Date: Aug 3, 2022, 12:22:32 PM
Date: Aug 3, 2022, 12:27:05 PM
Editor: Cedric
Name: ISO 27017
Name: ISO 27017
Description: ISO 27017 for Cloud Management
Description: ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.

t1{t1{
2    "authors": [2    "authors": [
3        "Jeremy Dannenmuller"3        "Jeremy Dannenmuller"
4    ],4    ],
5    "label": "ISO 27017",5    "label": "ISO 27017",
6    "language": "EN",6    "language": "EN",
7    "refs": "https://www.iso.org/fr/standard/43757.html",7    "refs": "https://www.iso.org/fr/standard/43757.html",
8    "uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",8    "uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
9    "values": [9    "values": [
10        {10        {
11            "category": "Security in development and support processes",11            "category": "Security in development and support processes",
12            "code": "14.2.2",12            "code": "14.2.2",
13            "label": "System change control procedures",13            "label": "System change control procedures",
14            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",14            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
15            "referential_label": "ISO 27017",15            "referential_label": "ISO 27017",
16            "uuid": "027c0996-57fa-44d3-85cd-6ea667923174"16            "uuid": "027c0996-57fa-44d3-85cd-6ea667923174"
17        },17        },
18        {18        {
19            "category": "Supplier service delivery management",19            "category": "Supplier service delivery management",
20            "code": "15.2.2",20            "code": "15.2.2",
21            "label": "Managing chages to supplier services",21            "label": "Managing chages to supplier services",
22            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",22            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
23            "referential_label": "ISO 27017",23            "referential_label": "ISO 27017",
24            "uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7"24            "uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7"
25        },25        },
26        {26        {
27            "category": "Security in development and support processes",27            "category": "Security in development and support processes",
28            "code": "14.2.1",28            "code": "14.2.1",
29            "label": "Secure development policy",29            "label": "Secure development policy",
30            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",30            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
31            "referential_label": "ISO 27017",31            "referential_label": "ISO 27017",
32            "uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b"32            "uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b"
33        },33        },
34        {34        {
35            "category": "Termination and change of employment",35            "category": "Termination and change of employment",
36            "code": "7.3.1",36            "code": "7.3.1",
37            "label": "Termination or change of employment responsabilities",37            "label": "Termination or change of employment responsabilities",
38            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",38            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
39            "referential_label": "ISO 27017",39            "referential_label": "ISO 27017",
40            "uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8"40            "uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8"
41        },41        },
42        {42        {
43            "category": "Secure areas",43            "category": "Secure areas",
44            "code": "11.1.1",44            "code": "11.1.1",
45            "label": "Physical security perimeter",45            "label": "Physical security perimeter",
46            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",46            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
47            "referential_label": "ISO 27017",47            "referential_label": "ISO 27017",
48            "uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3"48            "uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3"
49        },49        },
50        {50        {
51            "category": "During employment",51            "category": "During employment",
52            "code": "7.2.1",52            "code": "7.2.1",
53            "label": "Management responsabilities",53            "label": "Management responsabilities",
54            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",54            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
55            "referential_label": "ISO 27017",55            "referential_label": "ISO 27017",
56            "uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243"56            "uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243"
57        },57        },
58        {58        {
59            "category": "Logging and monitoring",59            "category": "Logging and monitoring",
60            "code": "12.4.4",60            "code": "12.4.4",
61            "label": "Clock synchronization",61            "label": "Clock synchronization",
62            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",62            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
63            "referential_label": "ISO 27017",63            "referential_label": "ISO 27017",
64            "uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2"64            "uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2"
65        },65        },
66        {66        {
67            "category": "Equipment",67            "category": "Equipment",
68            "code": "11.2.1",68            "code": "11.2.1",
69            "label": "Equipment siting and protection",69            "label": "Equipment siting and protection",
70            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",70            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
71            "referential_label": "ISO 27017",71            "referential_label": "ISO 27017",
72            "uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b"72            "uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b"
73        },73        },
74        {74        {
75            "category": "Business requirements of access control",75            "category": "Business requirements of access control",
76            "code": "9.1.1",76            "code": "9.1.1",
77            "label": "Access control policy",77            "label": "Access control policy",
78            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",78            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
79            "referential_label": "ISO 27017",79            "referential_label": "ISO 27017",
80            "uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f"80            "uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f"
81        },81        },
82        {82        {
83            "category": "Management of information security incidents and improvements",83            "category": "Management of information security incidents and improvements",
84            "code": "16.1.7",84            "code": "16.1.7",
85            "label": "Collection of evidence",85            "label": "Collection of evidence",
86            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",86            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
87            "referential_label": "ISO 27017",87            "referential_label": "ISO 27017",
88            "uuid": "1703d350-59d5-4510-bf45-d538e4c076a0"88            "uuid": "1703d350-59d5-4510-bf45-d538e4c076a0"
89        },89        },
90        {90        {
91            "category": "Security requirements of information systems",91            "category": "Security requirements of information systems",
92            "code": "14.1.1",92            "code": "14.1.1",
93            "label": "Information security requirements analysis and specification",93            "label": "Information security requirements analysis and specification",
94            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",94            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
95            "referential_label": "ISO 27017",95            "referential_label": "ISO 27017",
96            "uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b"96            "uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b"
97        },97        },
98        {98        {
99            "category": "Security in development and support processes",99            "category": "Security in development and support processes",
100            "code": "14.2.7",100            "code": "14.2.7",
101            "label": "Outsourced development",101            "label": "Outsourced development",
102            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",102            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
103            "referential_label": "ISO 27017",103            "referential_label": "ISO 27017",
104            "uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee"104            "uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee"
105        },105        },
106        {106        {
107            "category": "Equipment",107            "category": "Equipment",
108            "code": "11.2.8",108            "code": "11.2.8",
109            "label": "Unattended user equipment",109            "label": "Unattended user equipment",
110            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",110            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
111            "referential_label": "ISO 27017",111            "referential_label": "ISO 27017",
112            "uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2"112            "uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2"
113        },113        },
114        {114        {
115            "category": "Media handling",115            "category": "Media handling",
116            "code": "8.3.1",116            "code": "8.3.1",
117            "label": "Management or removable media",117            "label": "Management or removable media",
118            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",118            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
119            "referential_label": "ISO 27017",119            "referential_label": "ISO 27017",
120            "uuid": "2327176c-b127-4ad3-a1a9-710467ea246f"120            "uuid": "2327176c-b127-4ad3-a1a9-710467ea246f"
121        },121        },
122        {122        {
123            "category": "Security in development and support processes",123            "category": "Security in development and support processes",
124            "code": "14.2.6",124            "code": "14.2.6",
125            "label": "Secure development environment",125            "label": "Secure development environment",
126            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",126            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
127            "referential_label": "ISO 27017",127            "referential_label": "ISO 27017",
128            "uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7"128            "uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7"
129        },129        },
130        {130        {
131            "category": "Information security in supplier relationships",131            "category": "Information security in supplier relationships",
132            "code": "15.1.3",132            "code": "15.1.3",
133            "label": "Information and communication technology supply chain",133            "label": "Information and communication technology supply chain",
134            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",134            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
135            "referential_label": "ISO 27017",135            "referential_label": "ISO 27017",
136            "uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7"136            "uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7"
137        },137        },
138        {138        {
139            "category": "Operational procedures and responsibilities",139            "category": "Operational procedures and responsibilities",
140            "code": "CLD.12.1.5",140            "code": "CLD.12.1.5",
141            "label": "Administrator's operational security",141            "label": "Administrator's operational security",
142            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",142            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
143            "referential_label": "ISO 27017",143            "referential_label": "ISO 27017",
144            "uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038"144            "uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038"
145        },145        },
146        {146        {
147            "category": "Network security management",147            "category": "Network security management",
148            "code": "13.1.3",148            "code": "13.1.3",
149            "label": "Segregation in networks",149            "label": "Segregation in networks",
150            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",150            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
151            "referential_label": "ISO 27017",151            "referential_label": "ISO 27017",
152            "uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315"152            "uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315"
153        },153        },
154        {154        {
155            "category": "Relationship between cloud service customer and cloud service provider",155            "category": "Relationship between cloud service customer and cloud service provider",
156            "code": "CLD.6.3.1",156            "code": "CLD.6.3.1",
157            "label": "Shared roles and responsibilities within a cloud computing environment",157            "label": "Shared roles and responsibilities within a cloud computing environment",
158            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",158            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
159            "referential_label": "ISO 27017",159            "referential_label": "ISO 27017",
160            "uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662"160            "uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662"
161        },161        },
162        {162        {
163            "category": "Information security in supplier relationships",163            "category": "Information security in supplier relationships",
164            "code": "15.1.1",164            "code": "15.1.1",
165            "label": "Information security policy for supplier relationships",165            "label": "Information security policy for supplier relationships",
166            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",166            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
167            "referential_label": "ISO 27017",167            "referential_label": "ISO 27017",
168            "uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505"168            "uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505"
169        },169        },
170        {170        {
171            "category": "Information classification",171            "category": "Information classification",
172            "code": "8.2.2",172            "code": "8.2.2",
173            "label": "Labelling of information",173            "label": "Labelling of information",
174            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",174            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
175            "referential_label": "ISO 27017",175            "referential_label": "ISO 27017",
176            "uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392"176            "uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392"
177        },177        },
178        {178        {
179            "category": "Internal organization",179            "category": "Internal organization",
180            "code": "6.1.4",180            "code": "6.1.4",
181            "label": "Contact with special interest groups",181            "label": "Contact with special interest groups",
182            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",182            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
183            "referential_label": "ISO 27017",183            "referential_label": "ISO 27017",
184            "uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4"184            "uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4"
185        },185        },
186        {186        {
187            "category": "Secure areas",187            "category": "Secure areas",
188            "code": "11.1.4",188            "code": "11.1.4",
189            "label": "Protecting against external and environmental threats",189            "label": "Protecting against external and environmental threats",
190            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",190            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
191            "referential_label": "ISO 27017",191            "referential_label": "ISO 27017",
192            "uuid": "34ac073d-80ad-4503-b748-bcbad097ea26"192            "uuid": "34ac073d-80ad-4503-b748-bcbad097ea26"
193        },193        },
194        {194        {
195            "category": "Access control of cloud service customer data in shared virtual environment",195            "category": "Access control of cloud service customer data in shared virtual environment",
196            "code": "CLD.9.5.2",196            "code": "CLD.9.5.2",
197            "label": "Virtual machine hardening",197            "label": "Virtual machine hardening",
198            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",198            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
199            "referential_label": "ISO 27017",199            "referential_label": "ISO 27017",
200            "uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46"200            "uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46"
201        },201        },
202        {202        {
203            "category": "Compliance with legal and contractual requirements",203            "category": "Compliance with legal and contractual requirements",
204            "code": "18.1.3",204            "code": "18.1.3",
205            "label": "Protection of records",205            "label": "Protection of records",
206            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",206            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
207            "referential_label": "ISO 27017",207            "referential_label": "ISO 27017",
208            "uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88"208            "uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88"
209        },209        },
210        {210        {
211            "category": "Network security management",211            "category": "Network security management",
212            "code": "13.1.1",212            "code": "13.1.1",
213            "label": "Network controls",213            "label": "Network controls",
214            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",214            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
215            "referential_label": "ISO 27017",215            "referential_label": "ISO 27017",
216            "uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee"216            "uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee"
217        },217        },
218        {218        {
219            "category": "Responsibility for assets",219            "category": "Responsibility for assets",
220            "code": "CLD.8.1.5",220            "code": "CLD.8.1.5",
221            "label": "Removal of cloud service customer assets",221            "label": "Removal of cloud service customer assets",
222            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",222            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
223            "referential_label": "ISO 27017",223            "referential_label": "ISO 27017",
224            "uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4"224            "uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4"
225        },225        },
226        {226        {
227            "category": "Equipment",227            "category": "Equipment",
228            "code": "11.2.4",228            "code": "11.2.4",
229            "label": "Equipment maintenance",229            "label": "Equipment maintenance",
230            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",230            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
231            "referential_label": "ISO 27017",231            "referential_label": "ISO 27017",
232            "uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5"232            "uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5"
233        },233        },
234        {234        {
235            "category": "User access management",235            "category": "User access management",
236            "code": "9.2.4",236            "code": "9.2.4",
237            "label": "Management of secret authentication information of users",237            "label": "Management of secret authentication information of users",
238            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",238            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
239            "referential_label": "ISO 27017",239            "referential_label": "ISO 27017",
240            "uuid": "3c138556-2201-4b36-8907-f6c0f57d420b"240            "uuid": "3c138556-2201-4b36-8907-f6c0f57d420b"
241        },241        },
242        {242        {
243            "category": "Logging and monitoring",243            "category": "Logging and monitoring",
244            "code": "CLD.12.4.5",244            "code": "CLD.12.4.5",
245            "label": "Monitoring of Cloud Services",245            "label": "Monitoring of Cloud Services",
246            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",246            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
247            "referential_label": "ISO 27017",247            "referential_label": "ISO 27017",
248            "uuid": "439a4491-65aa-4990-b6e4-6e10af836373"248            "uuid": "439a4491-65aa-4990-b6e4-6e10af836373"
249        },249        },
250        {250        {
251            "category": "Responsibility for assets",251            "category": "Responsibility for assets",
252            "code": "8.1.1",252            "code": "8.1.1",
253            "label": "Inventory of assets",253            "label": "Inventory of assets",
254            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",254            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
255            "referential_label": "ISO 27017",255            "referential_label": "ISO 27017",
256            "uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46"256            "uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46"
257        },257        },
258        {258        {
259            "category": "System and application access control",259            "category": "System and application access control",
260            "code": "9.4.3",260            "code": "9.4.3",
261            "label": "Password management system",261            "label": "Password management system",
262            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",262            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
263            "referential_label": "ISO 27017",263            "referential_label": "ISO 27017",
264            "uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d"264            "uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d"
265        },265        },
266        {266        {
267            "category": "Information security policies",267            "category": "Information security policies",
268            "code": "5.1.1",268            "code": "5.1.1",
269            "label": "Policies for information security",269            "label": "Policies for information security",
270            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",270            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
271            "referential_label": "ISO 27017",271            "referential_label": "ISO 27017",
272            "uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f"272            "uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f"
273        },273        },
274        {274        {
275            "category": "Management of information security incidents and improvements",275            "category": "Management of information security incidents and improvements",
276            "code": "16.1.1",276            "code": "16.1.1",
277            "label": "Responsabilities and procedures",277            "label": "Responsabilities and procedures",
278            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",278            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
279            "referential_label": "ISO 27017",279            "referential_label": "ISO 27017",
280            "uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5"280            "uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5"
281        },281        },
282        {282        {
283            "category": "Internal organization",283            "category": "Internal organization",
284            "code": "6.1.5",284            "code": "6.1.5",
285            "label": "Information security in project management",285            "label": "Information security in project management",
286            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",286            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
287            "referential_label": "ISO 27017",287            "referential_label": "ISO 27017",
288            "uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98"288            "uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98"
289        },289        },
290        {290        {
291            "category": "Control of operational software",291            "category": "Control of operational software",
292            "code": "12.5.1",292            "code": "12.5.1",
293            "label": "Installation of software on operational systems",293            "label": "Installation of software on operational systems",
294            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",294            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
295            "referential_label": "ISO 27017",295            "referential_label": "ISO 27017",
296            "uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933"296            "uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933"
297        },297        },
298        {298        {
299            "category": "Information classification",299            "category": "Information classification",
300            "code": "8.2.3",300            "code": "8.2.3",
301            "label": "Handling of assets",301            "label": "Handling of assets",
302            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",302            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
303            "referential_label": "ISO 27017",303            "referential_label": "ISO 27017",
304            "uuid": "4dabfd52-4369-4999-9091-6a346703e981"304            "uuid": "4dabfd52-4369-4999-9091-6a346703e981"
305        },305        },
306        {306        {
307            "category": "Secure areas",307            "category": "Secure areas",
308            "code": "11.1.5",308            "code": "11.1.5",
309            "label": "Working in secure areas",309            "label": "Working in secure areas",
310            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",310            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
311            "referential_label": "ISO 27017",311            "referential_label": "ISO 27017",
312            "uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff"312            "uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff"
313        },313        },
314        {314        {
315            "category": "Internal organization",315            "category": "Internal organization",
316            "code": "6.1.1",316            "code": "6.1.1",
317            "label": "Information security roles and responsabilities",317            "label": "Information security roles and responsabilities",
318            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",318            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
319            "referential_label": "ISO 27017",319            "referential_label": "ISO 27017",
320            "uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e"320            "uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e"
321        },321        },
322        {322        {
323            "category": "Security in development and support processes",323            "category": "Security in development and support processes",
324            "code": "14.2.3",324            "code": "14.2.3",
325            "label": "Technical review of applications after operating platform changes",325            "label": "Technical review of applications after operating platform changes",
326            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",326            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
327            "referential_label": "ISO 27017",327            "referential_label": "ISO 27017",
328            "uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4"328            "uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4"
329        },329        },
330        {330        {
331            "category": "System and application access control",331            "category": "System and application access control",
332            "code": "9.4.1",332            "code": "9.4.1",
333            "label": "Information access restriction",333            "label": "Information access restriction",
334            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",334            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
335            "referential_label": "ISO 27017",335            "referential_label": "ISO 27017",
336            "uuid": "553e228a-15dd-430c-a35b-604b9fccd629"336            "uuid": "553e228a-15dd-430c-a35b-604b9fccd629"
337        },337        },
338        {338        {
339            "category": "User access management",339            "category": "User access management",
340            "code": "9.2.2",340            "code": "9.2.2",
341            "label": "User access provisioning",341            "label": "User access provisioning",
342            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",342            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
343            "referential_label": "ISO 27017",343            "referential_label": "ISO 27017",
344            "uuid": "55677739-524b-4167-a2e1-1dc5356e4764"344            "uuid": "55677739-524b-4167-a2e1-1dc5356e4764"
345        },345        },
346        {346        {
347            "category": "Equipment",347            "category": "Equipment",
348            "code": "11.2.5",348            "code": "11.2.5",
349            "label": "Removal of assets",349            "label": "Removal of assets",
350            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",350            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
351            "referential_label": "ISO 27017",351            "referential_label": "ISO 27017",
352            "uuid": "55f40782-51f0-4e9a-9cae-3898190144c4"352            "uuid": "55f40782-51f0-4e9a-9cae-3898190144c4"
353        },353        },
354        {354        {
355            "category": "Supplier service delivery management",355            "category": "Supplier service delivery management",
356            "code": "15.2.1",356            "code": "15.2.1",
357            "label": "Monitoring and review of supplier services",357            "label": "Monitoring and review of supplier services",
358            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",358            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
359            "referential_label": "ISO 27017",359            "referential_label": "ISO 27017",
360            "uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6"360            "uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6"
361        },361        },
362        {362        {
363            "category": "Information transfer",363            "category": "Information transfer",
364            "code": "13.2.4",364            "code": "13.2.4",
365            "label": "Confidentiality or non-disclosure agreements",365            "label": "Confidentiality or non-disclosure agreements",
366            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",366            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
367            "referential_label": "ISO 27017",367            "referential_label": "ISO 27017",
368            "uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a"368            "uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a"
369        },369        },
370        {370        {
371            "category": "Responsibility for assets",371            "category": "Responsibility for assets",
372            "code": "8.1.3",372            "code": "8.1.3",
373            "label": "The acceptable use of assets",373            "label": "The acceptable use of assets",
374            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",374            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
375            "referential_label": "ISO 27017",375            "referential_label": "ISO 27017",
376            "uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9"376            "uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9"
377        },377        },
378        {378        {
379            "category": "Internal organization",379            "category": "Internal organization",
380            "code": "6.1.3",380            "code": "6.1.3",
381            "label": "Contact with authorities",381            "label": "Contact with authorities",
382            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",382            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
383            "referential_label": "ISO 27017",383            "referential_label": "ISO 27017",
384            "uuid": "61bf6872-052b-468c-83b5-ea70d4530629"384            "uuid": "61bf6872-052b-468c-83b5-ea70d4530629"
385        },385        },
386        {386        {
387            "category": "Cryptographic controls",387            "category": "Cryptographic controls",
388            "code": "10.1.2",388            "code": "10.1.2",
389            "label": "Key management",389            "label": "Key management",
390            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",390            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
391            "referential_label": "ISO 27017",391            "referential_label": "ISO 27017",
392            "uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7"392            "uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7"
393        },393        },
394        {394        {
395            "category": "Operational procedures and responsibilities",395            "category": "Operational procedures and responsibilities",
396            "code": "12.1.4",396            "code": "12.1.4",
397            "label": "Separation of development, testing and operational environments",397            "label": "Separation of development, testing and operational environments",
398            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",398            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
399            "referential_label": "ISO 27017",399            "referential_label": "ISO 27017",
400            "uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804"400            "uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804"
401        },401        },
402        {402        {
403            "category": "Information security continuity",403            "category": "Information security continuity",
404            "code": "17.1.1",404            "code": "17.1.1",
405            "label": "Planning information security continuity",405            "label": "Planning information security continuity",
406            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",406            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
407            "referential_label": "ISO 27017",407            "referential_label": "ISO 27017",
408            "uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b"408            "uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b"
409        },409        },
410        {410        {
411            "category": "Management of information security incidents and improvements",411            "category": "Management of information security incidents and improvements",
412            "code": "16.1.4",412            "code": "16.1.4",
413            "label": "Assessment of and decision on information security events",413            "label": "Assessment of and decision on information security events",
414            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",414            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
415            "referential_label": "ISO 27017",415            "referential_label": "ISO 27017",
416            "uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82"416            "uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82"
417        },417        },
418        {418        {
419            "category": "Backup",419            "category": "Backup",
420            "code": "12.3.1",420            "code": "12.3.1",
421            "label": "Information backup",421            "label": "Information backup",
422            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",422            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
423            "referential_label": "ISO 27017",423            "referential_label": "ISO 27017",
424            "uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34"424            "uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34"
425        },425        },
426        {426        {
427            "category": "System and application access control",427            "category": "System and application access control",
428            "code": "9.4.2",428            "code": "9.4.2",
429            "label": "Secure log-on procedures",429            "label": "Secure log-on procedures",
430            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",430            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
431            "referential_label": "ISO 27017",431            "referential_label": "ISO 27017",
432            "uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac"432            "uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac"
433        },433        },
434        {434        {
435            "category": "User access management",435            "category": "User access management",
436            "code": "9.2.1",436            "code": "9.2.1",
437            "label": "User registration and deregistration",437            "label": "User registration and deregistration",
438            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",438            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
439            "referential_label": "ISO 27017",439            "referential_label": "ISO 27017",
440            "uuid": "680335b4-1efb-4257-ae7c-17de32670edd"440            "uuid": "680335b4-1efb-4257-ae7c-17de32670edd"
441        },441        },
442        {442        {
443            "category": "Internal organization",443            "category": "Internal organization",
444            "code": "6.1.2",444            "code": "6.1.2",
445            "label": "Segregtion of duties",445            "label": "Segregtion of duties",
446            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",446            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
447            "referential_label": "ISO 27017",447            "referential_label": "ISO 27017",
448            "uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0"448            "uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0"
449        },449        },
450        {450        {
451            "category": "Information security continuity",451            "category": "Information security continuity",
452            "code": "17.1.3",452            "code": "17.1.3",
453            "label": "Verify, review and evaluate information security continuity",453            "label": "Verify, review and evaluate information security continuity",
454            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",454            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
455            "referential_label": "ISO 27017",455            "referential_label": "ISO 27017",
456            "uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7"456            "uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7"
457        },457        },
458        {458        {
459            "category": "Security requirements of information systems",459            "category": "Security requirements of information systems",
460            "code": "14.1.3",460            "code": "14.1.3",
461            "label": "Protecting application services transactions",461            "label": "Protecting application services transactions",
462            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",462            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
463            "referential_label": "ISO 27017",463            "referential_label": "ISO 27017",
464            "uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d"464            "uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d"
465        },465        },
466        {466        {
467            "category": "Network security management",467            "category": "Network security management",
468            "code": "CLD.13.1.4",468            "code": "CLD.13.1.4",
469            "label": "Alignment of security management for virtual and physical networks",469            "label": "Alignment of security management for virtual and physical networks",
470            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",470            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
471            "referential_label": "ISO 27017",471            "referential_label": "ISO 27017",
472            "uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63"472            "uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63"
473        },473        },
474        {474        {
475            "category": "Equipment",475            "category": "Equipment",
476            "code": "11.2.2",476            "code": "11.2.2",
477            "label": "Supporting utilities",477            "label": "Supporting utilities",
478            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",478            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
479            "referential_label": "ISO 27017",479            "referential_label": "ISO 27017",
480            "uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25"480            "uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25"
481        },481        },
482        {482        {
483            "category": "Responsibility for assets",483            "category": "Responsibility for assets",
484            "code": "8.1.4",484            "code": "8.1.4",
485            "label": "Return of assets",485            "label": "Return of assets",
486            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",486            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
487            "referential_label": "ISO 27017",487            "referential_label": "ISO 27017",
488            "uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823"488            "uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823"
489        },489        },
490        {490        {
491            "category": "Technical vulnerability management",491            "category": "Technical vulnerability management",
492            "code": "12.6.1",492            "code": "12.6.1",
493            "label": "Management of technical vulnerabilities",493            "label": "Management of technical vulnerabilities",
494            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",494            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
495            "referential_label": "ISO 27017",495            "referential_label": "ISO 27017",
496            "uuid": "71839786-0214-4608-80be-2555ee0334aa"496            "uuid": "71839786-0214-4608-80be-2555ee0334aa"
497        },497        },
498        {498        {
499            "category": "Information classification",499            "category": "Information classification",
500            "code": "8.2.1",500            "code": "8.2.1",
501            "label": "Classification of information",501            "label": "Classification of information",
502            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",502            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
503            "referential_label": "ISO 27017",503            "referential_label": "ISO 27017",
504            "uuid": "77e30376-3b61-4675-95dc-329c7c2186b8"504            "uuid": "77e30376-3b61-4675-95dc-329c7c2186b8"
505        },505        },
506        {506        {
507            "category": "Operational procedures and responsibilities",507            "category": "Operational procedures and responsibilities",
508            "code": "12.1.3",508            "code": "12.1.3",
509            "label": "Capacity management",509            "label": "Capacity management",
510            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",510            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
511            "referential_label": "ISO 27017",511            "referential_label": "ISO 27017",
512            "uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e"512            "uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e"
513        },513        },
514        {514        {
515            "category": "Equipment",515            "category": "Equipment",
516            "code": "11.2.7",516            "code": "11.2.7",
517            "label": "Secure disposal or reuse of equipment",517            "label": "Secure disposal or reuse of equipment",
518            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",518            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
519            "referential_label": "ISO 27017",519            "referential_label": "ISO 27017",
520            "uuid": "81b8f773-4488-495e-a48e-337be46602cb"520            "uuid": "81b8f773-4488-495e-a48e-337be46602cb"
521        },521        },
522        {522        {
523            "category": "Information security continuity",523            "category": "Information security continuity",
524            "code": "17.1.2",524            "code": "17.1.2",
525            "label": "Implementing information security continuity",525            "label": "Implementing information security continuity",
526            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",526            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
527            "referential_label": "ISO 27017",527            "referential_label": "ISO 27017",
528            "uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba"528            "uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba"
529        },529        },
530        {530        {
531            "category": "Security in development and support processes",531            "category": "Security in development and support processes",
532            "code": "14.2.8",532            "code": "14.2.8",
533            "label": "System security testing",533            "label": "System security testing",
534            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",534            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
535            "referential_label": "ISO 27017",535            "referential_label": "ISO 27017",
536            "uuid": "82890d01-c97f-4388-b182-e3838afa9ee2"536            "uuid": "82890d01-c97f-4388-b182-e3838afa9ee2"
537        },537        },
538        {538        {
539            "category": "Management of information security incidents and improvements",539            "category": "Management of information security incidents and improvements",
540            "code": "16.1.6",540            "code": "16.1.6",
541            "label": "Learning from information security incidents",541            "label": "Learning from information security incidents",
542            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",542            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
543            "referential_label": "ISO 27017",543            "referential_label": "ISO 27017",
544            "uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026"544            "uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026"
545        },545        },
546        {546        {
547            "category": "Information systems audit considerations",547            "category": "Information systems audit considerations",
548            "code": "12.7.1",548            "code": "12.7.1",
549            "label": "Information systems audit controls",549            "label": "Information systems audit controls",
550            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",550            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
551            "referential_label": "ISO 27017",551            "referential_label": "ISO 27017",
552            "uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca"552            "uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca"
553        },553        },
554        {554        {
555            "category": "During employment",555            "category": "During employment",
556            "code": "7.2.2",556            "code": "7.2.2",
557            "label": "Information security awareness, education and training",557            "label": "Information security awareness, education and training",
558            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",558            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
559            "referential_label": "ISO 27017",559            "referential_label": "ISO 27017",
560            "uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2"560            "uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2"
561        },561        },
562        {562        {
563            "category": "Logging and monitoring",563            "category": "Logging and monitoring",
564            "code": "12.4.3",564            "code": "12.4.3",
565            "label": "Administrator and operator logs",565            "label": "Administrator and operator logs",
566            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",566            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
567            "referential_label": "ISO 27017",567            "referential_label": "ISO 27017",
568            "uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af"568            "uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af"
569        },569        },
570        {570        {
571            "category": "Compliance with legal and contractual requirements",571            "category": "Compliance with legal and contractual requirements",
572            "code": "18.1.2",572            "code": "18.1.2",
573            "label": "Intellectual property rights",573            "label": "Intellectual property rights",
574            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",574            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
575            "referential_label": "ISO 27017",575            "referential_label": "ISO 27017",
576            "uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979"576            "uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979"
577        },577        },
578        {578        {
579            "category": "Redundancies",579            "category": "Redundancies",
580            "code": "17.2.1",580            "code": "17.2.1",
581            "label": "Availability of information processing facilities",581            "label": "Availability of information processing facilities",
582            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",582            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
583            "referential_label": "ISO 27017",583            "referential_label": "ISO 27017",
584            "uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f"584            "uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f"
585        },585        },
586        {586        {
587            "category": "Cryptographic controls",587            "category": "Cryptographic controls",
588            "code": "10.1.1",588            "code": "10.1.1",
589            "label": "Policy on the use of cryptographic controls",589            "label": "Policy on the use of cryptographic controls",
590            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",590            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
591            "referential_label": "ISO 27017",591            "referential_label": "ISO 27017",
592            "uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598"592            "uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598"
593        },593        },
594        {594        {
595            "category": "During employment",595            "category": "During employment",
596            "code": "7.2.3",596            "code": "7.2.3",
597            "label": "Disciplinary process",597            "label": "Disciplinary process",
598            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",598            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
599            "referential_label": "ISO 27017",599            "referential_label": "ISO 27017",
600            "uuid": "9ab263ad-4a10-4817-a993-93fff2444c61"600            "uuid": "9ab263ad-4a10-4817-a993-93fff2444c61"
601        },601        },
602        {602        {
603            "category": "System and application access control",603            "category": "System and application access control",
604            "code": "9.4.5",604            "code": "9.4.5",
605            "label": "Access control to program source code",605            "label": "Access control to program source code",
606            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",606            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
607            "referential_label": "ISO 27017",607            "referential_label": "ISO 27017",
608            "uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e"608            "uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e"
609        },609        },
610        {610        {
611            "category": "Information security reviews",611            "category": "Information security reviews",
612            "code": "18.2.2",612            "code": "18.2.2",
613            "label": "Compliance with security policies and standards",613            "label": "Compliance with security policies and standards",
614            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",614            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
615            "referential_label": "ISO 27017",615            "referential_label": "ISO 27017",
616            "uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d"616            "uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d"
617        },617        },
618        {618        {
619            "category": "Management of information security incidents and improvements",619            "category": "Management of information security incidents and improvements",
620            "code": "16.1.2",620            "code": "16.1.2",
621            "label": "Reporting information security events",621            "label": "Reporting information security events",
622            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",622            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
623            "referential_label": "ISO 27017",623            "referential_label": "ISO 27017",
624            "uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea"624            "uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea"
625        },625        },
626        {626        {
627            "category": "Operational procedures and responsibilities",627            "category": "Operational procedures and responsibilities",
628            "code": "12.1.2",628            "code": "12.1.2",
629            "label": "Change management",629            "label": "Change management",
630            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",630            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
631            "referential_label": "ISO 27017",631            "referential_label": "ISO 27017",
632            "uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d"632            "uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d"
633        },633        },
634        {634        {
635            "category": "Management of information security incidents and improvements",635            "category": "Management of information security incidents and improvements",
636            "code": "16.1.5",636            "code": "16.1.5",
637            "label": "Response to information security incidents",637            "label": "Response to information security incidents",
638            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",638            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
639            "referential_label": "ISO 27017",639            "referential_label": "ISO 27017",
640            "uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318"640            "uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318"
641        },641        },
642        {642        {
643            "category": "Security requirements of information systems",643            "category": "Security requirements of information systems",
644            "code": "14.1.2",644            "code": "14.1.2",
645            "label": "Securing applications services on public networks",645            "label": "Securing applications services on public networks",
646            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",646            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
647            "referential_label": "ISO 27017",647            "referential_label": "ISO 27017",
648            "uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1"648            "uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1"
649        },649        },
650        {650        {
651            "category": "Secure areas",651            "category": "Secure areas",
652            "code": "11.1.2",652            "code": "11.1.2",
653            "label": "Physical entry controls",653            "label": "Physical entry controls",
654            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",654            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
655            "referential_label": "ISO 27017",655            "referential_label": "ISO 27017",
656            "uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3"656            "uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3"
657        },657        },
658        {658        {
659            "category": "System and application access control",659            "category": "System and application access control",
660            "code": "9.4.4",660            "code": "9.4.4",
661            "label": "Use of privileged utility programs",661            "label": "Use of privileged utility programs",
662            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",662            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
663            "referential_label": "ISO 27017",663            "referential_label": "ISO 27017",
664            "uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12"664            "uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12"
665        },665        },
666        {666        {
667            "category": "Equipment",667            "category": "Equipment",
668            "code": "11.2.6",668            "code": "11.2.6",
669            "label": "Security of equipment and assets off-premises",669            "label": "Security of equipment and assets off-premises",
670            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",670            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
671            "referential_label": "ISO 27017",671            "referential_label": "ISO 27017",
672            "uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87"672            "uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87"
673        },673        },
674        {674        {
675            "category": "Secure areas",675            "category": "Secure areas",
676            "code": "11.1.6",676            "code": "11.1.6",
677            "label": "Delivery and loading areas",677            "label": "Delivery and loading areas",
678            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",678            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
679            "referential_label": "ISO 27017",679            "referential_label": "ISO 27017",
680            "uuid": "b98389fe-8024-4d51-90bb-869962c97898"680            "uuid": "b98389fe-8024-4d51-90bb-869962c97898"
681        },681        },
682        {682        {
683            "category": "Media handling",683            "category": "Media handling",
684            "code": "8.3.2",684            "code": "8.3.2",
685            "label": "Disposal of media",685            "label": "Disposal of media",
686            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",686            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
687            "referential_label": "ISO 27017",687            "referential_label": "ISO 27017",
688            "uuid": "bae65eff-a2eb-4da1-899c-539f30f94963"688            "uuid": "bae65eff-a2eb-4da1-899c-539f30f94963"
689        },689        },
690        {690        {
691            "category": "Information transfer",691            "category": "Information transfer",
692            "code": "13.2.1",692            "code": "13.2.1",
693            "label": "Information transfer policies and procedures",693            "label": "Information transfer policies and procedures",
694            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",694            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
695            "referential_label": "ISO 27017",695            "referential_label": "ISO 27017",
696            "uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb"696            "uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb"
697        },697        },
698        {698        {
699            "category": "Information transfer",699            "category": "Information transfer",
700            "code": "13.2.2",700            "code": "13.2.2",
701            "label": "Agreements on information transfer",701            "label": "Agreements on information transfer",
702            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",702            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
703            "referential_label": "ISO 27017",703            "referential_label": "ISO 27017",
704            "uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0"704            "uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0"
705        },705        },
706        {706        {
707            "category": "User access management",707            "category": "User access management",
708            "code": "9.2.5",708            "code": "9.2.5",
709            "label": "Review of user access rights",709            "label": "Review of user access rights",
710            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",710            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
711            "referential_label": "ISO 27017",711            "referential_label": "ISO 27017",
712            "uuid": "be07fc69-14fc-4c94-8626-083983f204f7"712            "uuid": "be07fc69-14fc-4c94-8626-083983f204f7"
713        },713        },
714        {714        {
715            "category": "Access control of cloud service customer data in shared virtual environment",715            "category": "Access control of cloud service customer data in shared virtual environment",
716            "code": "CLD.9.5.1",716            "code": "CLD.9.5.1",
717            "label": "Segregation in virtual computing environments",717            "label": "Segregation in virtual computing environments",
718            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",718            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
719            "referential_label": "ISO 27017",719            "referential_label": "ISO 27017",
720            "uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748"720            "uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748"
721        },721        },
722        {722        {
723            "category": "Mobile devices and teleworking",723            "category": "Mobile devices and teleworking",
724            "code": "6.2.2",724            "code": "6.2.2",
725            "label": "Teleworking",725            "label": "Teleworking",
726            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",726            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
727            "referential_label": "ISO 27017",727            "referential_label": "ISO 27017",
728            "uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb"728            "uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb"
729        },729        },
730        {730        {
731            "category": "Management of information security incidents and improvements",731            "category": "Management of information security incidents and improvements",
732            "code": "16.1.3",732            "code": "16.1.3",
733            "label": "Reporting information security weakness",733            "label": "Reporting information security weakness",
734            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",734            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
735            "referential_label": "ISO 27017",735            "referential_label": "ISO 27017",
736            "uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf"736            "uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf"
737        },737        },
738        {738        {
739            "category": "User access management",739            "category": "User access management",
740            "code": "9.2.3",740            "code": "9.2.3",
741            "label": "Management of privileged access rights",741            "label": "Management of privileged access rights",
742            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",742            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
743            "referential_label": "ISO 27017",743            "referential_label": "ISO 27017",
744            "uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141"744            "uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141"
745        },745        },
746        {746        {
747            "category": "User access management",747            "category": "User access management",
748            "code": "9.2.6",748            "code": "9.2.6",
749            "label": "Removal or adjustment of access rights",749            "label": "Removal or adjustment of access rights",
750            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",750            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
751            "referential_label": "ISO 27017",751            "referential_label": "ISO 27017",
752            "uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb"752            "uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb"
753        },753        },
754        {754        {
755            "category": "Security in development and support processes",755            "category": "Security in development and support processes",
756            "code": "14.2.4",756            "code": "14.2.4",
757            "label": "Restrictions on changes to software packages",757            "label": "Restrictions on changes to software packages",
758            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",758            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
759            "referential_label": "ISO 27017",759            "referential_label": "ISO 27017",
760            "uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1"760            "uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1"
761        },761        },
762        {762        {
763            "category": "Logging and monitoring",763            "category": "Logging and monitoring",
764            "code": "12.4.2",764            "code": "12.4.2",
765            "label": "Protection of log information",765            "label": "Protection of log information",
766            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",766            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
767            "referential_label": "ISO 27017",767            "referential_label": "ISO 27017",
768            "uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29"768            "uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29"
769        },769        },
770        {770        {
771            "category": "Security in development and support processes",771            "category": "Security in development and support processes",
772            "code": "14.2.9",772            "code": "14.2.9",
773            "label": "System acceptance testing",773            "label": "System acceptance testing",
774            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",774            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
775            "referential_label": "ISO 27017",775            "referential_label": "ISO 27017",
776            "uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf"776            "uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf"
777        },777        },
778        {778        {
779            "category": "Prior to empoyment",779            "category": "Prior to empoyment",
780            "code": "7.1.1",780            "code": "7.1.1",
781            "label": "Screening",781            "label": "Screening",
782            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",782            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
783            "referential_label": "ISO 27017",783            "referential_label": "ISO 27017",
784            "uuid": "d063c875-6442-495b-9118-97906030ceef"784            "uuid": "d063c875-6442-495b-9118-97906030ceef"
785        },785        },
786        {786        {
787            "category": "Security in development and support processes",787            "category": "Security in development and support processes",
788            "code": "14.2.5",788            "code": "14.2.5",
789            "label": "Secure system engineering principles",789            "label": "Secure system engineering principles",
790            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",790            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
791            "referential_label": "ISO 27017",791            "referential_label": "ISO 27017",
792            "uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0"792            "uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0"
793        },793        },
794        {794        {
795            "category": "Responsibility for assets",795            "category": "Responsibility for assets",
796            "code": "8.1.2",796            "code": "8.1.2",
797            "label": "Owernship of assets",797            "label": "Owernship of assets",
798            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",798            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
799            "referential_label": "ISO 27017",799            "referential_label": "ISO 27017",
800            "uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff"800            "uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff"
801        },801        },
802        {802        {
803            "category": "Equipment",803            "category": "Equipment",
804            "code": "11.2.3",804            "code": "11.2.3",
805            "label": "Cabling security",805            "label": "Cabling security",
806            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",806            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
807            "referential_label": "ISO 27017",807            "referential_label": "ISO 27017",
808            "uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33"808            "uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33"
809        },809        },
810        {810        {
811            "category": "Information security reviews",811            "category": "Information security reviews",
812            "code": "18.2.3",812            "code": "18.2.3",
813            "label": "Technical compliance review",813            "label": "Technical compliance review",
814            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",814            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
815            "referential_label": "ISO 27017",815            "referential_label": "ISO 27017",
816            "uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65"816            "uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65"
817        },817        },
818        {818        {
819            "category": "Network security management",819            "category": "Network security management",
820            "code": "13.1.2",820            "code": "13.1.2",
821            "label": "Security of network services",821            "label": "Security of network services",
822            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",822            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
823            "referential_label": "ISO 27017",823            "referential_label": "ISO 27017",
824            "uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533"824            "uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533"
825        },825        },
826        {826        {
827            "category": "Information security reviews",827            "category": "Information security reviews",
828            "code": "18.2.1",828            "code": "18.2.1",
829            "label": "Independant review of information security",829            "label": "Independant review of information security",
830            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",830            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
831            "referential_label": "ISO 27017",831            "referential_label": "ISO 27017",
832            "uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a"832            "uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a"
833        },833        },
834        {834        {
835            "category": "Business requirements of access control",835            "category": "Business requirements of access control",
836            "code": "9.1.2",836            "code": "9.1.2",
837            "label": "Access to networks and network services",837            "label": "Access to networks and network services",
838            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",838            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
839            "referential_label": "ISO 27017",839            "referential_label": "ISO 27017",
840            "uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be"840            "uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be"
841        },841        },
842        {842        {
843            "category": "Test data",843            "category": "Test data",
844            "code": "14.3.1",844            "code": "14.3.1",
845            "label": "Protection of test data",845            "label": "Protection of test data",
846            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",846            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
847            "referential_label": "ISO 27017",847            "referential_label": "ISO 27017",
848            "uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee"848            "uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee"
849        },849        },
850        {850        {
851            "category": "Prior to empoyment",851            "category": "Prior to empoyment",
852            "code": "7.1.2",852            "code": "7.1.2",
853            "label": "Terms and conditions of employment",853            "label": "Terms and conditions of employment",
854            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",854            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
855            "referential_label": "ISO 27017",855            "referential_label": "ISO 27017",
856            "uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80"856            "uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80"
857        },857        },
858        {858        {
859            "category": "Compliance with legal and contractual requirements",859            "category": "Compliance with legal and contractual requirements",
860            "code": "18.1.4",860            "code": "18.1.4",
861            "label": "Privacy and protection of personally identifiable information",861            "label": "Privacy and protection of personally identifiable information",
862            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",862            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
863            "referential_label": "ISO 27017",863            "referential_label": "ISO 27017",
864            "uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45"864            "uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45"
865        },865        },
866        {866        {
867            "category": "Logging and monitoring",867            "category": "Logging and monitoring",
868            "code": "12.4.1",868            "code": "12.4.1",
869            "label": "Event logging",869            "label": "Event logging",
870            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",870            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
871            "referential_label": "ISO 27017",871            "referential_label": "ISO 27017",
872            "uuid": "de5bec22-ea67-4e67-8d37-52303895c67f"872            "uuid": "de5bec22-ea67-4e67-8d37-52303895c67f"
873        },873        },
874        {874        {
875            "category": "Information transfer",875            "category": "Information transfer",
876            "code": "13.2.3",876            "code": "13.2.3",
877            "label": "Electronic messaging",877            "label": "Electronic messaging",
878            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",878            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
879            "referential_label": "ISO 27017",879            "referential_label": "ISO 27017",
880            "uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714"880            "uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714"
881        },881        },
882        {882        {
883            "category": "Compliance with legal and contractual requirements",883            "category": "Compliance with legal and contractual requirements",
884            "code": "18.1.5",884            "code": "18.1.5",
885            "label": "Regulation of cryptographic controls",885            "label": "Regulation of cryptographic controls",
886            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",886            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
887            "referential_label": "ISO 27017",887            "referential_label": "ISO 27017",
888            "uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b"888            "uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b"
889        },889        },
890        {890        {
891            "category": "Operational procedures and responsibilities",891            "category": "Operational procedures and responsibilities",
892            "code": "12.1.1",892            "code": "12.1.1",
893            "label": "Documented operating procedures",893            "label": "Documented operating procedures",
894            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",894            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
895            "referential_label": "ISO 27017",895            "referential_label": "ISO 27017",
896            "uuid": "f0048224-5868-4d00-a32f-20725cd9752d"896            "uuid": "f0048224-5868-4d00-a32f-20725cd9752d"
897        },897        },
898        {898        {
899            "category": "Technical vulnerability management",899            "category": "Technical vulnerability management",
900            "code": "12.6.2",900            "code": "12.6.2",
901            "label": "Restrictions on software installation",901            "label": "Restrictions on software installation",
902            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",902            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
903            "referential_label": "ISO 27017",903            "referential_label": "ISO 27017",
904            "uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a"904            "uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a"
905        },905        },
906        {906        {
907            "category": "Equipment",907            "category": "Equipment",
908            "code": "11.2.9",908            "code": "11.2.9",
909            "label": "Clear desk and clear screen policy",909            "label": "Clear desk and clear screen policy",
910            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",910            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
911            "referential_label": "ISO 27017",911            "referential_label": "ISO 27017",
912            "uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b"912            "uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b"
913        },913        },
914        {914        {
915            "category": "Media handling",915            "category": "Media handling",
916            "code": "8.3.3",916            "code": "8.3.3",
917            "label": "Physical media transfer",917            "label": "Physical media transfer",
918            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",918            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
919            "referential_label": "ISO 27017",919            "referential_label": "ISO 27017",
920            "uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee"920            "uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee"
921        },921        },
922        {922        {
923            "category": "Secure areas",923            "category": "Secure areas",
924            "code": "11.1.3",924            "code": "11.1.3",
925            "label": "Securing offices, rooms and facilities",925            "label": "Securing offices, rooms and facilities",
926            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",926            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
927            "referential_label": "ISO 27017",927            "referential_label": "ISO 27017",
928            "uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4"928            "uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4"
929        },929        },
930        {930        {
931            "category": "Protection from malware",931            "category": "Protection from malware",
932            "code": "12.2.1",932            "code": "12.2.1",
933            "label": "Controls against malware",933            "label": "Controls against malware",
934            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",934            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
935            "referential_label": "ISO 27017",935            "referential_label": "ISO 27017",
936            "uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab"936            "uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab"
937        },937        },
938        {938        {
939            "category": "Information security policies",939            "category": "Information security policies",
940            "code": "5.1.2",940            "code": "5.1.2",
941            "label": "Review of the policies for information security",941            "label": "Review of the policies for information security",
942            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",942            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
943            "referential_label": "ISO 27017",943            "referential_label": "ISO 27017",
944            "uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977"944            "uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977"
945        },945        },
946        {946        {
947            "category": "Compliance with legal and contractual requirements",947            "category": "Compliance with legal and contractual requirements",
948            "code": "18.1.1",948            "code": "18.1.1",
949            "label": "Identification of applicable legislation and contractual requirements",949            "label": "Identification of applicable legislation and contractual requirements",
950            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",950            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
951            "referential_label": "ISO 27017",951            "referential_label": "ISO 27017",
952            "uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab"952            "uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab"
953        },953        },
954        {954        {
955            "category": "User responsabilities",955            "category": "User responsabilities",
956            "code": "9.3.1",956            "code": "9.3.1",
957            "label": "Use of secret authentication information",957            "label": "Use of secret authentication information",
958            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",958            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
959            "referential_label": "ISO 27017",959            "referential_label": "ISO 27017",
960            "uuid": "fe3e4943-3440-4818-903d-664972cfb466"960            "uuid": "fe3e4943-3440-4818-903d-664972cfb466"
961        },961        },
962        {962        {
963            "category": "Mobile devices and teleworking",963            "category": "Mobile devices and teleworking",
964            "code": "6.2.1",964            "code": "6.2.1",
965            "label": "Mobile device policy",965            "label": "Mobile device policy",
966            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",966            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
967            "referential_label": "ISO 27017",967            "referential_label": "ISO 27017",
968            "uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c"968            "uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c"
969        },969        },
970        {970        {
971            "category": "Information security in supplier relationships",971            "category": "Information security in supplier relationships",
972            "code": "15.1.2",972            "code": "15.1.2",
973            "label": "Addressing security within supplier agreements",973            "label": "Addressing security within supplier agreements",
974            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",974            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
975            "referential_label": "ISO 27017",975            "referential_label": "ISO 27017",
976            "uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348"976            "uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348"
977        }977        }
978    ],978    ],
979    "version": 1979    "version": 1
980}980}