No edit summary Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
| Line 7: | Line 7: | ||
*unchecked: <span class="value">{{#ask:[[-Has subobject::{{FULLPAGENAME}}]][[27001/Status::unchecked]]|?27001/Status|format=count}}</span> | *unchecked: <span class="value">{{#ask:[[-Has subobject::{{FULLPAGENAME}}]][[27001/Status::unchecked]]|?27001/Status|format=count}}</span> | ||
</div> | </div> | ||
{| class=" | {| class="wikitable smwtable-clean" style="width:100%" | ||
!colspan="2"|ISO 27001 Annex A Controls | !colspan="2"|ISO 27001 Annex A Controls | ||
!Status | !Status | ||
Latest revision as of 09:12, 2 May 2025
- implemented: 0
- partially implemented: 0
- applicable: 0
- not applicable: 0
- unchecked: 0
| ISO 27001 Annex A Controls | Status | |
|---|---|---|
| 5 | Organizational | |
| 5.1 | Policies for information security | unchecked |
| 5.2 | Information security roles and responsibilities | unchecked |
| 5.3 | Segregation of duties | unchecked |
| 5.4 | Management responsibilities | unchecked |
| 5.5 | Contact with authorities | unchecked |
| 5.6 | Contact with special interest groups | unchecked |
| 5.7 | Threat intelligence | unchecked |
| 5.8 | Information security in project management | unchecked |
| 5.9 | Inventory of information and other associated assets | unchecked |
| 5.10 | Acceptable use of information and other associated assets | unchecked |
| 5.11 | Return of assets | unchecked |
| 5.12 | Classification of information | unchecked |
| 5.13 | Labelling of information | unchecked |
| 5.14 | Information transfer | unchecked |
| 5.15 | Access control | unchecked |
| 5.16 | Identity management | unchecked |
| 5.17 | Authentication information | unchecked |
| 5.18 | Access rights | unchecked |
| 5.19 | Information security in supplier relationships | unchecked |
| 5.20 | Addressing information security within supplier agreements | unchecked |
| 5.21 | Managing information security in the ICT supply chain | unchecked |
| 5.22 | Monitoring, review and change management of supplier services | unchecked |
| 5.23 | Information security for use of cloud services Neu | unchecked |
| 5.24 | Information security incident management planning and preparation | unchecked |
| 5.25 | Assessment and decision on information security events | unchecked |
| 5.26 | Response to information security incidents | unchecked |
| 5.27 | Learning from information security incidents | unchecked |
| 5.28 | Collection of evidence | unchecked |
| 5.29 | Information security during disruption | unchecked |
| 5.30 | ICT readiness for business continuity | unchecked |
| 5.31 | Identification of legal, statutory, regulatory, and contractual requirements | unchecked |
| 5.32 | Intellectual property rights | unchecked |
| 5.33 | Protection of records | unchecked |
| 5.34 | Privacy and protection of PII | unchecked |
| 5.35 | Independent review of information security | unchecked |
| 5.36 | Compliance with policies and standards for information security | unchecked |
| 5.37 | Documented operating procedures | unchecked |
| 6 | People controls | |
| 6.1 | Screening | unchecked |
| 6.2 | Terms and conditions of employment | unchecked |
| 6.3 | Information security awareness, education and training | unchecked |
| 6.4 | Disciplinary process | unchecked |
| 6.5 | Responsibilities after termination or change of employment | unchecked |
| 6.6 | Confidentiality or non-disclosure agreements | unchecked |
| 6.7 | Remote working | unchecked |
| 6.8 | Information security event reporting | unchecked |
| 7 | Physical controls | |
| 7.1 | Physical security perimeter | unchecked |
| 7.2 | Physical entry controls | unchecked |
| 7.3 | Securing offices, rooms and facilities | unchecked |
| 7.4 | Physical security monitoring | unchecked |
| 7.5 | Protecting against physical and environmental threats | unchecked |
| 7.6 | Working in secure areas | unchecked |
| 7.7 | Clear desk and clear screen | unchecked |
| 7.8 | Equipment siting and protection | unchecked |
| 7.9 | Security of assets off-premises | unchecked |
| 7.10 | Storage media | unchecked |
| 7.11 | Supporting utilities | unchecked |
| 7.12 | Cabling security | unchecked |
| 7.13 | Equipment maintenance | unchecked |
| 7.14 | Secure disposal or re-use of equipment | unchecked |
| 8 | Technological controls | |
| 8.1 | User endpoint devices | unchecked |
| 8.2 | Privileged access rights | unchecked |
| 8.3 | Information access restriction | unchecked |
| 8.4 | Access to source code | unchecked |
| 8.5 | Secure authentication | unchecked |
| 8.6 | Capacity management | unchecked |
| 8.7 | Protection against malware | unchecked |
| 8.8 | Management of technical vulnerabilities | unchecked |
| 8.9 | Configuration management | unchecked |
| 8.10 | Information deletion | unchecked |
| 8.11 | Data masking | unchecked |
| 8.12 | Data leakage prevention | unchecked |
| 8.13 | Information backup | unchecked |
| 8.14 | Redundancy of information processing facilities | unchecked |
| 8.15 | Logging | unchecked |
| 8.16 | Monitoring activities | unchecked |
| 8.17 | Clock synchronization | unchecked |
| 8.18 | Use of privileged utility programs | unchecked |
| 8.19 | Installation of software on operational systems | unchecked |
| 8.20 | Network controls | unchecked |
| 8.21 | Security of network services | unchecked |
| 8.22 | Segregation in networks | unchecked |
| 8.23 | Web filtering | unchecked |
| 8.24 | Use of cryptography | unchecked |
| 8.25 | Secure development lifecycle | unchecked |
| 8.26 | Application security requirements | unchecked |
| 8.27 | Secure system architecture and engineering principles | unchecked |
| 8.28 | Secure coding | unchecked |
| 8.29 | Security testing in development and acceptance | unchecked |
| 8.30 | Outsourced development | unchecked |
| 8.31 | Separation of development, test and production environments | unchecked |
| 8.32 | Change management | unchecked |
| 8.33 | Test information | unchecked |
| 8.34 | Protection of information systems during audit and testing | unchecked |
