Updated
Aug 3, 2022, 12:27:05 PM
Name
ISO 27017
Description
ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.

{
    "authors": [
        "Jeremy Dannenmuller"
    ],
    "label": "ISO 27017",
    "language": "EN",
    "refs": "https://www.iso.org/fr/standard/43757.html",
    "uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
    "values": [
        {
            "category": "Security in development and support processes",
            "code": "14.2.2",
            "label": "System change control procedures",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "027c0996-57fa-44d3-85cd-6ea667923174"
        },
        {
            "category": "Supplier service delivery management",
            "code": "15.2.2",
            "label": "Managing chages to supplier services",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.1",
            "label": "Secure development policy",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b"
        },
        {
            "category": "Termination and change of employment",
            "code": "7.3.1",
            "label": "Termination or change of employment responsabilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8"
        },
        {
            "category": "Secure areas",
            "code": "11.1.1",
            "label": "Physical security perimeter",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3"
        },
        {
            "category": "During employment",
            "code": "7.2.1",
            "label": "Management responsabilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243"
        },
        {
            "category": "Logging and monitoring",
            "code": "12.4.4",
            "label": "Clock synchronization",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2"
        },
        {
            "category": "Equipment",
            "code": "11.2.1",
            "label": "Equipment siting and protection",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b"
        },
        {
            "category": "Business requirements of access control",
            "code": "9.1.1",
            "label": "Access control policy",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.7",
            "label": "Collection of evidence",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "1703d350-59d5-4510-bf45-d538e4c076a0"
        },
        {
            "category": "Security requirements of information systems",
            "code": "14.1.1",
            "label": "Information security requirements analysis and specification",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.7",
            "label": "Outsourced development",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee"
        },
        {
            "category": "Equipment",
            "code": "11.2.8",
            "label": "Unattended user equipment",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2"
        },
        {
            "category": "Media handling",
            "code": "8.3.1",
            "label": "Management or removable media",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2327176c-b127-4ad3-a1a9-710467ea246f"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.6",
            "label": "Secure development environment",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7"
        },
        {
            "category": "Information security in supplier relationships",
            "code": "15.1.3",
            "label": "Information and communication technology supply chain",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7"
        },
        {
            "category": "Operational procedures and responsibilities",
            "code": "CLD.12.1.5",
            "label": "Administrator's operational security",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038"
        },
        {
            "category": "Network security management",
            "code": "13.1.3",
            "label": "Segregation in networks",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315"
        },
        {
            "category": "Relationship between cloud service customer and cloud service provider",
            "code": "CLD.6.3.1",
            "label": "Shared roles and responsibilities within a cloud computing environment",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662"
        },
        {
            "category": "Information security in supplier relationships",
            "code": "15.1.1",
            "label": "Information security policy for supplier relationships",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505"
        },
        {
            "category": "Information classification",
            "code": "8.2.2",
            "label": "Labelling of information",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392"
        },
        {
            "category": "Internal organization",
            "code": "6.1.4",
            "label": "Contact with special interest groups",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4"
        },
        {
            "category": "Secure areas",
            "code": "11.1.4",
            "label": "Protecting against external and environmental threats",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "34ac073d-80ad-4503-b748-bcbad097ea26"
        },
        {
            "category": "Access control of cloud service customer data in shared virtual environment",
            "code": "CLD.9.5.2",
            "label": "Virtual machine hardening",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46"
        },
        {
            "category": "Compliance with legal and contractual requirements",
            "code": "18.1.3",
            "label": "Protection of records",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88"
        },
        {
            "category": "Network security management",
            "code": "13.1.1",
            "label": "Network controls",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee"
        },
        {
            "category": "Responsibility for assets",
            "code": "CLD.8.1.5",
            "label": "Removal of cloud service customer assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4"
        },
        {
            "category": "Equipment",
            "code": "11.2.4",
            "label": "Equipment maintenance",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5"
        },
        {
            "category": "User access management",
            "code": "9.2.4",
            "label": "Management of secret authentication information of users",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "3c138556-2201-4b36-8907-f6c0f57d420b"
        },
        {
            "category": "Logging and monitoring",
            "code": "CLD.12.4.5",
            "label": "Monitoring of Cloud Services",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "439a4491-65aa-4990-b6e4-6e10af836373"
        },
        {
            "category": "Responsibility for assets",
            "code": "8.1.1",
            "label": "Inventory of assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46"
        },
        {
            "category": "System and application access control",
            "code": "9.4.3",
            "label": "Password management system",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d"
        },
        {
            "category": "Information security policies",
            "code": "5.1.1",
            "label": "Policies for information security",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.1",
            "label": "Responsabilities and procedures",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5"
        },
        {
            "category": "Internal organization",
            "code": "6.1.5",
            "label": "Information security in project management",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98"
        },
        {
            "category": "Control of operational software",
            "code": "12.5.1",
            "label": "Installation of software on operational systems",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933"
        },
        {
            "category": "Information classification",
            "code": "8.2.3",
            "label": "Handling of assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "4dabfd52-4369-4999-9091-6a346703e981"
        },
        {
            "category": "Secure areas",
            "code": "11.1.5",
            "label": "Working in secure areas",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff"
        },
        {
            "category": "Internal organization",
            "code": "6.1.1",
            "label": "Information security roles and responsabilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.3",
            "label": "Technical review of applications after operating platform changes",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4"
        },
        {
            "category": "System and application access control",
            "code": "9.4.1",
            "label": "Information access restriction",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "553e228a-15dd-430c-a35b-604b9fccd629"
        },
        {
            "category": "User access management",
            "code": "9.2.2",
            "label": "User access provisioning",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "55677739-524b-4167-a2e1-1dc5356e4764"
        },
        {
            "category": "Equipment",
            "code": "11.2.5",
            "label": "Removal of assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "55f40782-51f0-4e9a-9cae-3898190144c4"
        },
        {
            "category": "Supplier service delivery management",
            "code": "15.2.1",
            "label": "Monitoring and review of supplier services",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6"
        },
        {
            "category": "Information transfer",
            "code": "13.2.4",
            "label": "Confidentiality or non-disclosure agreements",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a"
        },
        {
            "category": "Responsibility for assets",
            "code": "8.1.3",
            "label": "The acceptable use of assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9"
        },
        {
            "category": "Internal organization",
            "code": "6.1.3",
            "label": "Contact with authorities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "61bf6872-052b-468c-83b5-ea70d4530629"
        },
        {
            "category": "Cryptographic controls",
            "code": "10.1.2",
            "label": "Key management",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7"
        },
        {
            "category": "Operational procedures and responsibilities",
            "code": "12.1.4",
            "label": "Separation of development, testing and operational environments",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804"
        },
        {
            "category": "Information security continuity",
            "code": "17.1.1",
            "label": "Planning information security continuity",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.4",
            "label": "Assessment of and decision on information security events",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82"
        },
        {
            "category": "Backup",
            "code": "12.3.1",
            "label": "Information backup",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34"
        },
        {
            "category": "System and application access control",
            "code": "9.4.2",
            "label": "Secure log-on procedures",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac"
        },
        {
            "category": "User access management",
            "code": "9.2.1",
            "label": "User registration and deregistration",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "680335b4-1efb-4257-ae7c-17de32670edd"
        },
        {
            "category": "Internal organization",
            "code": "6.1.2",
            "label": "Segregtion of duties",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0"
        },
        {
            "category": "Information security continuity",
            "code": "17.1.3",
            "label": "Verify, review and evaluate information security continuity",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7"
        },
        {
            "category": "Security requirements of information systems",
            "code": "14.1.3",
            "label": "Protecting application services transactions",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d"
        },
        {
            "category": "Network security management",
            "code": "CLD.13.1.4",
            "label": "Alignment of security management for virtual and physical networks",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63"
        },
        {
            "category": "Equipment",
            "code": "11.2.2",
            "label": "Supporting utilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25"
        },
        {
            "category": "Responsibility for assets",
            "code": "8.1.4",
            "label": "Return of assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823"
        },
        {
            "category": "Technical vulnerability management",
            "code": "12.6.1",
            "label": "Management of technical vulnerabilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "71839786-0214-4608-80be-2555ee0334aa"
        },
        {
            "category": "Information classification",
            "code": "8.2.1",
            "label": "Classification of information",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "77e30376-3b61-4675-95dc-329c7c2186b8"
        },
        {
            "category": "Operational procedures and responsibilities",
            "code": "12.1.3",
            "label": "Capacity management",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e"
        },
        {
            "category": "Equipment",
            "code": "11.2.7",
            "label": "Secure disposal or reuse of equipment",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "81b8f773-4488-495e-a48e-337be46602cb"
        },
        {
            "category": "Information security continuity",
            "code": "17.1.2",
            "label": "Implementing information security continuity",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.8",
            "label": "System security testing",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "82890d01-c97f-4388-b182-e3838afa9ee2"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.6",
            "label": "Learning from information security incidents",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026"
        },
        {
            "category": "Information systems audit considerations",
            "code": "12.7.1",
            "label": "Information systems audit controls",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca"
        },
        {
            "category": "During employment",
            "code": "7.2.2",
            "label": "Information security awareness, education and training",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2"
        },
        {
            "category": "Logging and monitoring",
            "code": "12.4.3",
            "label": "Administrator and operator logs",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af"
        },
        {
            "category": "Compliance with legal and contractual requirements",
            "code": "18.1.2",
            "label": "Intellectual property rights",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979"
        },
        {
            "category": "Redundancies",
            "code": "17.2.1",
            "label": "Availability of information processing facilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f"
        },
        {
            "category": "Cryptographic controls",
            "code": "10.1.1",
            "label": "Policy on the use of cryptographic controls",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598"
        },
        {
            "category": "During employment",
            "code": "7.2.3",
            "label": "Disciplinary process",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "9ab263ad-4a10-4817-a993-93fff2444c61"
        },
        {
            "category": "System and application access control",
            "code": "9.4.5",
            "label": "Access control to program source code",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e"
        },
        {
            "category": "Information security reviews",
            "code": "18.2.2",
            "label": "Compliance with security policies and standards",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.2",
            "label": "Reporting information security events",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea"
        },
        {
            "category": "Operational procedures and responsibilities",
            "code": "12.1.2",
            "label": "Change management",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.5",
            "label": "Response to information security incidents",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318"
        },
        {
            "category": "Security requirements of information systems",
            "code": "14.1.2",
            "label": "Securing applications services on public networks",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1"
        },
        {
            "category": "Secure areas",
            "code": "11.1.2",
            "label": "Physical entry controls",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3"
        },
        {
            "category": "System and application access control",
            "code": "9.4.4",
            "label": "Use of privileged utility programs",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12"
        },
        {
            "category": "Equipment",
            "code": "11.2.6",
            "label": "Security of equipment and assets off-premises",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87"
        },
        {
            "category": "Secure areas",
            "code": "11.1.6",
            "label": "Delivery and loading areas",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "b98389fe-8024-4d51-90bb-869962c97898"
        },
        {
            "category": "Media handling",
            "code": "8.3.2",
            "label": "Disposal of media",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "bae65eff-a2eb-4da1-899c-539f30f94963"
        },
        {
            "category": "Information transfer",
            "code": "13.2.1",
            "label": "Information transfer policies and procedures",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb"
        },
        {
            "category": "Information transfer",
            "code": "13.2.2",
            "label": "Agreements on information transfer",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0"
        },
        {
            "category": "User access management",
            "code": "9.2.5",
            "label": "Review of user access rights",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "be07fc69-14fc-4c94-8626-083983f204f7"
        },
        {
            "category": "Access control of cloud service customer data in shared virtual environment",
            "code": "CLD.9.5.1",
            "label": "Segregation in virtual computing environments",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748"
        },
        {
            "category": "Mobile devices and teleworking",
            "code": "6.2.2",
            "label": "Teleworking",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb"
        },
        {
            "category": "Management of information security incidents and improvements",
            "code": "16.1.3",
            "label": "Reporting information security weakness",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf"
        },
        {
            "category": "User access management",
            "code": "9.2.3",
            "label": "Management of privileged access rights",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141"
        },
        {
            "category": "User access management",
            "code": "9.2.6",
            "label": "Removal or adjustment of access rights",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.4",
            "label": "Restrictions on changes to software packages",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1"
        },
        {
            "category": "Logging and monitoring",
            "code": "12.4.2",
            "label": "Protection of log information",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.9",
            "label": "System acceptance testing",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf"
        },
        {
            "category": "Prior to empoyment",
            "code": "7.1.1",
            "label": "Screening",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d063c875-6442-495b-9118-97906030ceef"
        },
        {
            "category": "Security in development and support processes",
            "code": "14.2.5",
            "label": "Secure system engineering principles",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0"
        },
        {
            "category": "Responsibility for assets",
            "code": "8.1.2",
            "label": "Owernship of assets",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff"
        },
        {
            "category": "Equipment",
            "code": "11.2.3",
            "label": "Cabling security",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33"
        },
        {
            "category": "Information security reviews",
            "code": "18.2.3",
            "label": "Technical compliance review",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65"
        },
        {
            "category": "Network security management",
            "code": "13.1.2",
            "label": "Security of network services",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533"
        },
        {
            "category": "Information security reviews",
            "code": "18.2.1",
            "label": "Independant review of information security",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a"
        },
        {
            "category": "Business requirements of access control",
            "code": "9.1.2",
            "label": "Access to networks and network services",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be"
        },
        {
            "category": "Test data",
            "code": "14.3.1",
            "label": "Protection of test data",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee"
        },
        {
            "category": "Prior to empoyment",
            "code": "7.1.2",
            "label": "Terms and conditions of employment",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80"
        },
        {
            "category": "Compliance with legal and contractual requirements",
            "code": "18.1.4",
            "label": "Privacy and protection of personally identifiable information",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45"
        },
        {
            "category": "Logging and monitoring",
            "code": "12.4.1",
            "label": "Event logging",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "de5bec22-ea67-4e67-8d37-52303895c67f"
        },
        {
            "category": "Information transfer",
            "code": "13.2.3",
            "label": "Electronic messaging",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714"
        },
        {
            "category": "Compliance with legal and contractual requirements",
            "code": "18.1.5",
            "label": "Regulation of cryptographic controls",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b"
        },
        {
            "category": "Operational procedures and responsibilities",
            "code": "12.1.1",
            "label": "Documented operating procedures",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f0048224-5868-4d00-a32f-20725cd9752d"
        },
        {
            "category": "Technical vulnerability management",
            "code": "12.6.2",
            "label": "Restrictions on software installation",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a"
        },
        {
            "category": "Equipment",
            "code": "11.2.9",
            "label": "Clear desk and clear screen policy",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b"
        },
        {
            "category": "Media handling",
            "code": "8.3.3",
            "label": "Physical media transfer",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee"
        },
        {
            "category": "Secure areas",
            "code": "11.1.3",
            "label": "Securing offices, rooms and facilities",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4"
        },
        {
            "category": "Protection from malware",
            "code": "12.2.1",
            "label": "Controls against malware",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab"
        },
        {
            "category": "Information security policies",
            "code": "5.1.2",
            "label": "Review of the policies for information security",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977"
        },
        {
            "category": "Compliance with legal and contractual requirements",
            "code": "18.1.1",
            "label": "Identification of applicable legislation and contractual requirements",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab"
        },
        {
            "category": "User responsabilities",
            "code": "9.3.1",
            "label": "Use of secret authentication information",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "fe3e4943-3440-4818-903d-664972cfb466"
        },
        {
            "category": "Mobile devices and teleworking",
            "code": "6.2.1",
            "label": "Mobile device policy",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c"
        },
        {
            "category": "Information security in supplier relationships",
            "code": "15.1.2",
            "label": "Addressing security within supplier agreements",
            "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
            "referential_label": "ISO 27017",
            "uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348"
        }
    ],
    "version": 1
}