MOSP

f

1

{

f

1

{

2

"authors": [

2

"authors": [

3

"Jeremy Dannenmuller"

3

"Jeremy Dannenmuller"

4

],

4

],

5

"label": "ISO 27017",

5

"label": "ISO 27017",

6

"language": "EN",

6

"language": "EN",

7

"refs": "https://www.iso.org/fr/standard/43757.html",

7

"refs": "https://www.iso.org/fr/standard/43757.html",

8

"uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

8

"uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

9

"values": [

9

"values": [

10

{

10

{

11

"category": "Security in development and support processes",

11

"category": "Security in development and support processes",

12

"code": "14.2.2",

12

"code": "14.2.2",

13

"label": "System change control procedures",

13

"label": "System change control procedures",

14

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

14

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

15

"referential_label": "ISO 27017",

15

"referential_label": "ISO 27017",

t

16

"uuid": "\"027c0996-57fa-44d3-85cd-6ea667923174\""

t

16

"uuid": "027c0996-57fa-44d3-85cd-6ea667923174"

17

},

17

},

18

{

18

{

19

"category": "Supplier service delivery management",

19

"category": "Supplier service delivery management",

20

"code": "15.2.2",

20

"code": "15.2.2",

21

"label": "Managing chages to supplier services",

21

"label": "Managing chages to supplier services",

22

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

22

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

23

"referential_label": "ISO 27017",

23

"referential_label": "ISO 27017",

24

"uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7"

24

"uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7"

25

},

25

},

26

{

26

{

27

"category": "Security in development and support processes",

27

"category": "Security in development and support processes",

28

"code": "14.2.1",

28

"code": "14.2.1",

29

"label": "Secure development policy",

29

"label": "Secure development policy",

30

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

30

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

31

"referential_label": "ISO 27017",

31

"referential_label": "ISO 27017",

32

"uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b"

32

"uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b"

33

},

33

},

34

{

34

{

35

"category": "Termination and change of employment",

35

"category": "Termination and change of employment",

36

"code": "7.3.1",

36

"code": "7.3.1",

37

"label": "Termination or change of employment responsabilities",

37

"label": "Termination or change of employment responsabilities",

38

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

38

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

39

"referential_label": "ISO 27017",

39

"referential_label": "ISO 27017",

40

"uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8"

40

"uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8"

41

},

41

},

42

{

42

{

43

"category": "Secure areas",

43

"category": "Secure areas",

44

"code": "11.1.1",

44

"code": "11.1.1",

45

"label": "Physical security perimeter",

45

"label": "Physical security perimeter",

46

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

46

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

47

"referential_label": "ISO 27017",

47

"referential_label": "ISO 27017",

48

"uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3"

48

"uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3"

49

},

49

},

50

{

50

{

51

"category": "During employment",

51

"category": "During employment",

52

"code": "7.2.1",

52

"code": "7.2.1",

53

"label": "Management responsabilities",

53

"label": "Management responsabilities",

54

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

54

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

55

"referential_label": "ISO 27017",

55

"referential_label": "ISO 27017",

56

"uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243"

56

"uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243"

57

},

57

},

58

{

58

{

59

"category": "Logging and monitoring",

59

"category": "Logging and monitoring",

60

"code": "12.4.4",

60

"code": "12.4.4",

61

"label": "Clock synchronization",

61

"label": "Clock synchronization",

62

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

62

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

63

"referential_label": "ISO 27017",

63

"referential_label": "ISO 27017",

64

"uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2"

64

"uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2"

65

},

65

},

66

{

66

{

67

"category": "Equipment",

67

"category": "Equipment",

68

"code": "11.2.1",

68

"code": "11.2.1",

69

"label": "Equipment siting and protection",

69

"label": "Equipment siting and protection",

70

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

70

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

71

"referential_label": "ISO 27017",

71

"referential_label": "ISO 27017",

72

"uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b"

72

"uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b"

73

},

73

},

74

{

74

{

75

"category": "Business requirements of access control",

75

"category": "Business requirements of access control",

76

"code": "9.1.1",

76

"code": "9.1.1",

77

"label": "Access control policy",

77

"label": "Access control policy",

78

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

78

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

79

"referential_label": "ISO 27017",

79

"referential_label": "ISO 27017",

80

"uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f"

80

"uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f"

81

},

81

},

82

{

82

{

83

"category": "Management of information security incidents and improvements",

83

"category": "Management of information security incidents and improvements",

84

"code": "16.1.7",

84

"code": "16.1.7",

85

"label": "Collection of evidence",

85

"label": "Collection of evidence",

86

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

86

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

87

"referential_label": "ISO 27017",

87

"referential_label": "ISO 27017",

88

"uuid": "1703d350-59d5-4510-bf45-d538e4c076a0"

88

"uuid": "1703d350-59d5-4510-bf45-d538e4c076a0"

89

},

89

},

90

{

90

{

91

"category": "Security requirements of information systems",

91

"category": "Security requirements of information systems",

92

"code": "14.1.1",

92

"code": "14.1.1",

93

"label": "Information security requirements analysis and specification",

93

"label": "Information security requirements analysis and specification",

94

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

94

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

95

"referential_label": "ISO 27017",

95

"referential_label": "ISO 27017",

96

"uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b"

96

"uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b"

97

},

97

},

98

{

98

{

99

"category": "Security in development and support processes",

99

"category": "Security in development and support processes",

100

"code": "14.2.7",

100

"code": "14.2.7",

101

"label": "Outsourced development",

101

"label": "Outsourced development",

102

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

102

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

103

"referential_label": "ISO 27017",

103

"referential_label": "ISO 27017",

104

"uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee"

104

"uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee"

105

},

105

},

106

{

106

{

107

"category": "Equipment",

107

"category": "Equipment",

108

"code": "11.2.8",

108

"code": "11.2.8",

109

"label": "Unattended user equipment",

109

"label": "Unattended user equipment",

110

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

110

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

111

"referential_label": "ISO 27017",

111

"referential_label": "ISO 27017",

112

"uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2"

112

"uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2"

113

},

113

},

114

{

114

{

115

"category": "Media handling",

115

"category": "Media handling",

116

"code": "8.3.1",

116

"code": "8.3.1",

117

"label": "Management or removable media",

117

"label": "Management or removable media",

118

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

118

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

119

"referential_label": "ISO 27017",

119

"referential_label": "ISO 27017",

120

"uuid": "2327176c-b127-4ad3-a1a9-710467ea246f"

120

"uuid": "2327176c-b127-4ad3-a1a9-710467ea246f"

121

},

121

},

122

{

122

{

123

"category": "Security in development and support processes",

123

"category": "Security in development and support processes",

124

"code": "14.2.6",

124

"code": "14.2.6",

125

"label": "Secure development environment",

125

"label": "Secure development environment",

126

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

126

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

127

"referential_label": "ISO 27017",

127

"referential_label": "ISO 27017",

128

"uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7"

128

"uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7"

129

},

129

},

130

{

130

{

131

"category": "Information security in supplier relationships",

131

"category": "Information security in supplier relationships",

132

"code": "15.1.3",

132

"code": "15.1.3",

133

"label": "Information and communication technology supply chain",

133

"label": "Information and communication technology supply chain",

134

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

134

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

135

"referential_label": "ISO 27017",

135

"referential_label": "ISO 27017",

136

"uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7"

136

"uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7"

137

},

137

},

138

{

138

{

139

"category": "Operational procedures and responsibilities",

139

"category": "Operational procedures and responsibilities",

140

"code": "CLD.12.1.5",

140

"code": "CLD.12.1.5",

141

"label": "Administrator's operational security",

141

"label": "Administrator's operational security",

142

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

142

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

143

"referential_label": "ISO 27017",

143

"referential_label": "ISO 27017",

144

"uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038"

144

"uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038"

145

},

145

},

146

{

146

{

147

"category": "Network security management",

147

"category": "Network security management",

148

"code": "13.1.3",

148

"code": "13.1.3",

149

"label": "Segregation in networks",

149

"label": "Segregation in networks",

150

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

150

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

151

"referential_label": "ISO 27017",

151

"referential_label": "ISO 27017",

152

"uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315"

152

"uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315"

153

},

153

},

154

{

154

{

155

"category": "Relationship between cloud service customer and cloud service provider",

155

"category": "Relationship between cloud service customer and cloud service provider",

156

"code": "CLD.6.3.1",

156

"code": "CLD.6.3.1",

157

"label": "Shared roles and responsibilities within a cloud computing environment",

157

"label": "Shared roles and responsibilities within a cloud computing environment",

158

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

158

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

159

"referential_label": "ISO 27017",

159

"referential_label": "ISO 27017",

160

"uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662"

160

"uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662"

161

},

161

},

162

{

162

{

163

"category": "Information security in supplier relationships",

163

"category": "Information security in supplier relationships",

164

"code": "15.1.1",

164

"code": "15.1.1",

165

"label": "Information security policy for supplier relationships",

165

"label": "Information security policy for supplier relationships",

166

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

166

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

167

"referential_label": "ISO 27017",

167

"referential_label": "ISO 27017",

168

"uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505"

168

"uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505"

169

},

169

},

170

{

170

{

171

"category": "Information classification",

171

"category": "Information classification",

172

"code": "8.2.2",

172

"code": "8.2.2",

173

"label": "Labelling of information",

173

"label": "Labelling of information",

174

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

174

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

175

"referential_label": "ISO 27017",

175

"referential_label": "ISO 27017",

176

"uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392"

176

"uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392"

177

},

177

},

178

{

178

{

179

"category": "Internal organization",

179

"category": "Internal organization",

180

"code": "6.1.4",

180

"code": "6.1.4",

181

"label": "Contact with special interest groups",

181

"label": "Contact with special interest groups",

182

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

182

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

183

"referential_label": "ISO 27017",

183

"referential_label": "ISO 27017",

184

"uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4"

184

"uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4"

185

},

185

},

186

{

186

{

187

"category": "Secure areas",

187

"category": "Secure areas",

188

"code": "11.1.4",

188

"code": "11.1.4",

189

"label": "Protecting against external and environmental threats",

189

"label": "Protecting against external and environmental threats",

190

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

190

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

191

"referential_label": "ISO 27017",

191

"referential_label": "ISO 27017",

192

"uuid": "34ac073d-80ad-4503-b748-bcbad097ea26"

192

"uuid": "34ac073d-80ad-4503-b748-bcbad097ea26"

193

},

193

},

194

{

194

{

195

"category": "Access control of cloud service customer data in shared virtual environment",

195

"category": "Access control of cloud service customer data in shared virtual environment",

196

"code": "CLD.9.5.2",

196

"code": "CLD.9.5.2",

197

"label": "Virtual machine hardening",

197

"label": "Virtual machine hardening",

198

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

198

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

199

"referential_label": "ISO 27017",

199

"referential_label": "ISO 27017",

200

"uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46"

200

"uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46"

201

},

201

},

202

{

202

{

203

"category": "Compliance with legal and contractual requirements",

203

"category": "Compliance with legal and contractual requirements",

204

"code": "18.1.3",

204

"code": "18.1.3",

205

"label": "Protection of records",

205

"label": "Protection of records",

206

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

206

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

207

"referential_label": "ISO 27017",

207

"referential_label": "ISO 27017",

208

"uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88"

208

"uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88"

209

},

209

},

210

{

210

{

211

"category": "Network security management",

211

"category": "Network security management",

212

"code": "13.1.1",

212

"code": "13.1.1",

213

"label": "Network controls",

213

"label": "Network controls",

214

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

214

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

215

"referential_label": "ISO 27017",

215

"referential_label": "ISO 27017",

216

"uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee"

216

"uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee"

217

},

217

},

218

{

218

{

219

"category": "Responsibility for assets",

219

"category": "Responsibility for assets",

220

"code": "CLD.8.1.5",

220

"code": "CLD.8.1.5",

221

"label": "Removal of cloud service customer assets",

221

"label": "Removal of cloud service customer assets",

222

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

222

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

223

"referential_label": "ISO 27017",

223

"referential_label": "ISO 27017",

224

"uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4"

224

"uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4"

225

},

225

},

226

{

226

{

227

"category": "Equipment",

227

"category": "Equipment",

228

"code": "11.2.4",

228

"code": "11.2.4",

229

"label": "Equipment maintenance",

229

"label": "Equipment maintenance",

230

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

230

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

231

"referential_label": "ISO 27017",

231

"referential_label": "ISO 27017",

232

"uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5"

232

"uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5"

233

},

233

},

234

{

234

{

235

"category": "User access management",

235

"category": "User access management",

236

"code": "9.2.4",

236

"code": "9.2.4",

237

"label": "Management of secret authentication information of users",

237

"label": "Management of secret authentication information of users",

238

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

238

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

239

"referential_label": "ISO 27017",

239

"referential_label": "ISO 27017",

240

"uuid": "3c138556-2201-4b36-8907-f6c0f57d420b"

240

"uuid": "3c138556-2201-4b36-8907-f6c0f57d420b"

241

},

241

},

242

{

242

{

243

"category": "Logging and monitoring",

243

"category": "Logging and monitoring",

244

"code": "CLD.12.4.5",

244

"code": "CLD.12.4.5",

245

"label": "Monitoring of Cloud Services",

245

"label": "Monitoring of Cloud Services",

246

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

246

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

247

"referential_label": "ISO 27017",

247

"referential_label": "ISO 27017",

248

"uuid": "439a4491-65aa-4990-b6e4-6e10af836373"

248

"uuid": "439a4491-65aa-4990-b6e4-6e10af836373"

249

},

249

},

250

{

250

{

251

"category": "Responsibility for assets",

251

"category": "Responsibility for assets",

252

"code": "8.1.1",

252

"code": "8.1.1",

253

"label": "Inventory of assets",

253

"label": "Inventory of assets",

254

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

254

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

255

"referential_label": "ISO 27017",

255

"referential_label": "ISO 27017",

256

"uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46"

256

"uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46"

257

},

257

},

258

{

258

{

259

"category": "System and application access control",

259

"category": "System and application access control",

260

"code": "9.4.3",

260

"code": "9.4.3",

261

"label": "Password management system",

261

"label": "Password management system",

262

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

262

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

263

"referential_label": "ISO 27017",

263

"referential_label": "ISO 27017",

264

"uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d"

264

"uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d"

265

},

265

},

266

{

266

{

267

"category": "Information security policies",

267

"category": "Information security policies",

268

"code": "5.1.1",

268

"code": "5.1.1",

269

"label": "Policies for information security",

269

"label": "Policies for information security",

270

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

270

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

271

"referential_label": "ISO 27017",

271

"referential_label": "ISO 27017",

272

"uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f"

272

"uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f"

273

},

273

},

274

{

274

{

275

"category": "Management of information security incidents and improvements",

275

"category": "Management of information security incidents and improvements",

276

"code": "16.1.1",

276

"code": "16.1.1",

277

"label": "Responsabilities and procedures",

277

"label": "Responsabilities and procedures",

278

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

278

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

279

"referential_label": "ISO 27017",

279

"referential_label": "ISO 27017",

280

"uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5"

280

"uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5"

281

},

281

},

282

{

282

{

283

"category": "Internal organization",

283

"category": "Internal organization",

284

"code": "6.1.5",

284

"code": "6.1.5",

285

"label": "Information security in project management",

285

"label": "Information security in project management",

286

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

286

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

287

"referential_label": "ISO 27017",

287

"referential_label": "ISO 27017",

288

"uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98"

288

"uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98"

289

},

289

},

290

{

290

{

291

"category": "Control of operational software",

291

"category": "Control of operational software",

292

"code": "12.5.1",

292

"code": "12.5.1",

293

"label": "Installation of software on operational systems",

293

"label": "Installation of software on operational systems",

294

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

294

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

295

"referential_label": "ISO 27017",

295

"referential_label": "ISO 27017",

296

"uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933"

296

"uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933"

297

},

297

},

298

{

298

{

299

"category": "Information classification",

299

"category": "Information classification",

300

"code": "8.2.3",

300

"code": "8.2.3",

301

"label": "Handling of assets",

301

"label": "Handling of assets",

302

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

302

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

303

"referential_label": "ISO 27017",

303

"referential_label": "ISO 27017",

304

"uuid": "4dabfd52-4369-4999-9091-6a346703e981"

304

"uuid": "4dabfd52-4369-4999-9091-6a346703e981"

305

},

305

},

306

{

306

{

307

"category": "Secure areas",

307

"category": "Secure areas",

308

"code": "11.1.5",

308

"code": "11.1.5",

309

"label": "Working in secure areas",

309

"label": "Working in secure areas",

310

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

310

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

311

"referential_label": "ISO 27017",

311

"referential_label": "ISO 27017",

312

"uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff"

312

"uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff"

313

},

313

},

314

{

314

{

315

"category": "Internal organization",

315

"category": "Internal organization",

316

"code": "6.1.1",

316

"code": "6.1.1",

317

"label": "Information security roles and responsabilities",

317

"label": "Information security roles and responsabilities",

318

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

318

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

319

"referential_label": "ISO 27017",

319

"referential_label": "ISO 27017",

320

"uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e"

320

"uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e"

321

},

321

},

322

{

322

{

323

"category": "Security in development and support processes",

323

"category": "Security in development and support processes",

324

"code": "14.2.3",

324

"code": "14.2.3",

325

"label": "Technical review of applications after operating platform changes",

325

"label": "Technical review of applications after operating platform changes",

326

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

326

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

327

"referential_label": "ISO 27017",

327

"referential_label": "ISO 27017",

328

"uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4"

328

"uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4"

329

},

329

},

330

{

330

{

331

"category": "System and application access control",

331

"category": "System and application access control",

332

"code": "9.4.1",

332

"code": "9.4.1",

333

"label": "Information access restriction",

333

"label": "Information access restriction",

334

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

334

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

335

"referential_label": "ISO 27017",

335

"referential_label": "ISO 27017",

336

"uuid": "553e228a-15dd-430c-a35b-604b9fccd629"

336

"uuid": "553e228a-15dd-430c-a35b-604b9fccd629"

337

},

337

},

338

{

338

{

339

"category": "User access management",

339

"category": "User access management",

340

"code": "9.2.2",

340

"code": "9.2.2",

341

"label": "User access provisioning",

341

"label": "User access provisioning",

342

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

342

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

343

"referential_label": "ISO 27017",

343

"referential_label": "ISO 27017",

344

"uuid": "55677739-524b-4167-a2e1-1dc5356e4764"

344

"uuid": "55677739-524b-4167-a2e1-1dc5356e4764"

345

},

345

},

346

{

346

{

347

"category": "Equipment",

347

"category": "Equipment",

348

"code": "11.2.5",

348

"code": "11.2.5",

349

"label": "Removal of assets",

349

"label": "Removal of assets",

350

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

350

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

351

"referential_label": "ISO 27017",

351

"referential_label": "ISO 27017",

352

"uuid": "55f40782-51f0-4e9a-9cae-3898190144c4"

352

"uuid": "55f40782-51f0-4e9a-9cae-3898190144c4"

353

},

353

},

354

{

354

{

355

"category": "Supplier service delivery management",

355

"category": "Supplier service delivery management",

356

"code": "15.2.1",

356

"code": "15.2.1",

357

"label": "Monitoring and review of supplier services",

357

"label": "Monitoring and review of supplier services",

358

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

358

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

359

"referential_label": "ISO 27017",

359

"referential_label": "ISO 27017",

360

"uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6"

360

"uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6"

361

},

361

},

362

{

362

{

363

"category": "Information transfer",

363

"category": "Information transfer",

364

"code": "13.2.4",

364

"code": "13.2.4",

365

"label": "Confidentiality or non-disclosure agreements",

365

"label": "Confidentiality or non-disclosure agreements",

366

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

366

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

367

"referential_label": "ISO 27017",

367

"referential_label": "ISO 27017",

368

"uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a"

368

"uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a"

369

},

369

},

370

{

370

{

371

"category": "Responsibility for assets",

371

"category": "Responsibility for assets",

372

"code": "8.1.3",

372

"code": "8.1.3",

373

"label": "The acceptable use of assets",

373

"label": "The acceptable use of assets",

374

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

374

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

375

"referential_label": "ISO 27017",

375

"referential_label": "ISO 27017",

376

"uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9"

376

"uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9"

377

},

377

},

378

{

378

{

379

"category": "Internal organization",

379

"category": "Internal organization",

380

"code": "6.1.3",

380

"code": "6.1.3",

381

"label": "Contact with authorities",

381

"label": "Contact with authorities",

382

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

382

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

383

"referential_label": "ISO 27017",

383

"referential_label": "ISO 27017",

384

"uuid": "61bf6872-052b-468c-83b5-ea70d4530629"

384

"uuid": "61bf6872-052b-468c-83b5-ea70d4530629"

385

},

385

},

386

{

386

{

387

"category": "Cryptographic controls",

387

"category": "Cryptographic controls",

388

"code": "10.1.2",

388

"code": "10.1.2",

389

"label": "Key management",

389

"label": "Key management",

390

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

390

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

391

"referential_label": "ISO 27017",

391

"referential_label": "ISO 27017",

392

"uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7"

392

"uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7"

393

},

393

},

394

{

394

{

395

"category": "Operational procedures and responsibilities",

395

"category": "Operational procedures and responsibilities",

396

"code": "12.1.4",

396

"code": "12.1.4",

397

"label": "Separation of development, testing and operational environments",

397

"label": "Separation of development, testing and operational environments",

398

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

398

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

399

"referential_label": "ISO 27017",

399

"referential_label": "ISO 27017",

400

"uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804"

400

"uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804"

401

},

401

},

402

{

402

{

403

"category": "Information security continuity",

403

"category": "Information security continuity",

404

"code": "17.1.1",

404

"code": "17.1.1",

405

"label": "Planning information security continuity",

405

"label": "Planning information security continuity",

406

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

406

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

407

"referential_label": "ISO 27017",

407

"referential_label": "ISO 27017",

408

"uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b"

408

"uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b"

409

},

409

},

410

{

410

{

411

"category": "Management of information security incidents and improvements",

411

"category": "Management of information security incidents and improvements",

412

"code": "16.1.4",

412

"code": "16.1.4",

413

"label": "Assessment of and decision on information security events",

413

"label": "Assessment of and decision on information security events",

414

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

414

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

415

"referential_label": "ISO 27017",

415

"referential_label": "ISO 27017",

416

"uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82"

416

"uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82"

417

},

417

},

418

{

418

{

419

"category": "Backup",

419

"category": "Backup",

420

"code": "12.3.1",

420

"code": "12.3.1",

421

"label": "Information backup",

421

"label": "Information backup",

422

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

422

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

423

"referential_label": "ISO 27017",

423

"referential_label": "ISO 27017",

424

"uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34"

424

"uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34"

425

},

425

},

426

{

426

{

427

"category": "System and application access control",

427

"category": "System and application access control",

428

"code": "9.4.2",

428

"code": "9.4.2",

429

"label": "Secure log-on procedures",

429

"label": "Secure log-on procedures",

430

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

430

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

431

"referential_label": "ISO 27017",

431

"referential_label": "ISO 27017",

432

"uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac"

432

"uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac"

433

},

433

},

434

{

434

{

435

"category": "User access management",

435

"category": "User access management",

436

"code": "9.2.1",

436

"code": "9.2.1",

437

"label": "User registration and deregistration",

437

"label": "User registration and deregistration",

438

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

438

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

439

"referential_label": "ISO 27017",

439

"referential_label": "ISO 27017",

440

"uuid": "680335b4-1efb-4257-ae7c-17de32670edd"

440

"uuid": "680335b4-1efb-4257-ae7c-17de32670edd"

441

},

441

},

442

{

442

{

443

"category": "Internal organization",

443

"category": "Internal organization",

444

"code": "6.1.2",

444

"code": "6.1.2",

445

"label": "Segregtion of duties",

445

"label": "Segregtion of duties",

446

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

446

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

447

"referential_label": "ISO 27017",

447

"referential_label": "ISO 27017",

448

"uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0"

448

"uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0"

449

},

449

},

450

{

450

{

451

"category": "Information security continuity",

451

"category": "Information security continuity",

452

"code": "17.1.3",

452

"code": "17.1.3",

453

"label": "Verify, review and evaluate information security continuity",

453

"label": "Verify, review and evaluate information security continuity",

454

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

454

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

455

"referential_label": "ISO 27017",

455

"referential_label": "ISO 27017",

456

"uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7"

456

"uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7"

457

},

457

},

458

{

458

{

459

"category": "Security requirements of information systems",

459

"category": "Security requirements of information systems",

460

"code": "14.1.3",

460

"code": "14.1.3",

461

"label": "Protecting application services transactions",

461

"label": "Protecting application services transactions",

462

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

462

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

463

"referential_label": "ISO 27017",

463

"referential_label": "ISO 27017",

464

"uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d"

464

"uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d"

465

},

465

},

466

{

466

{

467

"category": "Network security management",

467

"category": "Network security management",

468

"code": "CLD.13.1.4",

468

"code": "CLD.13.1.4",

469

"label": "Alignment of security management for virtual and physical networks",

469

"label": "Alignment of security management for virtual and physical networks",

470

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

470

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

471

"referential_label": "ISO 27017",

471

"referential_label": "ISO 27017",

472

"uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63"

472

"uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63"

473

},

473

},

474

{

474

{

475

"category": "Equipment",

475

"category": "Equipment",

476

"code": "11.2.2",

476

"code": "11.2.2",

477

"label": "Supporting utilities",

477

"label": "Supporting utilities",

478

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

478

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

479

"referential_label": "ISO 27017",

479

"referential_label": "ISO 27017",

480

"uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25"

480

"uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25"

481

},

481

},

482

{

482

{

483

"category": "Responsibility for assets",

483

"category": "Responsibility for assets",

484

"code": "8.1.4",

484

"code": "8.1.4",

485

"label": "Return of assets",

485

"label": "Return of assets",

486

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

486

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

487

"referential_label": "ISO 27017",

487

"referential_label": "ISO 27017",

488

"uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823"

488

"uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823"

489

},

489

},

490

{

490

{

491

"category": "Technical vulnerability management",

491

"category": "Technical vulnerability management",

492

"code": "12.6.1",

492

"code": "12.6.1",

493

"label": "Management of technical vulnerabilities",

493

"label": "Management of technical vulnerabilities",

494

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

494

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

495

"referential_label": "ISO 27017",

495

"referential_label": "ISO 27017",

496

"uuid": "71839786-0214-4608-80be-2555ee0334aa"

496

"uuid": "71839786-0214-4608-80be-2555ee0334aa"

497

},

497

},

498

{

498

{

499

"category": "Information classification",

499

"category": "Information classification",

500

"code": "8.2.1",

500

"code": "8.2.1",

501

"label": "Classification of information",

501

"label": "Classification of information",

502

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

502

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

503

"referential_label": "ISO 27017",

503

"referential_label": "ISO 27017",

504

"uuid": "77e30376-3b61-4675-95dc-329c7c2186b8"

504

"uuid": "77e30376-3b61-4675-95dc-329c7c2186b8"

505

},

505

},

506

{

506

{

507

"category": "Operational procedures and responsibilities",

507

"category": "Operational procedures and responsibilities",

508

"code": "12.1.3",

508

"code": "12.1.3",

509

"label": "Capacity management",

509

"label": "Capacity management",

510

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

510

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

511

"referential_label": "ISO 27017",

511

"referential_label": "ISO 27017",

512

"uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e"

512

"uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e"

513

},

513

},

514

{

514

{

515

"category": "Equipment",

515

"category": "Equipment",

516

"code": "11.2.7",

516

"code": "11.2.7",

517

"label": "Secure disposal or reuse of equipment",

517

"label": "Secure disposal or reuse of equipment",

518

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

518

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

519

"referential_label": "ISO 27017",

519

"referential_label": "ISO 27017",

520

"uuid": "81b8f773-4488-495e-a48e-337be46602cb"

520

"uuid": "81b8f773-4488-495e-a48e-337be46602cb"

521

},

521

},

522

{

522

{

523

"category": "Information security continuity",

523

"category": "Information security continuity",

524

"code": "17.1.2",

524

"code": "17.1.2",

525

"label": "Implementing information security continuity",

525

"label": "Implementing information security continuity",

526

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

526

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

527

"referential_label": "ISO 27017",

527

"referential_label": "ISO 27017",

528

"uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba"

528

"uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba"

529

},

529

},

530

{

530

{

531

"category": "Security in development and support processes",

531

"category": "Security in development and support processes",

532

"code": "14.2.8",

532

"code": "14.2.8",

533

"label": "System security testing",

533

"label": "System security testing",

534

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

534

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

535

"referential_label": "ISO 27017",

535

"referential_label": "ISO 27017",

536

"uuid": "82890d01-c97f-4388-b182-e3838afa9ee2"

536

"uuid": "82890d01-c97f-4388-b182-e3838afa9ee2"

537

},

537

},

538

{

538

{

539

"category": "Management of information security incidents and improvements",

539

"category": "Management of information security incidents and improvements",

540

"code": "16.1.6",

540

"code": "16.1.6",

541

"label": "Learning from information security incidents",

541

"label": "Learning from information security incidents",

542

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

542

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

543

"referential_label": "ISO 27017",

543

"referential_label": "ISO 27017",

544

"uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026"

544

"uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026"

545

},

545

},

546

{

546

{

547

"category": "Information systems audit considerations",

547

"category": "Information systems audit considerations",

548

"code": "12.7.1",

548

"code": "12.7.1",

549

"label": "Information systems audit controls",

549

"label": "Information systems audit controls",

550

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

550

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

551

"referential_label": "ISO 27017",

551

"referential_label": "ISO 27017",

552

"uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca"

552

"uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca"

553

},

553

},

554

{

554

{

555

"category": "During employment",

555

"category": "During employment",

556

"code": "7.2.2",

556

"code": "7.2.2",

557

"label": "Information security awareness, education and training",

557

"label": "Information security awareness, education and training",

558

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

558

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

559

"referential_label": "ISO 27017",

559

"referential_label": "ISO 27017",

560

"uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2"

560

"uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2"

561

},

561

},

562

{

562

{

563

"category": "Logging and monitoring",

563

"category": "Logging and monitoring",

564

"code": "12.4.3",

564

"code": "12.4.3",

565

"label": "Administrator and operator logs",

565

"label": "Administrator and operator logs",

566

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

566

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

567

"referential_label": "ISO 27017",

567

"referential_label": "ISO 27017",

568

"uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af"

568

"uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af"

569

},

569

},

570

{

570

{

571

"category": "Compliance with legal and contractual requirements",

571

"category": "Compliance with legal and contractual requirements",

572

"code": "18.1.2",

572

"code": "18.1.2",

573

"label": "Intellectual property rights",

573

"label": "Intellectual property rights",

574

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

574

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

575

"referential_label": "ISO 27017",

575

"referential_label": "ISO 27017",

576

"uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979"

576

"uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979"

577

},

577

},

578

{

578

{

579

"category": "Redundancies",

579

"category": "Redundancies",

580

"code": "17.2.1",

580

"code": "17.2.1",

581

"label": "Availability of information processing facilities",

581

"label": "Availability of information processing facilities",

582

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

582

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

583

"referential_label": "ISO 27017",

583

"referential_label": "ISO 27017",

584

"uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f"

584

"uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f"

585

},

585

},

586

{

586

{

587

"category": "Cryptographic controls",

587

"category": "Cryptographic controls",

588

"code": "10.1.1",

588

"code": "10.1.1",

589

"label": "Policy on the use of cryptographic controls",

589

"label": "Policy on the use of cryptographic controls",

590

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

590

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

591

"referential_label": "ISO 27017",

591

"referential_label": "ISO 27017",

592

"uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598"

592

"uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598"

593

},

593

},

594

{

594

{

595

"category": "During employment",

595

"category": "During employment",

596

"code": "7.2.3",

596

"code": "7.2.3",

597

"label": "Disciplinary process",

597

"label": "Disciplinary process",

598

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

598

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

599

"referential_label": "ISO 27017",

599

"referential_label": "ISO 27017",

600

"uuid": "9ab263ad-4a10-4817-a993-93fff2444c61"

600

"uuid": "9ab263ad-4a10-4817-a993-93fff2444c61"

601

},

601

},

602

{

602

{

603

"category": "System and application access control",

603

"category": "System and application access control",

604

"code": "9.4.5",

604

"code": "9.4.5",

605

"label": "Access control to program source code",

605

"label": "Access control to program source code",

606

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

606

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

607

"referential_label": "ISO 27017",

607

"referential_label": "ISO 27017",

608

"uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e"

608

"uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e"

609

},

609

},

610

{

610

{

611

"category": "Information security reviews",

611

"category": "Information security reviews",

612

"code": "18.2.2",

612

"code": "18.2.2",

613

"label": "Compliance with security policies and standards",

613

"label": "Compliance with security policies and standards",

614

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

614

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

615

"referential_label": "ISO 27017",

615

"referential_label": "ISO 27017",

616

"uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d"

616

"uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d"

617

},

617

},

618

{

618

{

619

"category": "Management of information security incidents and improvements",

619

"category": "Management of information security incidents and improvements",

620

"code": "16.1.2",

620

"code": "16.1.2",

621

"label": "Reporting information security events",

621

"label": "Reporting information security events",

622

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

622

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

623

"referential_label": "ISO 27017",

623

"referential_label": "ISO 27017",

624

"uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea"

624

"uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea"

625

},

625

},

626

{

626

{

627

"category": "Operational procedures and responsibilities",

627

"category": "Operational procedures and responsibilities",

628

"code": "12.1.2",

628

"code": "12.1.2",

629

"label": "Change management",

629

"label": "Change management",

630

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

630

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

631

"referential_label": "ISO 27017",

631

"referential_label": "ISO 27017",

632

"uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d"

632

"uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d"

633

},

633

},

634

{

634

{

635

"category": "Management of information security incidents and improvements",

635

"category": "Management of information security incidents and improvements",

636

"code": "16.1.5",

636

"code": "16.1.5",

637

"label": "Response to information security incidents",

637

"label": "Response to information security incidents",

638

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

638

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

639

"referential_label": "ISO 27017",

639

"referential_label": "ISO 27017",

640

"uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318"

640

"uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318"

641

},

641

},

642

{

642

{

643

"category": "Security requirements of information systems",

643

"category": "Security requirements of information systems",

644

"code": "14.1.2",

644

"code": "14.1.2",

645

"label": "Securing applications services on public networks",

645

"label": "Securing applications services on public networks",

646

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

646

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

647

"referential_label": "ISO 27017",

647

"referential_label": "ISO 27017",

648

"uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1"

648

"uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1"

649

},

649

},

650

{

650

{

651

"category": "Secure areas",

651

"category": "Secure areas",

652

"code": "11.1.2",

652

"code": "11.1.2",

653

"label": "Physical entry controls",

653

"label": "Physical entry controls",

654

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

654

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

655

"referential_label": "ISO 27017",

655

"referential_label": "ISO 27017",

656

"uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3"

656

"uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3"

657

},

657

},

658

{

658

{

659

"category": "System and application access control",

659

"category": "System and application access control",

660

"code": "9.4.4",

660

"code": "9.4.4",

661

"label": "Use of privileged utility programs",

661

"label": "Use of privileged utility programs",

662

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

662

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

663

"referential_label": "ISO 27017",

663

"referential_label": "ISO 27017",

664

"uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12"

664

"uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12"

665

},

665

},

666

{

666

{

667

"category": "Equipment",

667

"category": "Equipment",

668

"code": "11.2.6",

668

"code": "11.2.6",

669

"label": "Security of equipment and assets off-premises",

669

"label": "Security of equipment and assets off-premises",

670

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

670

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

671

"referential_label": "ISO 27017",

671

"referential_label": "ISO 27017",

672

"uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87"

672

"uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87"

673

},

673

},

674

{

674

{

675

"category": "Secure areas",

675

"category": "Secure areas",

676

"code": "11.1.6",

676

"code": "11.1.6",

677

"label": "Delivery and loading areas",

677

"label": "Delivery and loading areas",

678

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

678

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

679

"referential_label": "ISO 27017",

679

"referential_label": "ISO 27017",

680

"uuid": "b98389fe-8024-4d51-90bb-869962c97898"

680

"uuid": "b98389fe-8024-4d51-90bb-869962c97898"

681

},

681

},

682

{

682

{

683

"category": "Media handling",

683

"category": "Media handling",

684

"code": "8.3.2",

684

"code": "8.3.2",

685

"label": "Disposal of media",

685

"label": "Disposal of media",

686

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

686

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

687

"referential_label": "ISO 27017",

687

"referential_label": "ISO 27017",

688

"uuid": "bae65eff-a2eb-4da1-899c-539f30f94963"

688

"uuid": "bae65eff-a2eb-4da1-899c-539f30f94963"

689

},

689

},

690

{

690

{

691

"category": "Information transfer",

691

"category": "Information transfer",

692

"code": "13.2.1",

692

"code": "13.2.1",

693

"label": "Information transfer policies and procedures",

693

"label": "Information transfer policies and procedures",

694

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

694

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

695

"referential_label": "ISO 27017",

695

"referential_label": "ISO 27017",

696

"uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb"

696

"uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb"

697

},

697

},

698

{

698

{

699

"category": "Information transfer",

699

"category": "Information transfer",

700

"code": "13.2.2",

700

"code": "13.2.2",

701

"label": "Agreements on information transfer",

701

"label": "Agreements on information transfer",

702

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

702

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

703

"referential_label": "ISO 27017",

703

"referential_label": "ISO 27017",

704

"uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0"

704

"uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0"

705

},

705

},

706

{

706

{

707

"category": "User access management",

707

"category": "User access management",

708

"code": "9.2.5",

708

"code": "9.2.5",

709

"label": "Review of user access rights",

709

"label": "Review of user access rights",

710

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

710

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

711

"referential_label": "ISO 27017",

711

"referential_label": "ISO 27017",

712

"uuid": "be07fc69-14fc-4c94-8626-083983f204f7"

712

"uuid": "be07fc69-14fc-4c94-8626-083983f204f7"

713

},

713

},

714

{

714

{

715

"category": "Access control of cloud service customer data in shared virtual environment",

715

"category": "Access control of cloud service customer data in shared virtual environment",

716

"code": "CLD.9.5.1",

716

"code": "CLD.9.5.1",

717

"label": "Segregation in virtual computing environments",

717

"label": "Segregation in virtual computing environments",

718

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

718

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

719

"referential_label": "ISO 27017",

719

"referential_label": "ISO 27017",

720

"uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748"

720

"uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748"

721

},

721

},

722

{

722

{

723

"category": "Mobile devices and teleworking",

723

"category": "Mobile devices and teleworking",

724

"code": "6.2.2",

724

"code": "6.2.2",

725

"label": "Teleworking",

725

"label": "Teleworking",

726

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

726

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

727

"referential_label": "ISO 27017",

727

"referential_label": "ISO 27017",

728

"uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb"

728

"uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb"

729

},

729

},

730

{

730

{

731

"category": "Management of information security incidents and improvements",

731

"category": "Management of information security incidents and improvements",

732

"code": "16.1.3",

732

"code": "16.1.3",

733

"label": "Reporting information security weakness",

733

"label": "Reporting information security weakness",

734

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

734

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

735

"referential_label": "ISO 27017",

735

"referential_label": "ISO 27017",

736

"uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf"

736

"uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf"

737

},

737

},

738

{

738

{

739

"category": "User access management",

739

"category": "User access management",

740

"code": "9.2.3",

740

"code": "9.2.3",

741

"label": "Management of privileged access rights",

741

"label": "Management of privileged access rights",

742

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

742

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

743

"referential_label": "ISO 27017",

743

"referential_label": "ISO 27017",

744

"uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141"

744

"uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141"

745

},

745

},

746

{

746

{

747

"category": "User access management",

747

"category": "User access management",

748

"code": "9.2.6",

748

"code": "9.2.6",

749

"label": "Removal or adjustment of access rights",

749

"label": "Removal or adjustment of access rights",

750

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

750

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

751

"referential_label": "ISO 27017",

751

"referential_label": "ISO 27017",

752

"uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb"

752

"uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb"

753

},

753

},

754

{

754

{

755

"category": "Security in development and support processes",

755

"category": "Security in development and support processes",

756

"code": "14.2.4",

756

"code": "14.2.4",

757

"label": "Restrictions on changes to software packages",

757

"label": "Restrictions on changes to software packages",

758

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

758

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

759

"referential_label": "ISO 27017",

759

"referential_label": "ISO 27017",

760

"uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1"

760

"uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1"

761

},

761

},

762

{

762

{

763

"category": "Logging and monitoring",

763

"category": "Logging and monitoring",

764

"code": "12.4.2",

764

"code": "12.4.2",

765

"label": "Protection of log information",

765

"label": "Protection of log information",

766

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

766

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

767

"referential_label": "ISO 27017",

767

"referential_label": "ISO 27017",

768

"uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29"

768

"uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29"

769

},

769

},

770

{

770

{

771

"category": "Security in development and support processes",

771

"category": "Security in development and support processes",

772

"code": "14.2.9",

772

"code": "14.2.9",

773

"label": "System acceptance testing",

773

"label": "System acceptance testing",

774

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

774

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

775

"referential_label": "ISO 27017",

775

"referential_label": "ISO 27017",

776

"uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf"

776

"uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf"

777

},

777

},

778

{

778

{

779

"category": "Prior to empoyment",

779

"category": "Prior to empoyment",

780

"code": "7.1.1",

780

"code": "7.1.1",

781

"label": "Screening",

781

"label": "Screening",

782

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

782

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

783

"referential_label": "ISO 27017",

783

"referential_label": "ISO 27017",

784

"uuid": "d063c875-6442-495b-9118-97906030ceef"

784

"uuid": "d063c875-6442-495b-9118-97906030ceef"

785

},

785

},

786

{

786

{

787

"category": "Security in development and support processes",

787

"category": "Security in development and support processes",

788

"code": "14.2.5",

788

"code": "14.2.5",

789

"label": "Secure system engineering principles",

789

"label": "Secure system engineering principles",

790

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

790

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

791

"referential_label": "ISO 27017",

791

"referential_label": "ISO 27017",

792

"uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0"

792

"uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0"

793

},

793

},

794

{

794

{

795

"category": "Responsibility for assets",

795

"category": "Responsibility for assets",

796

"code": "8.1.2",

796

"code": "8.1.2",

797

"label": "Owernship of assets",

797

"label": "Owernship of assets",

798

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

798

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

799

"referential_label": "ISO 27017",

799

"referential_label": "ISO 27017",

800

"uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff"

800

"uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff"

801

},

801

},

802

{

802

{

803

"category": "Equipment",

803

"category": "Equipment",

804

"code": "11.2.3",

804

"code": "11.2.3",

805

"label": "Cabling security",

805

"label": "Cabling security",

806

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

806

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

807

"referential_label": "ISO 27017",

807

"referential_label": "ISO 27017",

808

"uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33"

808

"uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33"

809

},

809

},

810

{

810

{

811

"category": "Information security reviews",

811

"category": "Information security reviews",

812

"code": "18.2.3",

812

"code": "18.2.3",

813

"label": "Technical compliance review",

813

"label": "Technical compliance review",

814

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

814

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

815

"referential_label": "ISO 27017",

815

"referential_label": "ISO 27017",

816

"uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65"

816

"uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65"

817

},

817

},

818

{

818

{

819

"category": "Network security management",

819

"category": "Network security management",

820

"code": "13.1.2",

820

"code": "13.1.2",

821

"label": "Security of network services",

821

"label": "Security of network services",

822

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

822

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

823

"referential_label": "ISO 27017",

823

"referential_label": "ISO 27017",

824

"uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533"

824

"uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533"

825

},

825

},

826

{

826

{

827

"category": "Information security reviews",

827

"category": "Information security reviews",

828

"code": "18.2.1",

828

"code": "18.2.1",

829

"label": "Independant review of information security",

829

"label": "Independant review of information security",

830

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

830

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

831

"referential_label": "ISO 27017",

831

"referential_label": "ISO 27017",

832

"uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a"

832

"uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a"

833

},

833

},

834

{

834

{

835

"category": "Business requirements of access control",

835

"category": "Business requirements of access control",

836

"code": "9.1.2",

836

"code": "9.1.2",

837

"label": "Access to networks and network services",

837

"label": "Access to networks and network services",

838

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

838

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

839

"referential_label": "ISO 27017",

839

"referential_label": "ISO 27017",

840

"uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be"

840

"uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be"

841

},

841

},

842

{

842

{

843

"category": "Test data",

843

"category": "Test data",

844

"code": "14.3.1",

844

"code": "14.3.1",

845

"label": "Protection of test data",

845

"label": "Protection of test data",

846

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

846

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

847

"referential_label": "ISO 27017",

847

"referential_label": "ISO 27017",

848

"uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee"

848

"uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee"

849

},

849

},

850

{

850

{

851

"category": "Prior to empoyment",

851

"category": "Prior to empoyment",

852

"code": "7.1.2",

852

"code": "7.1.2",

853

"label": "Terms and conditions of employment",

853

"label": "Terms and conditions of employment",

854

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

854

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

855

"referential_label": "ISO 27017",

855

"referential_label": "ISO 27017",

856

"uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80"

856

"uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80"

857

},

857

},

858

{

858

{

859

"category": "Compliance with legal and contractual requirements",

859

"category": "Compliance with legal and contractual requirements",

860

"code": "18.1.4",

860

"code": "18.1.4",

861

"label": "Privacy and protection of personally identifiable information",

861

"label": "Privacy and protection of personally identifiable information",

862

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

862

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

863

"referential_label": "ISO 27017",

863

"referential_label": "ISO 27017",

864

"uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45"

864

"uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45"

865

},

865

},

866

{

866

{

867

"category": "Logging and monitoring",

867

"category": "Logging and monitoring",

868

"code": "12.4.1",

868

"code": "12.4.1",

869

"label": "Event logging",

869

"label": "Event logging",

870

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

870

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

871

"referential_label": "ISO 27017",

871

"referential_label": "ISO 27017",

872

"uuid": "de5bec22-ea67-4e67-8d37-52303895c67f"

872

"uuid": "de5bec22-ea67-4e67-8d37-52303895c67f"

873

},

873

},

874

{

874

{

875

"category": "Information transfer",

875

"category": "Information transfer",

876

"code": "13.2.3",

876

"code": "13.2.3",

877

"label": "Electronic messaging",

877

"label": "Electronic messaging",

878

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

878

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

879

"referential_label": "ISO 27017",

879

"referential_label": "ISO 27017",

880

"uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714"

880

"uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714"

881

},

881

},

882

{

882

{

883

"category": "Compliance with legal and contractual requirements",

883

"category": "Compliance with legal and contractual requirements",

884

"code": "18.1.5",

884

"code": "18.1.5",

885

"label": "Regulation of cryptographic controls",

885

"label": "Regulation of cryptographic controls",

886

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

886

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

887

"referential_label": "ISO 27017",

887

"referential_label": "ISO 27017",

888

"uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b"

888

"uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b"

889

},

889

},

890

{

890

{

891

"category": "Operational procedures and responsibilities",

891

"category": "Operational procedures and responsibilities",

892

"code": "12.1.1",

892

"code": "12.1.1",

893

"label": "Documented operating procedures",

893

"label": "Documented operating procedures",

894

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

894

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

895

"referential_label": "ISO 27017",

895

"referential_label": "ISO 27017",

896

"uuid": "f0048224-5868-4d00-a32f-20725cd9752d"

896

"uuid": "f0048224-5868-4d00-a32f-20725cd9752d"

897

},

897

},

898

{

898

{

899

"category": "Technical vulnerability management",

899

"category": "Technical vulnerability management",

900

"code": "12.6.2",

900

"code": "12.6.2",

901

"label": "Restrictions on software installation",

901

"label": "Restrictions on software installation",

902

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

902

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

903

"referential_label": "ISO 27017",

903

"referential_label": "ISO 27017",

904

"uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a"

904

"uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a"

905

},

905

},

906

{

906

{

907

"category": "Equipment",

907

"category": "Equipment",

908

"code": "11.2.9",

908

"code": "11.2.9",

909

"label": "Clear desk and clear screen policy",

909

"label": "Clear desk and clear screen policy",

910

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

910

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

911

"referential_label": "ISO 27017",

911

"referential_label": "ISO 27017",

912

"uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b"

912

"uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b"

913

},

913

},

914

{

914

{

915

"category": "Media handling",

915

"category": "Media handling",

916

"code": "8.3.3",

916

"code": "8.3.3",

917

"label": "Physical media transfer",

917

"label": "Physical media transfer",

918

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

918

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

919

"referential_label": "ISO 27017",

919

"referential_label": "ISO 27017",

920

"uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee"

920

"uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee"

921

},

921

},

922

{

922

{

923

"category": "Secure areas",

923

"category": "Secure areas",

924

"code": "11.1.3",

924

"code": "11.1.3",

925

"label": "Securing offices, rooms and facilities",

925

"label": "Securing offices, rooms and facilities",

926

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

926

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

927

"referential_label": "ISO 27017",

927

"referential_label": "ISO 27017",

928

"uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4"

928

"uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4"

929

},

929

},

930

{

930

{

931

"category": "Protection from malware",

931

"category": "Protection from malware",

932

"code": "12.2.1",

932

"code": "12.2.1",

933

"label": "Controls against malware",

933

"label": "Controls against malware",

934

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

934

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

935

"referential_label": "ISO 27017",

935

"referential_label": "ISO 27017",

936

"uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab"

936

"uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab"

937

},

937

},

938

{

938

{

939

"category": "Information security policies",

939

"category": "Information security policies",

940

"code": "5.1.2",

940

"code": "5.1.2",

941

"label": "Review of the policies for information security",

941

"label": "Review of the policies for information security",

942

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

942

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

943

"referential_label": "ISO 27017",

943

"referential_label": "ISO 27017",

944

"uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977"

944

"uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977"

945

},

945

},

946

{

946

{

947

"category": "Compliance with legal and contractual requirements",

947

"category": "Compliance with legal and contractual requirements",

948

"code": "18.1.1",

948

"code": "18.1.1",

949

"label": "Identification of applicable legislation and contractual requirements",

949

"label": "Identification of applicable legislation and contractual requirements",

950

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

950

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

951

"referential_label": "ISO 27017",

951

"referential_label": "ISO 27017",

952

"uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab"

952

"uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab"

953

},

953

},

954

{

954

{

955

"category": "User responsabilities",

955

"category": "User responsabilities",

956

"code": "9.3.1",

956

"code": "9.3.1",

957

"label": "Use of secret authentication information",

957

"label": "Use of secret authentication information",

958

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

958

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

959

"referential_label": "ISO 27017",

959

"referential_label": "ISO 27017",

960

"uuid": "fe3e4943-3440-4818-903d-664972cfb466"

960

"uuid": "fe3e4943-3440-4818-903d-664972cfb466"

961

},

961

},

962

{

962

{

963

"category": "Mobile devices and teleworking",

963

"category": "Mobile devices and teleworking",

964

"code": "6.2.1",

964

"code": "6.2.1",

965

"label": "Mobile device policy",

965

"label": "Mobile device policy",

966

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

966

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

967

"referential_label": "ISO 27017",

967

"referential_label": "ISO 27017",

968

"uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c"

968

"uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c"

969

},

969

},

970

{

970

{

971

"category": "Information security in supplier relationships",

971

"category": "Information security in supplier relationships",

972

"code": "15.1.2",

972

"code": "15.1.2",

973

"label": "Addressing security within supplier agreements",

973

"label": "Addressing security within supplier agreements",

974

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

974

"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",

975

"referential_label": "ISO 27017",

975

"referential_label": "ISO 27017",

976

"uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348"

976

"uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348"

977

}

977

}

978

],

978

],

979

"version": 1

979

"version": 1

980

}

980

}