- Controls
- Controls/A.5.10 Acceptable use of information and other associated assets
- Controls/A.5.11 Return of assets
- Controls/A.5.12 Classification of information
- Controls/A.5.13 Labelling of information
- Controls/A.5.14 Information transfer
- Controls/A.5.15 Access control
- Controls/A.5.16 Identity management
- Controls/A.5.17 Authentication information
- Controls/A.5.18 Access rights
- Controls/A.5.19 Information security in supplier relationships
- Controls/A.5.1 Policies for information security
- Controls/A.5.20 Addressing information security within supplier agreements
- Controls/A.5.21 Managing information security in the ICT supply chain
- Controls/A.5.22 Monitoring, review and change management of supplier services
- Controls/A.5.23 Information security for use of cloud services
- Controls/A.5.24 Information security incident management planning and preparation
- Controls/A.5.25 Assessment and decision on information security events
- Controls/A.5.26 Response to information security incidents
- Controls/A.5.27 Learning from information security incidents
- Controls/A.5.28 Collection of evidence
- Controls/A.5.29 Information security during disruption
- Controls/A.5.30 ICT readiness for business continuity
- Controls/A.5.31 Identification of legal, statutory, regulatory, and contractual requirements
- Controls/A.5.32 Intellectual property rights
- Controls/A.5.33 Protection of records
- Controls/A.5.34 Privacy and protection of PII
- Controls/A.5.35 Independent review of information security
- Controls/A.5.36 Compliance with policies and standards for information security
- Controls/A.5.37 Documented operating procedures
- Controls/A.5.3 Segregation of duties
- Controls/A.5.4 Management responsibilities
- Controls/A.5.5 Contact with authorities
- Controls/A.5.6 Contact with special interest groups
- Controls/A.5.7 Threat intelligence
- Controls/A.5.8 Information security in project management
- Controls/A.5.9 Inventory of information and other associated assets
- Controls/A.5 Organizational
- Controls/A.5 Organizational controls
- Controls/A.5 Organizational controls/A.5.2 Information security roles and responsibilities
- Controls/A.6.1 Screening
- Controls/A.6.2 Terms and conditions of employment
- Controls/A.6.3 Information security awareness, education and training
- Controls/A.6.4 Disciplinary process
- Controls/A.6.5 Responsibilities after termination or change of employment
- Controls/A.6.6 Confidentiality or non-disclosure agreements
- Controls/A.6.7 Remote working
- Controls/A.6.8 Information security event reporting
- Controls/A.6 People controls
- Controls/A.7.10 Storage media
- Controls/A.7.11 Supporting utilities
- Controls/A.7.12 Cabling security
- Controls/A.7.13 Equipment maintenance
- Controls/A.7.14 Secure disposal or re-use of equipment
- Controls/A.7.1 Physical security perimeter
- Controls/A.7.2 Physical entry controls
- Controls/A.7.3 Securing offices, rooms and facilities
- Controls/A.7.4 Physical security monitoring
- Controls/A.7.5 Protecting against physical and environmental threats
- Controls/A.7.6 Working in secure areas
- Controls/A.7.7 Clear desk and clear screen
- Controls/A.7.8 Equipment siting and protection
- Controls/A.7.9 Security of assets off-premises
- Controls/A.7 Physical controls
- Controls/A.8.10 Information deletion
- Controls/A.8.11 Data masking
- Controls/A.8.12 Data leakage prevention
- Controls/A.8.13 Information backup
- Controls/A.8.14 Redundancy of information processing facilities
- Controls/A.8.15 Logging
- Controls/A.8.16 Monitoring activities
- Controls/A.8.17 Clock synchronization
- Controls/A.8.18 Use of privileged utility programs
- Controls/A.8.19 Installation of software on operational systems
- Controls/A.8.1 User endpoint devices
- Controls/A.8.20 Network controls
- Controls/A.8.21 Security of network services
- Controls/A.8.22 Segregation in networks
- Controls/A.8.23 Web filtering
- Controls/A.8.24 Use of cryptography
- Controls/A.8.25 Secure development lifecycle
- Controls/A.8.26 Application security requirements
- Controls/A.8.27 Secure system architecture and engineering principles
- Controls/A.8.28 Secure coding
- Controls/A.8.29 Security testing in development and acceptance
- Controls/A.8.2 Privileged access rights
- Controls/A.8.30 Outsourced development
- Controls/A.8.31 Separation of development, test and production environments
- Controls/A.8.32 Change management
- Controls/A.8.33 Test information
- Controls/A.8.34 Protection of information systems during audit and testing
- Controls/A.8.3 Information access restriction
- Controls/A.8.4 Access to source code
- Controls/A.8.5 Secure authentication
- Controls/A.8.6 Capacity management
- Controls/A.8.7 Protection against malware
- Controls/A.8.8 Management of technical vulnerabilities
- Controls/A.8.9 Configuration management
- Controls/A.8 Technological controls
