Updated
Feb 21, 2022, 11:58:19 AM
Name
ISO/IEC 27002 [2022]
Description
ISO/IEC 27002:2022 controls

{
    "authors": [
        "CASES Team"
    ],
    "label": "ISO/IEC 27002 [2022]",
    "language": "EN",
    "refs": [
        "https://www.iso.org/standard/54533.html"
    ],
    "uuid": "831acc76-2bcc-4376-836a-f6b0ee6df568",
    "values": [
        {
            "category": "Organizational controls",
            "code": "5.1",
            "label": "Policies for information security",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831"
        },
        {
            "category": "Organizational controls",
            "code": "5.2",
            "label": "Information security roles and responsibilities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5"
        },
        {
            "category": "Organizational controls",
            "code": "5.3",
            "label": "Segregation of duties",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252"
        },
        {
            "category": "Organizational controls",
            "code": "5.4",
            "label": "Management responsibilities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f"
        },
        {
            "category": "Organizational controls",
            "code": "5.5",
            "label": "Contact with authorities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "7a5c4510-1d09-481b-822d-2d58745d390b"
        },
        {
            "category": "Organizational controls",
            "code": "5.6",
            "label": "Contact with special interest groups",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "33aa534c-482a-4503-919c-635ac65d084e"
        },
        {
            "category": "Organizational controls",
            "code": "5.7",
            "label": "Threat intelligence",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "dca62889-6240-406e-8c94-5f418e7e004e"
        },
        {
            "category": "Organizational controls",
            "code": "5.8",
            "label": "Information security in project management",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "45d81142-d8b8-45c5-811b-8a636c404af8"
        },
        {
            "category": "Organizational controls",
            "code": "5.9",
            "label": "Inventory of information and other associated assets",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70"
        },
        {
            "category": "Organizational controls",
            "code": "5.1",
            "label": "Acceptable use of information and other associated assets",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "95882551-578c-4c0d-afe8-1dff2b251da4"
        },
        {
            "category": "Organizational controls",
            "code": "5.11",
            "label": "Return of assets",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5"
        },
        {
            "category": "Organizational controls",
            "code": "5.12",
            "label": "Classification of information",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1"
        },
        {
            "category": "Organizational controls",
            "code": "5.13",
            "label": "Labelling of information",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd"
        },
        {
            "category": "Organizational controls",
            "code": "5.14",
            "label": "Information transfer",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79"
        },
        {
            "category": "Organizational controls",
            "code": "5.15",
            "label": "Access control",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3"
        },
        {
            "category": "Organizational controls",
            "code": "5.16",
            "label": "Identity management",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626"
        },
        {
            "category": "Organizational controls",
            "code": "5.17",
            "label": "Authentication information",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3"
        },
        {
            "category": "Organizational controls",
            "code": "5.18",
            "label": "Access rights",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe"
        },
        {
            "category": "Organizational controls",
            "code": "5.19",
            "label": "Information security in supplier relationships",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40"
        },
        {
            "category": "Organizational controls",
            "code": "5.2",
            "label": "Addressing information security within supplier agreements",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0"
        },
        {
            "category": "Organizational controls",
            "code": "5.21",
            "label": "Managing information security in the ICT supply chain",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7"
        },
        {
            "category": "Organizational controls",
            "code": "5.22",
            "label": "Monitoring, review and change management of supplier services",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a"
        },
        {
            "category": "Organizational controls",
            "code": "5.23",
            "label": "Information security for use of cloud services",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d"
        },
        {
            "category": "Organizational controls",
            "code": "5.24",
            "label": "Information security incident management planning and preparation",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1"
        },
        {
            "category": "Organizational controls",
            "code": "5.25",
            "label": "Assessment and decision on information security events",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e"
        },
        {
            "category": "Organizational controls",
            "code": "5.26",
            "label": "Response to information security incidents",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72"
        },
        {
            "category": "Organizational controls",
            "code": "5.27",
            "label": "Learning from information security incidents",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "1c03c68f-29a0-4606-b99d-072491f53e96"
        },
        {
            "category": "Organizational controls",
            "code": "5.28",
            "label": "Collection of evidence",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590"
        },
        {
            "category": "Organizational controls",
            "code": "5.29",
            "label": "Information security during disruption",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2"
        },
        {
            "category": "Organizational controls",
            "code": "5.3",
            "label": "ICT readiness for business continuity",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8"
        },
        {
            "category": "Organizational controls",
            "code": "5.31",
            "label": "Legal, statutory, regulatory and contractual requirements",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1"
        },
        {
            "category": "Organizational controls",
            "code": "5.32",
            "label": "Intellectual property rights",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd"
        },
        {
            "category": "Organizational controls",
            "code": "5.33",
            "label": "Protection of records",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8"
        },
        {
            "category": "Organizational controls",
            "code": "5.34",
            "label": "Privacy and protection of PII",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9"
        },
        {
            "category": "Organizational controls",
            "code": "5.35",
            "label": "Independent review of information security",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9"
        },
        {
            "category": "Organizational controls",
            "code": "5.36",
            "label": "Compliance with policies, rules and standards for information security",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3"
        },
        {
            "category": "Organizational controls",
            "code": "5.37",
            "label": "Documented operating procedures",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3"
        },
        {
            "category": "People controls",
            "code": "6.1",
            "label": "Screening",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37"
        },
        {
            "category": "People controls",
            "code": "6.2",
            "label": "Terms and conditions of employment",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "83389b64-b080-4625-8e81-05174311e2d8"
        },
        {
            "category": "People controls",
            "code": "6.3",
            "label": "Information security awareness, education and training",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680"
        },
        {
            "category": "People controls",
            "code": "6.4",
            "label": "Disciplinary process",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6"
        },
        {
            "category": "People controls",
            "code": "6.5",
            "label": "Responsibilities after termination or change of employment",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8"
        },
        {
            "category": "People controls",
            "code": "6.6",
            "label": "Confidentiality or non-disclosure agreements",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6"
        },
        {
            "category": "People controls",
            "code": "6.7",
            "label": "Remote working",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "276430e7-47c5-461b-a5c4-7b46dae11759"
        },
        {
            "category": "People controls",
            "code": "6.8",
            "label": "Information security event reporting",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5"
        },
        {
            "category": "Physical controls",
            "code": "7.1",
            "label": "Physical security perimeters",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "26fbd0ef-28da-4930-850f-8519da290fd4"
        },
        {
            "category": "Physical controls",
            "code": "7.2",
            "label": "Physical entry",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3"
        },
        {
            "category": "Physical controls",
            "code": "7.3",
            "label": "Securing offices, rooms and facilities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420"
        },
        {
            "category": "Physical controls",
            "code": "7.4",
            "label": "Physical security monitoring",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf"
        },
        {
            "category": "Physical controls",
            "code": "7.5",
            "label": "Protecting against physical and environmental threats",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b"
        },
        {
            "category": "Physical controls",
            "code": "7.6",
            "label": "Working in secure areas",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268"
        },
        {
            "category": "Physical controls",
            "code": "7.7",
            "label": "Clear desk and clear screen",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614"
        },
        {
            "category": "Physical controls",
            "code": "7.8",
            "label": "Equipment siting and protection",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "a3897661-541e-4c4c-9844-2981d8288ec6"
        },
        {
            "category": "Physical controls",
            "code": "7.9",
            "label": "Security of assets off-premises",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6"
        },
        {
            "category": "Physical controls",
            "code": "7.1",
            "label": "Storage media",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "1167decd-0e55-4359-8fb2-599c490d89fa"
        },
        {
            "category": "Physical controls",
            "code": "7.11",
            "label": "Supporting utilities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "fc66f113-3f02-4354-8610-879b5467971a"
        },
        {
            "category": "Physical controls",
            "code": "7.12",
            "label": "Cabling security",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "00e9c4c9-c718-4834-a312-c08abb03838c"
        },
        {
            "category": "Physical controls",
            "code": "7.13",
            "label": "Equipment maintenance",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c"
        },
        {
            "category": "Physical controls",
            "code": "7.14",
            "label": "Secure disposal or re-use of equipment",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33"
        },
        {
            "category": "Technological controls",
            "code": "8.1",
            "label": "User endpoint devices",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f"
        },
        {
            "category": "Technological controls",
            "code": "8.2",
            "label": "Privileged access rights",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd"
        },
        {
            "category": "Technological controls",
            "code": "8.3",
            "label": "Information access restriction",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d"
        },
        {
            "category": "Technological controls",
            "code": "8.4",
            "label": "Access to source code",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "b56726a8-3883-4893-ae75-2ba555411148"
        },
        {
            "category": "Technological controls",
            "code": "8.5",
            "label": "Secure authentication",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd"
        },
        {
            "category": "Technological controls",
            "code": "8.6",
            "label": "Capacity management",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e"
        },
        {
            "category": "Technological controls",
            "code": "8.7",
            "label": "Protection against malware",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0"
        },
        {
            "category": "Technological controls",
            "code": "8.8",
            "label": "Management of technical vulnerabilities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d"
        },
        {
            "category": "Technological controls",
            "code": "8.9",
            "label": "Configuration management",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9"
        },
        {
            "category": "Technological controls",
            "code": "8.1",
            "label": "Information deletion",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "af8efe54-1e09-44e8-818d-22dc5446b234"
        },
        {
            "category": "Technological controls",
            "code": "8.11",
            "label": "Data masking",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "082e34b9-5811-485b-a81a-761e79918ebc"
        },
        {
            "category": "Technological controls",
            "code": "8.12",
            "label": "Data leakage prevention",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6"
        },
        {
            "category": "Technological controls",
            "code": "8.13",
            "label": "Information backup",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7"
        },
        {
            "category": "Technological controls",
            "code": "8.14",
            "label": "Redundancy of information processing facilities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4"
        },
        {
            "category": "Technological controls",
            "code": "8.15",
            "label": "Logging",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029"
        },
        {
            "category": "Technological controls",
            "code": "8.16",
            "label": "Monitoring activities",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff"
        },
        {
            "category": "Technological controls",
            "code": "8.17",
            "label": "Clock synchronization",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2"
        },
        {
            "category": "Technological controls",
            "code": "8.18",
            "label": "Use of privileged utility programs",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "9389f178-57cb-4b52-b464-5b983d10ae90"
        },
        {
            "category": "Technological controls",
            "code": "8.19",
            "label": "Installation of software on operational systems",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5"
        },
        {
            "category": "Technological controls",
            "code": "8.2",
            "label": "Networks security",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5"
        },
        {
            "category": "Technological controls",
            "code": "8.21",
            "label": "Security of network services",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637"
        },
        {
            "category": "Technological controls",
            "code": "8.22",
            "label": "Segregation of networks",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "6c305573-67ac-488e-882a-8e94e6373355"
        },
        {
            "category": "Technological controls",
            "code": "8.23",
            "label": "Web filtering",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771"
        },
        {
            "category": "Technological controls",
            "code": "8.24",
            "label": "Use of cryptography",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9"
        },
        {
            "category": "Technological controls",
            "code": "8.25",
            "label": "Secure development life cycle",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2"
        },
        {
            "category": "Technological controls",
            "code": "8.26",
            "label": "Application security requirements",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716"
        },
        {
            "category": "Technological controls",
            "code": "8.27",
            "label": "Secure system architecture and engineering principles",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "497618e9-e495-42b6-b04e-21801f9c01f7"
        },
        {
            "category": "Technological controls",
            "code": "8.28",
            "label": "Secure coding",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09"
        },
        {
            "category": "Technological controls",
            "code": "8.29",
            "label": "Security testing in development and acceptance",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389"
        },
        {
            "category": "Technological controls",
            "code": "8.3",
            "label": "Outsourced development",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4"
        },
        {
            "category": "Technological controls",
            "code": "8.31",
            "label": "Separation of development, test and production environments",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb"
        },
        {
            "category": "Technological controls",
            "code": "8.32",
            "label": "Change management",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a"
        },
        {
            "category": "Technological controls",
            "code": "8.33",
            "label": "Test information",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5"
        },
        {
            "category": "Technological controls",
            "code": "8.34",
            "label": "Protection of information systems during audit testing",
            "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
            "referential_label": "ISO/IEC 27002 [2022]",
            "uuid": "744146f1-5a14-43c0-b675-8c2649486f64"
        }
    ],
    "version": 1,
    "version_ext": "ISO/IEC 27002:2013"
}