO/IEC 27002 [2022]",
570            "uuid": "082e34b9-5811-485b-a81a-761e79918ebc"570            "uuid": "082e34b9-5811-485b-a81a-761e79918ebc"
571        },571        },
572        {572        {
573            "category": "Technological controls",573            "category": "Technological controls",
574            "code": "8.12",574            "code": "8.12",
575            "label": "Data leakage prevention",575            "label": "Data leakage prevention",
576            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",576            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
577            "referential_label": "ISO/IEC 27002 [2022]",577            "referential_label": "ISO/IEC 27002 [2022]",
578            "uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6"578            "uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6"
579        },579        },
580        {580        {
581            "category": "Technological controls",581            "category": "Technological controls",
582            "code": "8.13",582            "code": "8.13",
583            "label": "Information backup",583            "label": "Information backup",
584            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",584            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
585            "referential_label": "ISO/IEC 27002 [2022]",585            "referential_label": "ISO/IEC 27002 [2022]",
586            "uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7"586            "uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7"
587        },587        },
588        {588        {
589            "category": "Technological controls",589            "category": "Technological controls",
590            "code": "8.14",590            "code": "8.14",
591            "label": "Redundancy of information processing facilities",591            "label": "Redundancy of information processing facilities",
592            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",592            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
593            "referential_label": "ISO/IEC 27002 [2022]",593            "referential_label": "ISO/IEC 27002 [2022]",
594            "uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4"594            "uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4"
595        },595        },
596        {596        {
597            "category": "Technological controls",597            "category": "Technological controls",
598            "code": "8.15",598            "code": "8.15",
599            "label": "Logging",599            "label": "Logging",
600            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",600            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
601            "referential_label": "ISO/IEC 27002 [2022]",601            "referential_label": "ISO/IEC 27002 [2022]",
602            "uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029"602            "uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029"
603        },603        },
604        {604        {
605            "category": "Technological controls",605            "category": "Technological controls",
606            "code": "8.16",606            "code": "8.16",
607            "label": "Monitoring activities",607            "label": "Monitoring activities",
608            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",608            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
609            "referential_label": "ISO/IEC 27002 [2022]",609            "referential_label": "ISO/IEC 27002 [2022]",
610            "uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff"610            "uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff"
611        },611        },
612        {612        {
613            "category": "Technological controls",613            "category": "Technological controls",
614            "code": "8.17",614            "code": "8.17",
615            "label": "Clock synchronization",615            "label": "Clock synchronization",
616            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",616            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
617            "referential_label": "ISO/IEC 27002 [2022]",617            "referential_label": "ISO/IEC 27002 [2022]",
618            "uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2"618            "uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2"
619        },619        },
620        {620        {
621            "category": "Technological controls",621            "category": "Technological controls",
622            "code": "8.18",622            "code": "8.18",
623            "label": "Use of privileged utility programs",623            "label": "Use of privileged utility programs",
624            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",624            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
625            "referential_label": "ISO/IEC 27002 [2022]",625            "referential_label": "ISO/IEC 27002 [2022]",
626            "uuid": "9389f178-57cb-4b52-b464-5b983d10ae90"626            "uuid": "9389f178-57cb-4b52-b464-5b983d10ae90"
627        },627        },
628        {628        {
629            "category": "Technological controls",629            "category": "Technological controls",
630            "code": "8.19",630            "code": "8.19",
631            "label": "Installation of software on operational systems",631            "label": "Installation of software on operational systems",
632            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",632            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
633            "referential_label": "ISO/IEC 27002 [2022]",633            "referential_label": "ISO/IEC 27002 [2022]",
634            "uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5"634            "uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5"
635        },635        },
636        {636        {
637            "category": "Technological controls",637            "category": "Technological controls",
n638            "code": "8.2",n638            "code": "8.20",
639            "label": "Networks security",639            "label": "Networks security",
640            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",640            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
641            "referential_label": "ISO/IEC 27002 [2022]",641            "referential_label": "ISO/IEC 27002 [2022]",
642            "uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5"642            "uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5"
643        },643        },
644        {644        {
645            "category": "Technological controls",645            "category": "Technological controls",
646            "code": "8.21",646            "code": "8.21",
647            "label": "Security of network services",647            "label": "Security of network services",
648            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",648            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
649            "referential_label": "ISO/IEC 27002 [2022]",649            "referential_label": "ISO/IEC 27002 [2022]",
650            "uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637"650            "uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637"
651        },651        },
652        {652        {
653            "category": "Technological controls",653            "category": "Technological controls",
654            "code": "8.22",654            "code": "8.22",
655            "label": "Segregation of networks",655            "label": "Segregation of networks",
656            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",656            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
657            "referential_label": "ISO/IEC 27002 [2022]",657            "referential_label": "ISO/IEC 27002 [2022]",
658            "uuid": "6c305573-67ac-488e-882a-8e94e6373355"658            "uuid": "6c305573-67ac-488e-882a-8e94e6373355"
659        },659        },
660        {660        {
661            "category": "Technological controls",661            "category": "Technological controls",
662            "code": "8.23",662            "code": "8.23",
663            "label": "Web filtering",663            "label": "Web filtering",
664            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",664            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
665            "referential_label": "ISO/IEC 27002 [2022]",665            "referential_label": "ISO/IEC 27002 [2022]",
666            "uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771"666            "uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771"
667        },667        },
668        {668        {
669            "category": "Technological controls",669            "category": "Technological controls",
670            "code": "8.24",670            "code": "8.24",
671            "label": "Use of cryptography",671            "label": "Use of cryptography",
672            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",672            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
673            "referential_label": "ISO/IEC 27002 [2022]",673            "referential_label": "ISO/IEC 27002 [2022]",
674            "uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9"674            "uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9"
675        },675        },
676        {676        {
677            "category": "Technological controls",677            "category": "Technological controls",
678            "code": "8.25",678            "code": "8.25",
679            "label": "Secure development life cycle",679            "label": "Secure development life cycle",
680            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",680            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
681            "referential_label": "ISO/IEC 27002 [2022]",681            "referential_label": "ISO/IEC 27002 [2022]",
682            "uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2"682            "uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2"
683        },683        },
684        {684        {
685            "category": "Technological controls",685            "category": "Technological controls",
686            "code": "8.26",686            "code": "8.26",
687            "label": "Application security requirements",687            "label": "Application security requirements",
688            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",688            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
689            "referential_label": "ISO/IEC 27002 [2022]",689            "referential_label": "ISO/IEC 27002 [2022]",
690            "uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716"690            "uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716"
691        },691        },
692        {692        {
693            "category": "Technological controls",693            "category": "Technological controls",
694            "code": "8.27",694            "code": "8.27",
695            "label": "Secure system architecture and engineering principles",695            "label": "Secure system architecture and engineering principles",
696            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",696            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
697            "referential_label": "ISO/IEC 27002 [2022]",697            "referential_label": "ISO/IEC 27002 [2022]",
698            "uuid": "497618e9-e495-42b6-b04e-21801f9c01f7"698            "uuid": "497618e9-e495-42b6-b04e-21801f9c01f7"
699        },699        },
700        {700        {
701            "category": "Technological controls",701            "category": "Technological controls",
702            "code": "8.28",702            "code": "8.28",
703            "label": "Secure coding",703            "label": "Secure coding",
704            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",704            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
705            "referential_label": "ISO/IEC 27002 [2022]",705            "referential_label": "ISO/IEC 27002 [2022]",
706            "uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09"706            "uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09"
707        },707        },
708        {708        {
709            "category": "Technological controls",709            "category": "Technological controls",
710            "code": "8.29",710            "code": "8.29",
711            "label": "Security testing in development and acceptance",711            "label": "Security testing in development and acceptance",
712            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",712            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
713            "referential_label": "ISO/IEC 27002 [2022]",713            "referential_label": "ISO/IEC 27002 [2022]",
714            "uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389"714            "uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389"
715        },715        },
716        {716        {
717            "category": "Technological controls",717            "category": "Technological controls",
t718            "code": "8.3",t718            "code": "8.30",
719            "label": "Outsourced development",719            "label": "Outsourced development",
720            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",720            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
721            "referential_label": "ISO/IEC 27002 [2022]",721            "referential_label": "ISO/IEC 27002 [2022]",
722            "uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4"722            "uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4"
723        },723        },
724        {724        {
725            "category": "Technological controls",725            "category": "Technological controls",
726            "code": "8.31",726            "code": "8.31",
727            "label": "Separation of development, test and production environments",727            "label": "Separation of development, test and production environments",
728            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",728            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
729            "referential_label": "ISO/IEC 27002 [2022]",729            "referential_label": "ISO/IEC 27002 [2022]",
730            "uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb"730            "uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb"
731        },731        },
732        {732        {
733            "category": "Technological controls",733            "category": "Technological controls",
734            "code": "8.32",734            "code": "8.32",
735            "label": "Change management",735            "label": "Change management",
736            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",736            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
737            "referential_label": "ISO/IEC 27002 [2022]",737            "referential_label": "ISO/IEC 27002 [2022]",
738            "uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a"738            "uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a"
739        },739        },
740        {740        {
741            "category": "Technological controls",741            "category": "Technological controls",
742            "code": "8.33",742            "code": "8.33",
743            "label": "Test information",743            "label": "Test information",
744            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",744            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
745            "referential_label": "ISO/IEC 27002 [2022]",745            "referential_label": "ISO/IEC 27002 [2022]",
746            "uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5"746            "uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5"
747        },747        },
748        {748        {
749            "category": "Technological controls",749            "category": "Technological controls",
750            "code": "8.34",750            "code": "8.34",
751            "label": "Protection of information systems during audit testing",751            "label": "Protection of information systems during audit testing",
752            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",752            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
753            "referential_label": "ISO/IEC 27002 [2022]",753            "referential_label": "ISO/IEC 27002 [2022]",
754            "uuid": "744146f1-5a14-43c0-b675-8c2649486f64"754            "uuid": "744146f1-5a14-43c0-b675-8c2649486f64"
755        }755        }
756    ],756    ],
757    "version": 1,757    "version": 1,
758    "version_ext": "ISO/IEC 27002:2013"758    "version_ext": "ISO/IEC 27002:2013"
759}759}