Description
ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.
Owning organization
Validating JSON schema
Security referentials (provided by Various contributors)
Creator
None (account deleted).
License
Creative Commons Zero v1.0 Universal
Related objects
Definition of the object
{
"authors": [
"Jeremy Dannenmuller"
],
"label": "ISO 27017",
"language": "EN",
"refs": "https://www.iso.org/fr/standard/43757.html",
"uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"values": [
{
"category": "Security in development and support processes",
"code": "14.2.2",
"label": "System change control procedures",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "027c0996-57fa-44d3-85cd-6ea667923174"
},
{
"category": "Supplier service delivery management",
"code": "15.2.2",
"label": "Managing chages to supplier services",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7"
},
{
"category": "Security in development and support processes",
"code": "14.2.1",
"label": "Secure development policy",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b"
},
{
"category": "Termination and change of employment",
"code": "7.3.1",
"label": "Termination or change of employment responsabilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8"
},
{
"category": "Secure areas",
"code": "11.1.1",
"label": "Physical security perimeter",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3"
},
{
"category": "During employment",
"code": "7.2.1",
"label": "Management responsabilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243"
},
{
"category": "Logging and monitoring",
"code": "12.4.4",
"label": "Clock synchronization",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2"
},
{
"category": "Equipment",
"code": "11.2.1",
"label": "Equipment siting and protection",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b"
},
{
"category": "Business requirements of access control",
"code": "9.1.1",
"label": "Access control policy",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.7",
"label": "Collection of evidence",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "1703d350-59d5-4510-bf45-d538e4c076a0"
},
{
"category": "Security requirements of information systems",
"code": "14.1.1",
"label": "Information security requirements analysis and specification",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b"
},
{
"category": "Security in development and support processes",
"code": "14.2.7",
"label": "Outsourced development",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee"
},
{
"category": "Equipment",
"code": "11.2.8",
"label": "Unattended user equipment",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2"
},
{
"category": "Media handling",
"code": "8.3.1",
"label": "Management or removable media",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2327176c-b127-4ad3-a1a9-710467ea246f"
},
{
"category": "Security in development and support processes",
"code": "14.2.6",
"label": "Secure development environment",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7"
},
{
"category": "Information security in supplier relationships",
"code": "15.1.3",
"label": "Information and communication technology supply chain",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7"
},
{
"category": "Operational procedures and responsibilities",
"code": "CLD.12.1.5",
"label": "Administrator's operational security",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038"
},
{
"category": "Network security management",
"code": "13.1.3",
"label": "Segregation in networks",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315"
},
{
"category": "Relationship between cloud service customer and cloud service provider",
"code": "CLD.6.3.1",
"label": "Shared roles and responsibilities within a cloud computing environment",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662"
},
{
"category": "Information security in supplier relationships",
"code": "15.1.1",
"label": "Information security policy for supplier relationships",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505"
},
{
"category": "Information classification",
"code": "8.2.2",
"label": "Labelling of information",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392"
},
{
"category": "Internal organization",
"code": "6.1.4",
"label": "Contact with special interest groups",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4"
},
{
"category": "Secure areas",
"code": "11.1.4",
"label": "Protecting against external and environmental threats",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "34ac073d-80ad-4503-b748-bcbad097ea26"
},
{
"category": "Access control of cloud service customer data in shared virtual environment",
"code": "CLD.9.5.2",
"label": "Virtual machine hardening",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46"
},
{
"category": "Compliance with legal and contractual requirements",
"code": "18.1.3",
"label": "Protection of records",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88"
},
{
"category": "Network security management",
"code": "13.1.1",
"label": "Network controls",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee"
},
{
"category": "Responsibility for assets",
"code": "CLD.8.1.5",
"label": "Removal of cloud service customer assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4"
},
{
"category": "Equipment",
"code": "11.2.4",
"label": "Equipment maintenance",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5"
},
{
"category": "User access management",
"code": "9.2.4",
"label": "Management of secret authentication information of users",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "3c138556-2201-4b36-8907-f6c0f57d420b"
},
{
"category": "Logging and monitoring",
"code": "CLD.12.4.5",
"label": "Monitoring of Cloud Services",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "439a4491-65aa-4990-b6e4-6e10af836373"
},
{
"category": "Responsibility for assets",
"code": "8.1.1",
"label": "Inventory of assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46"
},
{
"category": "System and application access control",
"code": "9.4.3",
"label": "Password management system",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d"
},
{
"category": "Information security policies",
"code": "5.1.1",
"label": "Policies for information security",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.1",
"label": "Responsabilities and procedures",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5"
},
{
"category": "Internal organization",
"code": "6.1.5",
"label": "Information security in project management",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98"
},
{
"category": "Control of operational software",
"code": "12.5.1",
"label": "Installation of software on operational systems",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933"
},
{
"category": "Information classification",
"code": "8.2.3",
"label": "Handling of assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "4dabfd52-4369-4999-9091-6a346703e981"
},
{
"category": "Secure areas",
"code": "11.1.5",
"label": "Working in secure areas",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff"
},
{
"category": "Internal organization",
"code": "6.1.1",
"label": "Information security roles and responsabilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e"
},
{
"category": "Security in development and support processes",
"code": "14.2.3",
"label": "Technical review of applications after operating platform changes",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4"
},
{
"category": "System and application access control",
"code": "9.4.1",
"label": "Information access restriction",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "553e228a-15dd-430c-a35b-604b9fccd629"
},
{
"category": "User access management",
"code": "9.2.2",
"label": "User access provisioning",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "55677739-524b-4167-a2e1-1dc5356e4764"
},
{
"category": "Equipment",
"code": "11.2.5",
"label": "Removal of assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "55f40782-51f0-4e9a-9cae-3898190144c4"
},
{
"category": "Supplier service delivery management",
"code": "15.2.1",
"label": "Monitoring and review of supplier services",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6"
},
{
"category": "Information transfer",
"code": "13.2.4",
"label": "Confidentiality or non-disclosure agreements",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a"
},
{
"category": "Responsibility for assets",
"code": "8.1.3",
"label": "The acceptable use of assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9"
},
{
"category": "Internal organization",
"code": "6.1.3",
"label": "Contact with authorities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "61bf6872-052b-468c-83b5-ea70d4530629"
},
{
"category": "Cryptographic controls",
"code": "10.1.2",
"label": "Key management",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7"
},
{
"category": "Operational procedures and responsibilities",
"code": "12.1.4",
"label": "Separation of development, testing and operational environments",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804"
},
{
"category": "Information security continuity",
"code": "17.1.1",
"label": "Planning information security continuity",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.4",
"label": "Assessment of and decision on information security events",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82"
},
{
"category": "Backup",
"code": "12.3.1",
"label": "Information backup",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34"
},
{
"category": "System and application access control",
"code": "9.4.2",
"label": "Secure log-on procedures",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac"
},
{
"category": "User access management",
"code": "9.2.1",
"label": "User registration and deregistration",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "680335b4-1efb-4257-ae7c-17de32670edd"
},
{
"category": "Internal organization",
"code": "6.1.2",
"label": "Segregtion of duties",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0"
},
{
"category": "Information security continuity",
"code": "17.1.3",
"label": "Verify, review and evaluate information security continuity",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7"
},
{
"category": "Security requirements of information systems",
"code": "14.1.3",
"label": "Protecting application services transactions",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d"
},
{
"category": "Network security management",
"code": "CLD.13.1.4",
"label": "Alignment of security management for virtual and physical networks",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63"
},
{
"category": "Equipment",
"code": "11.2.2",
"label": "Supporting utilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25"
},
{
"category": "Responsibility for assets",
"code": "8.1.4",
"label": "Return of assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823"
},
{
"category": "Technical vulnerability management",
"code": "12.6.1",
"label": "Management of technical vulnerabilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "71839786-0214-4608-80be-2555ee0334aa"
},
{
"category": "Information classification",
"code": "8.2.1",
"label": "Classification of information",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "77e30376-3b61-4675-95dc-329c7c2186b8"
},
{
"category": "Operational procedures and responsibilities",
"code": "12.1.3",
"label": "Capacity management",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e"
},
{
"category": "Equipment",
"code": "11.2.7",
"label": "Secure disposal or reuse of equipment",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "81b8f773-4488-495e-a48e-337be46602cb"
},
{
"category": "Information security continuity",
"code": "17.1.2",
"label": "Implementing information security continuity",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba"
},
{
"category": "Security in development and support processes",
"code": "14.2.8",
"label": "System security testing",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "82890d01-c97f-4388-b182-e3838afa9ee2"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.6",
"label": "Learning from information security incidents",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026"
},
{
"category": "Information systems audit considerations",
"code": "12.7.1",
"label": "Information systems audit controls",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca"
},
{
"category": "During employment",
"code": "7.2.2",
"label": "Information security awareness, education and training",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2"
},
{
"category": "Logging and monitoring",
"code": "12.4.3",
"label": "Administrator and operator logs",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af"
},
{
"category": "Compliance with legal and contractual requirements",
"code": "18.1.2",
"label": "Intellectual property rights",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979"
},
{
"category": "Redundancies",
"code": "17.2.1",
"label": "Availability of information processing facilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f"
},
{
"category": "Cryptographic controls",
"code": "10.1.1",
"label": "Policy on the use of cryptographic controls",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598"
},
{
"category": "During employment",
"code": "7.2.3",
"label": "Disciplinary process",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "9ab263ad-4a10-4817-a993-93fff2444c61"
},
{
"category": "System and application access control",
"code": "9.4.5",
"label": "Access control to program source code",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e"
},
{
"category": "Information security reviews",
"code": "18.2.2",
"label": "Compliance with security policies and standards",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.2",
"label": "Reporting information security events",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea"
},
{
"category": "Operational procedures and responsibilities",
"code": "12.1.2",
"label": "Change management",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.5",
"label": "Response to information security incidents",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318"
},
{
"category": "Security requirements of information systems",
"code": "14.1.2",
"label": "Securing applications services on public networks",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1"
},
{
"category": "Secure areas",
"code": "11.1.2",
"label": "Physical entry controls",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3"
},
{
"category": "System and application access control",
"code": "9.4.4",
"label": "Use of privileged utility programs",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12"
},
{
"category": "Equipment",
"code": "11.2.6",
"label": "Security of equipment and assets off-premises",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87"
},
{
"category": "Secure areas",
"code": "11.1.6",
"label": "Delivery and loading areas",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "b98389fe-8024-4d51-90bb-869962c97898"
},
{
"category": "Media handling",
"code": "8.3.2",
"label": "Disposal of media",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "bae65eff-a2eb-4da1-899c-539f30f94963"
},
{
"category": "Information transfer",
"code": "13.2.1",
"label": "Information transfer policies and procedures",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb"
},
{
"category": "Information transfer",
"code": "13.2.2",
"label": "Agreements on information transfer",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0"
},
{
"category": "User access management",
"code": "9.2.5",
"label": "Review of user access rights",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "be07fc69-14fc-4c94-8626-083983f204f7"
},
{
"category": "Access control of cloud service customer data in shared virtual environment",
"code": "CLD.9.5.1",
"label": "Segregation in virtual computing environments",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748"
},
{
"category": "Mobile devices and teleworking",
"code": "6.2.2",
"label": "Teleworking",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb"
},
{
"category": "Management of information security incidents and improvements",
"code": "16.1.3",
"label": "Reporting information security weakness",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf"
},
{
"category": "User access management",
"code": "9.2.3",
"label": "Management of privileged access rights",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141"
},
{
"category": "User access management",
"code": "9.2.6",
"label": "Removal or adjustment of access rights",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb"
},
{
"category": "Security in development and support processes",
"code": "14.2.4",
"label": "Restrictions on changes to software packages",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1"
},
{
"category": "Logging and monitoring",
"code": "12.4.2",
"label": "Protection of log information",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29"
},
{
"category": "Security in development and support processes",
"code": "14.2.9",
"label": "System acceptance testing",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf"
},
{
"category": "Prior to empoyment",
"code": "7.1.1",
"label": "Screening",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d063c875-6442-495b-9118-97906030ceef"
},
{
"category": "Security in development and support processes",
"code": "14.2.5",
"label": "Secure system engineering principles",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0"
},
{
"category": "Responsibility for assets",
"code": "8.1.2",
"label": "Owernship of assets",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff"
},
{
"category": "Equipment",
"code": "11.2.3",
"label": "Cabling security",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33"
},
{
"category": "Information security reviews",
"code": "18.2.3",
"label": "Technical compliance review",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65"
},
{
"category": "Network security management",
"code": "13.1.2",
"label": "Security of network services",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533"
},
{
"category": "Information security reviews",
"code": "18.2.1",
"label": "Independant review of information security",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a"
},
{
"category": "Business requirements of access control",
"code": "9.1.2",
"label": "Access to networks and network services",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be"
},
{
"category": "Test data",
"code": "14.3.1",
"label": "Protection of test data",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee"
},
{
"category": "Prior to empoyment",
"code": "7.1.2",
"label": "Terms and conditions of employment",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80"
},
{
"category": "Compliance with legal and contractual requirements",
"code": "18.1.4",
"label": "Privacy and protection of personally identifiable information",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45"
},
{
"category": "Logging and monitoring",
"code": "12.4.1",
"label": "Event logging",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "de5bec22-ea67-4e67-8d37-52303895c67f"
},
{
"category": "Information transfer",
"code": "13.2.3",
"label": "Electronic messaging",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714"
},
{
"category": "Compliance with legal and contractual requirements",
"code": "18.1.5",
"label": "Regulation of cryptographic controls",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b"
},
{
"category": "Operational procedures and responsibilities",
"code": "12.1.1",
"label": "Documented operating procedures",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f0048224-5868-4d00-a32f-20725cd9752d"
},
{
"category": "Technical vulnerability management",
"code": "12.6.2",
"label": "Restrictions on software installation",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a"
},
{
"category": "Equipment",
"code": "11.2.9",
"label": "Clear desk and clear screen policy",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b"
},
{
"category": "Media handling",
"code": "8.3.3",
"label": "Physical media transfer",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee"
},
{
"category": "Secure areas",
"code": "11.1.3",
"label": "Securing offices, rooms and facilities",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4"
},
{
"category": "Protection from malware",
"code": "12.2.1",
"label": "Controls against malware",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab"
},
{
"category": "Information security policies",
"code": "5.1.2",
"label": "Review of the policies for information security",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977"
},
{
"category": "Compliance with legal and contractual requirements",
"code": "18.1.1",
"label": "Identification of applicable legislation and contractual requirements",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab"
},
{
"category": "User responsabilities",
"code": "9.3.1",
"label": "Use of secret authentication information",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "fe3e4943-3440-4818-903d-664972cfb466"
},
{
"category": "Mobile devices and teleworking",
"code": "6.2.1",
"label": "Mobile device policy",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c"
},
{
"category": "Information security in supplier relationships",
"code": "15.1.2",
"label": "Addressing security within supplier agreements",
"referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2",
"referential_label": "ISO 27017",
"uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348"
}
],
"version": 1
}