Updated
Feb 21, 2022, 12:37:31 PM
Name
ISO/IEC 27002 [2022]
Description
ISO/IEC 27002:2022 controls
{
"authors": [
"CASES Team"
],
"label": "ISO/IEC 27002 [2022]",
"language": "EN",
"refs": [
"https://www.iso.org/standard/54533.html"
],
"uuid": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"values": [
{
"category": "Organizational controls",
"code": "5.1",
"label": "Policies for information security",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831"
},
{
"category": "Organizational controls",
"code": "5.2",
"label": "Information security roles and responsibilities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5"
},
{
"category": "Organizational controls",
"code": "5.3",
"label": "Segregation of duties",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252"
},
{
"category": "Organizational controls",
"code": "5.4",
"label": "Management responsibilities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f"
},
{
"category": "Organizational controls",
"code": "5.5",
"label": "Contact with authorities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "7a5c4510-1d09-481b-822d-2d58745d390b"
},
{
"category": "Organizational controls",
"code": "5.6",
"label": "Contact with special interest groups",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "33aa534c-482a-4503-919c-635ac65d084e"
},
{
"category": "Organizational controls",
"code": "5.7",
"label": "Threat intelligence",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "dca62889-6240-406e-8c94-5f418e7e004e"
},
{
"category": "Organizational controls",
"code": "5.8",
"label": "Information security in project management",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "45d81142-d8b8-45c5-811b-8a636c404af8"
},
{
"category": "Organizational controls",
"code": "5.9",
"label": "Inventory of information and other associated assets",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70"
},
{
"category": "Organizational controls",
"code": "5.10",
"label": "Acceptable use of information and other associated assets",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "95882551-578c-4c0d-afe8-1dff2b251da4"
},
{
"category": "Organizational controls",
"code": "5.11",
"label": "Return of assets",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5"
},
{
"category": "Organizational controls",
"code": "5.12",
"label": "Classification of information",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1"
},
{
"category": "Organizational controls",
"code": "5.13",
"label": "Labelling of information",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd"
},
{
"category": "Organizational controls",
"code": "5.14",
"label": "Information transfer",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79"
},
{
"category": "Organizational controls",
"code": "5.15",
"label": "Access control",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3"
},
{
"category": "Organizational controls",
"code": "5.16",
"label": "Identity management",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626"
},
{
"category": "Organizational controls",
"code": "5.17",
"label": "Authentication information",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3"
},
{
"category": "Organizational controls",
"code": "5.18",
"label": "Access rights",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe"
},
{
"category": "Organizational controls",
"code": "5.19",
"label": "Information security in supplier relationships",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40"
},
{
"category": "Organizational controls",
"code": "5.20",
"label": "Addressing information security within supplier agreements",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0"
},
{
"category": "Organizational controls",
"code": "5.21",
"label": "Managing information security in the ICT supply chain",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7"
},
{
"category": "Organizational controls",
"code": "5.22",
"label": "Monitoring, review and change management of supplier services",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a"
},
{
"category": "Organizational controls",
"code": "5.23",
"label": "Information security for use of cloud services",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d"
},
{
"category": "Organizational controls",
"code": "5.24",
"label": "Information security incident management planning and preparation",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1"
},
{
"category": "Organizational controls",
"code": "5.25",
"label": "Assessment and decision on information security events",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e"
},
{
"category": "Organizational controls",
"code": "5.26",
"label": "Response to information security incidents",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72"
},
{
"category": "Organizational controls",
"code": "5.27",
"label": "Learning from information security incidents",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "1c03c68f-29a0-4606-b99d-072491f53e96"
},
{
"category": "Organizational controls",
"code": "5.28",
"label": "Collection of evidence",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590"
},
{
"category": "Organizational controls",
"code": "5.29",
"label": "Information security during disruption",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2"
},
{
"category": "Organizational controls",
"code": "5.30",
"label": "ICT readiness for business continuity",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8"
},
{
"category": "Organizational controls",
"code": "5.31",
"label": "Legal, statutory, regulatory and contractual requirements",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1"
},
{
"category": "Organizational controls",
"code": "5.32",
"label": "Intellectual property rights",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd"
},
{
"category": "Organizational controls",
"code": "5.33",
"label": "Protection of records",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8"
},
{
"category": "Organizational controls",
"code": "5.34",
"label": "Privacy and protection of PII",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9"
},
{
"category": "Organizational controls",
"code": "5.35",
"label": "Independent review of information security",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9"
},
{
"category": "Organizational controls",
"code": "5.36",
"label": "Compliance with policies, rules and standards for information security",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3"
},
{
"category": "Organizational controls",
"code": "5.37",
"label": "Documented operating procedures",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3"
},
{
"category": "People controls",
"code": "6.1",
"label": "Screening",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37"
},
{
"category": "People controls",
"code": "6.2",
"label": "Terms and conditions of employment",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "83389b64-b080-4625-8e81-05174311e2d8"
},
{
"category": "People controls",
"code": "6.3",
"label": "Information security awareness, education and training",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680"
},
{
"category": "People controls",
"code": "6.4",
"label": "Disciplinary process",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6"
},
{
"category": "People controls",
"code": "6.5",
"label": "Responsibilities after termination or change of employment",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8"
},
{
"category": "People controls",
"code": "6.6",
"label": "Confidentiality or non-disclosure agreements",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6"
},
{
"category": "People controls",
"code": "6.7",
"label": "Remote working",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "276430e7-47c5-461b-a5c4-7b46dae11759"
},
{
"category": "People controls",
"code": "6.8",
"label": "Information security event reporting",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5"
},
{
"category": "Physical controls",
"code": "7.1",
"label": "Physical security perimeters",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "26fbd0ef-28da-4930-850f-8519da290fd4"
},
{
"category": "Physical controls",
"code": "7.2",
"label": "Physical entry",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3"
},
{
"category": "Physical controls",
"code": "7.3",
"label": "Securing offices, rooms and facilities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420"
},
{
"category": "Physical controls",
"code": "7.4",
"label": "Physical security monitoring",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf"
},
{
"category": "Physical controls",
"code": "7.5",
"label": "Protecting against physical and environmental threats",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b"
},
{
"category": "Physical controls",
"code": "7.6",
"label": "Working in secure areas",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268"
},
{
"category": "Physical controls",
"code": "7.7",
"label": "Clear desk and clear screen",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614"
},
{
"category": "Physical controls",
"code": "7.8",
"label": "Equipment siting and protection",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "a3897661-541e-4c4c-9844-2981d8288ec6"
},
{
"category": "Physical controls",
"code": "7.9",
"label": "Security of assets off-premises",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6"
},
{
"category": "Physical controls",
"code": "7.10",
"label": "Storage media",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "1167decd-0e55-4359-8fb2-599c490d89fa"
},
{
"category": "Physical controls",
"code": "7.11",
"label": "Supporting utilities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "fc66f113-3f02-4354-8610-879b5467971a"
},
{
"category": "Physical controls",
"code": "7.12",
"label": "Cabling security",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "00e9c4c9-c718-4834-a312-c08abb03838c"
},
{
"category": "Physical controls",
"code": "7.13",
"label": "Equipment maintenance",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c"
},
{
"category": "Physical controls",
"code": "7.14",
"label": "Secure disposal or re-use of equipment",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33"
},
{
"category": "Technological controls",
"code": "8.1",
"label": "User endpoint devices",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f"
},
{
"category": "Technological controls",
"code": "8.2",
"label": "Privileged access rights",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd"
},
{
"category": "Technological controls",
"code": "8.3",
"label": "Information access restriction",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d"
},
{
"category": "Technological controls",
"code": "8.4",
"label": "Access to source code",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "b56726a8-3883-4893-ae75-2ba555411148"
},
{
"category": "Technological controls",
"code": "8.5",
"label": "Secure authentication",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd"
},
{
"category": "Technological controls",
"code": "8.6",
"label": "Capacity management",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e"
},
{
"category": "Technological controls",
"code": "8.7",
"label": "Protection against malware",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0"
},
{
"category": "Technological controls",
"code": "8.8",
"label": "Management of technical vulnerabilities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d"
},
{
"category": "Technological controls",
"code": "8.9",
"label": "Configuration management",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9"
},
{
"category": "Technological controls",
"code": "8.10",
"label": "Information deletion",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "af8efe54-1e09-44e8-818d-22dc5446b234"
},
{
"category": "Technological controls",
"code": "8.11",
"label": "Data masking",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "082e34b9-5811-485b-a81a-761e79918ebc"
},
{
"category": "Technological controls",
"code": "8.12",
"label": "Data leakage prevention",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6"
},
{
"category": "Technological controls",
"code": "8.13",
"label": "Information backup",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7"
},
{
"category": "Technological controls",
"code": "8.14",
"label": "Redundancy of information processing facilities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4"
},
{
"category": "Technological controls",
"code": "8.15",
"label": "Logging",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029"
},
{
"category": "Technological controls",
"code": "8.16",
"label": "Monitoring activities",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff"
},
{
"category": "Technological controls",
"code": "8.17",
"label": "Clock synchronization",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2"
},
{
"category": "Technological controls",
"code": "8.18",
"label": "Use of privileged utility programs",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "9389f178-57cb-4b52-b464-5b983d10ae90"
},
{
"category": "Technological controls",
"code": "8.19",
"label": "Installation of software on operational systems",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5"
},
{
"category": "Technological controls",
"code": "8.20",
"label": "Networks security",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5"
},
{
"category": "Technological controls",
"code": "8.21",
"label": "Security of network services",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637"
},
{
"category": "Technological controls",
"code": "8.22",
"label": "Segregation of networks",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "6c305573-67ac-488e-882a-8e94e6373355"
},
{
"category": "Technological controls",
"code": "8.23",
"label": "Web filtering",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771"
},
{
"category": "Technological controls",
"code": "8.24",
"label": "Use of cryptography",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9"
},
{
"category": "Technological controls",
"code": "8.25",
"label": "Secure development life cycle",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2"
},
{
"category": "Technological controls",
"code": "8.26",
"label": "Application security requirements",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716"
},
{
"category": "Technological controls",
"code": "8.27",
"label": "Secure system architecture and engineering principles",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "497618e9-e495-42b6-b04e-21801f9c01f7"
},
{
"category": "Technological controls",
"code": "8.28",
"label": "Secure coding",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09"
},
{
"category": "Technological controls",
"code": "8.29",
"label": "Security testing in development and acceptance",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389"
},
{
"category": "Technological controls",
"code": "8.30",
"label": "Outsourced development",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4"
},
{
"category": "Technological controls",
"code": "8.31",
"label": "Separation of development, test and production environments",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb"
},
{
"category": "Technological controls",
"code": "8.32",
"label": "Change management",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a"
},
{
"category": "Technological controls",
"code": "8.33",
"label": "Test information",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5"
},
{
"category": "Technological controls",
"code": "8.34",
"label": "Protection of information systems during audit testing",
"referential": "831acc76-2bcc-4376-836a-f6b0ee6df568",
"referential_label": "ISO/IEC 27002 [2022]",
"uuid": "744146f1-5a14-43c0-b675-8c2649486f64"
}
],
"version": 1,
"version_ext": "ISO/IEC 27002:2013"
}