Download - ISO 27K2 Heade Domainwise Sheets
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
1/96
Sr. No 27K2 Control Requirement Title CR ID
1 Policies for information security Control A5.1.1
2 A5.1.2
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Revie of t!e "olicies for informationsecurity Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
2/96
Control Requirement
A set of "olicies for information security s!all #e $e%ne$& a""rove$ #y mana'ement& "u#lis!e$ ( communicate$ to em"relevant e)ternal "arties.
*!e "olicies for information security s!all #e reviee$ at "lanne$ intervals or if si'ni%cant c!an'es occur to ensure t!eirsuita#ility& a$e+uacy ( e,ectiveness
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
3/96
CH ID Control Header CO ID Control Objective
A5 -nformation security "olicies A5.1
A5 -nformation security "olicies A5.1
ana'ement $irection forinformation security /#ective
ana'ement $irection forinformation security /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
4/96
Sr. No 27K2 Control Requirement Title CR ID
3 A6.1.1
4 e're'ation of $uties Control A6.1.2
5 Contact it! aut!orities Control A6.1.3
6 A6.1.4
7 A6.1.5
8 o#ile $evice "olicy Control A6.2.1
9 *eleorin' Control A6.2.2
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
-nformation security roles (res"onsi#ilities Control
Contact it! s"ecial interest 'rou"sControl
-nformation security in "roectmana'ement Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
5/96
148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
6/96
Control Requirement
All information security res"onsi#ilities s!all #e $e%ne$ ( allocate$.
A""ro"riate contacts it! relevant aut!orities s!all #e maintaine$
A""ro"riate contacts it! s"ecial interest 'rou"s or ot!er s"ecialist security forums ( "rofessional associations s!all #e
-nformation security s!all #e a$$resse$ in "roect mana'ement& re'ar$less of t!e ty"e of t!e "roect.
A "olicy ( su""ortin' security measures s!all #e a$o"te$ to mana'e t!e riss intro$uce$ #y usin' mo#ile $evices.
Conictin' $uties ( areas of res"onsi#ility s!all #e se're'ate$ to re$uce o""ortunities for unaut!orie$ or unintentionalmisuse of t!e or'aniations assets.
A "olicy ( su""ortin' security measures s!all #e im"lemente$ to "rotect information accesse$& "rocesse$ or store$ at tsites.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
7/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
8/96
CH ID Control Header CO ID Control Objective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.2
A6 A6.2
/r'aniation of informationsecurity
/r'aniation of informationsecurity
/r'aniation of information
security
/r'aniation of informationsecurity
/r'aniation of informationsecurity
/r'aniation of informationsecurity
o#ile $evices ( teleorin'/#ective
/r'aniation of informationsecurity
o#ile $evices ( teleorin'/#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
9/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
10/96
Sr. No 27K2 Control Requirement Title CR ID
10 creenin' Control A7.1.1
11 A7.1.2
12 ana'ement res"onsi#ilities Control A7.2.1
13 A7.2.2
14 isci"linary "rocess Control A7.2.3
15 A7.3.1
115
116117
118
119
120
121
122
123
124
125
126127
128
129
130
131
132
133
134
135
136137
138
139
140
141
142
143
144
145
146147
148
*erms ( con$itions of em"loymentControl
-nformation security aareness&e$ucation an$ trainin' Control
*ermination or c!an'e of em"loymentres"onsi#ilities Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
11/96
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
12/96
Control Requirement
*!e contractual a'reements it! em"loyees ( contractors s!all state t!eir ( t!e or'aniations res"onsi#ilities for infor
ac'roun$ veri%cation c!ecs on all can$i$ates for em"loyment s!all #e carrie$ out in accor$ance it! relevant las& ret!ics ( s!all #e "ro"ortional to t!e #usiness re+uirements& t!e classi%cation of t!e information to #e accesse$ ( t!e "e
ana'ement s!all re+uire all em"loyees ( contractors to a""ly information security in accor$ance it! t!e esta#lis!e$"roce$ures of t!e or'aniation.
All em"loyees of t!e or'aniation an$& !ere relevant& contractors s!all receive a""ro"riate aareness e$ucation ( traiu"$ates in or'aniational "olicies ( "roce$ures& as relevant for t!eir o# function.
*!ere s!all #e a formal ( communicate$ $isci"linary "rocess in "lace to tae action a'ainst em"loyees !o !ave comminformation security #reac!.
-nformation security res"onsi#ilities ( $uties t!at remain vali$ after termination or c!an'e of em"loyment s!all #e $e%ncommunicate$ to t!e em"loyee or contractor ( enforce$.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
13/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
14/96
CH ID Control Header CO ID Control Objective
A7 uman resource security A7.1 Prior to em"loyment /#ective
A7 uman resource security A7.1 Prior to em"loyment /#ective
A7 uman resource security A7.2 urin' em"loyment /#ective
A7 uman resource security A7.2 urin' em"loyment /#ective
A7 uman resource security A7.2 urin' em"loyment /#ective
A7 uman resource security A7.3*ermination ( c!an'e ofem"loyment /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
15/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
16/96
Sr. No 27K2 Control Requirement Title CR ID
16 -nventory of assets Control A8.1.1
17 /ners!i" of assets Control A8.1.2
18 Acce"ta#le use of assets Control A8.1.3
19 Return of assets Control A8.1.4
20 Classi%cation of information Control A8.2.1
21 a#ellin' of information Control A8.2.2
22 an$lin' of assets Control A8.2.3
23 A8.3.1
24 is"osal of me$ia Control A8.3.2
25 P!ysical me$ia transfer Control A8.3.3
115
116
117
118
119
120
121122
123
124
125
126
127
128
129
130
131132
133
134
135
136
137
138
139
140
141142
143
ana'ement of remova#le me$ia
Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
17/96
144
145
146
147
148
149
150151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
18/96
Control Requirement
Assets maintaine$ in t!e inventory s!all #e one$.
-nformation s!all #e classi%e$ in terms of le'al re+uirements& value& criticality ( sensitivity to unaut!orie$ $isclosure or
e$ia s!all #e $is"ose$ of securely !en no lon'er re+uire$& usin' formal "roce$ures.
e$ia containin' information s!all #e "rotecte$ a'ainst unaut!orie$ access& misuse or corru"tion $urin' trans"ortatio
Assets associate$ it! information ( information "rocessin' facilities s!all #e i$enti%e$ ( an inventory of t!ese assets su" ( maintaine$.
Rules for t!e acce"ta#le use of information ( of assets associate$ it! information ( information "rocessin' facilities s!
i$enti%e$& $ocumente$ ( im"lemente$.
All em"loyees ( e)ternal "arty users s!all return all of t!e or'aniational assets in t!eir "ossession u"on termination ofem"loyment& contract or a'reement.
An a""ro"riate set of "roce$ures for information la#ellin' s!all #e $evelo"e$ ( im"lemente$ in accor$ance it! t!e infoclassi%cation sc!eme a$o"te$ #y t!e or'aniation.
Proce$ures for !an$lin' assets s!all #e $evelo"e$ ( im"lemente$ in accor$ance it! t!e information classi%cation sc!et!e or'aniation
Proce$ures s!all #e im"lemente$ for t!e mana'ement of remova#le me$ia in accor$ance it! t!e classi%cation sc!eme
or'aniation.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
19/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
20/96
CH ID Control Header CO ID Control Objective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.2 -nformation classi%cation /#ective
A8 Asset mana'ement A8.2 -nformation classi%cation /#ective
A8 Asset mana'ement A8.2 -nformation classi%cation /#ective
A8 Asset mana'ement A8.3 e$ia !an$lin' /#ective
A8 Asset mana'ement A8.3 e$ia !an$lin' /#ective
A8 Asset mana'ement A8.3 e$ia !an$lin' /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
21/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
22/96
Sr. No 27K2 Control Requirement Title CR ID
26 Access control "olicy Control A9.1.1
27 A9.1.2
28 A9.2.1
29 :ser access "rovisionin' Control A9.2.2
30 A9.2.3
31 A9.2.4
32 Revie of user access ri'!ts Control A9.2.5
33 A9.2.6
34 A9.3.1
35 -nformation access restriction Control A9.4.1
36 ecure lo';on "roce$ures Control A9.4.2
37 Passor$ mana'ement system Control A9.4.3
38 A9.4.4
39 A9.4.5
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
Access to netors ( netor servicesControl
:ser re'istration ( $e;re'istration
Control
ana'ement of "rivile'e$ access ri'!tsControl
ana'ement of secret aut!enticationinformation of users Control
Removal or a$ustment of access ri'!tsControl
:se of secret aut!entication informationControl
:se of "rivile'e$ utility "ro'ramsControl
Access control to "ro'ram source co$eControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
23/96
133
134
135
136
137
138
139140
141
142
143
144
145
146
147
148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
24/96
Control Requirement
An access control "olicy s!all #e esta#lis!e$& $ocumente$ ( reviee$ #ase$ on #usiness ( information security re+uire
:sers s!all only #e "rovi$e$ it! access to t!e netor ( netor services t!at t!ey !ave #een s"eci%cally aut!orie$ t
A formal user re'istration ( $e;re'istration "rocess s!all #e im"lemente$ to ena#le assi'nment of access ri'!ts.
*!e allocation ( use of "rivile'e$ access ri'!ts s!all #e restricte$ ( controlle$.
*!e allocation of secret aut!entication information s!all #e controlle$ t!rou'! a formal mana'ement "rocess.
Asset oners s!all revie users access ri'!ts at re'ular intervals.
:sers s!all #e re+uire$ to follo t!e or'aniations "ractices in t!e use of secret aut!entication information.
Access to information ( a""lication system functions s!all #e restricte$ in accor$ance it! t!e access control "olicy.
Passor$ mana'ement systems s!all #e interactive ( s!all ensure +uality "assor$s.
*!e use of utility "ro'rams t!at mi'!t #e ca"a#le of overri$in' system ( a""lication controls s!all #e restricte$ ( ti'!tl
Access to "ro'ram source co$e s!all #e restricte$.
A formal user access "rovisionin' "rocess s!all #e im"lemente$ to assi'n or revoe access ri'!ts for all user ty"es to allservices.
*!e access ri'!ts of all em"loyees ( e)ternal "arty users to information ( information "rocessin' facilities s!all #e remtermination of t!eir em"loyment& contract or a'reement& or a$uste$ u"on c!an'e.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
25/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
26/96
CH ID Control Header CO ID Control Objective
A9 Access control A9.1
A9 Access control A9.1
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.3 :ser res"onsi#ilities /#ective
A9 Access control A9.4
A9 Access control A9.4
A9 Access control A9.4
A9 Access control A9.4
A9 Access control A9.4
usiness re+uirements of accesscontrol /#ective
usiness re+uirements of accesscontrol /#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
27/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
28/96
Sr. No 27K2 Control Requirement Title CR ID
40 A10.1.1
41 =ey mana'ement Control A10.1.2
115
116117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Policy on t!e use of cry"to'ra"!iccontrols Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
29/96
Control Requirement
A "olicy on t!e use of cry"to'ra"!ic controls for "rotection of information s!all #e $evelo"e$ ( im"lemente$.
A "olicy on t!e use& "rotection ( lifetime of cry"to'ra"!ic eys s!all #e $evelo"e$ ( im"lemente$ t!rou'! t!eir !ole li
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
30/96
CH ID Control Header CO ID Control Objective
A10 Cry"to'ra"!y A10.1 Cry"to'ra"!ic controls /#ective
A10 Cry"to'ra"!y A10.1 Cry"to'ra"!ic controls /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
31/96
Sr. No 27K2 Control Requirement Title CR ID
42 P!ysical security "erimeter Control A11.1.1
43 P!ysical entry controls Control A11.1.2
44 A11.1.3
45 A11.1.4
46 +ui"ment sitin' ( "rotection Control A11.2.1
49 u""ortin' utilities Control A11.2.2
50 Ca#lin' security Control A11.2.3
51 >+ui"ment maintenance Control A11.2.4
52 Removal of assets Control A11.2.5
53 A11.2.6
54 A11.2.7
55 :natten$e$ user e+ui"ment Control A11.2.8
56 Clear $es ( clear screen "olicy Control A11.2.9
115
116
117
118
119120
121
122
123
124
125
126
127
128
129130
131
ecurin' o?ces& rooms ( facilities
Control
Protectin' a'ainst e)ternal (environmental t!reats Control
ecurity of e+ui"ment ( assets o,;"remises Control
ecure $is"osal or reuse of e+ui"mentControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
32/96
132
133
134
135
136
137
138139
140
141
142
143
144
145
146
147
148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
33/96
Control Requirement
ecure areas s!all #e "rotecte$ #y a""ro"riate entry controls to ensure t!at only aut!orie$ "ersonnel are alloe$ acce
P!ysical security for o?ces& rooms ( facilities s!all #e $esi'ne$ ( a""lie$.
P!ysical "rotection a'ainst natural $isasters& malicious attac or acci$ents s!all #e $esi'ne$ ( a""lie$.
Proce$ures for orin' in secure areas s!all #e $esi'ne$ ( a""lie$.
>+ui"ment s!all #e "rotecte$ from "oer failures ( ot!er $isru"tions cause$ #y failures in su""ortin' utilities.
>+ui"ment s!all #e correctly maintaine$ to ensure its continue$ availa#ility ( inte'rity.
>+ui"ment& information or softare s!all not #e taen o,;site it!out "rior aut!oriation.
ecurity s!all #e a""lie$ to o,;site assets tain' into account t!e $i,erent riss of orin' outsi$e t!e or'aniations "r
:sers s!all ensure t!at unatten$e$ e+ui"ment !as a""ro"riate "rotection.
A clear $es "olicy for "a"ers ( remova#le stora'e me$ia ( a clear screen "olicy for information "rocessin' facilities s!
ecurity "erimeters s!all #e $e%ne$ ( use$ to "rotect areas t!at contain eit!er sensitive or critical information ( inform"rocessin' facilities.
Access "oints suc! as $elivery ( loa$in' areas ( ot!er "oints !ere unaut!orie$ "ersons coul$ enter t!e "remises s!alan$& if "ossi#le& isolate$ from information "rocessin' facilities to avoi$ unaut!orie$ access.
>+ui"ment s!all #e site$ ( "rotecte$ to re$uce t!e riss from environmental t!reats ( !aar$s& ( o""ortunities for unaaccess.
Poer ( telecommunications ca#lin' carryin' $ata or su""ortin' information services s!all #e "rotecte$ from interce"tior $ama'e.
All items of e+ui"ment containin' stora'e me$ia s!all #e veri%e$ to ensure t!at any sensitive $ata ( license$ softareremove$ or securely overritten "rior to $is"osal or re;use.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
34/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
35/96
CH ID Control Header CO ID Control Objective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmental
security
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
36/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
37/96
Sr. No 27K2 Control Requirement Title CR ID
57 A12.1.1
58 C!an'e mana'ement Control A12.1.2
59 Ca"acity mana'ement Control A12.1.3
60 A12.1.4
61 Controls a'ainst malare Control A12.2.1
62 -nformation #acu" Control A12.3.1
63 >vent lo''in' Control A12.4.1
64 Protection of lo' information Control A12.4.2
65 A$ministrator ( o"erator lo's Control A12.4.3
66 Cloc sync!ronisation Control A12.4.4
67 A12.5.1
68 A12.6.1
69 A12.6.2
70 A12.7.1
115
116
117
118
119
120
121122
123
124
125
126
127
128
129
130
131132
133
ocumente$ o"eratin' "roce$uresControl
e"aration of $evelo"ment& testin' (o"erational environments Control
-nstallation of softare on o"erationalsystems Control
ana'ement of tec!nicalvulnera#ilities Control
Restrictions on softare installationControl
-nformation systems au$it controlsControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
38/96
134
135
136
137
138
139
140141
142
143
144
145
146
147
148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
39/96
Control Requirement
/"eratin' "roce$ures s!all #e $ocumente$ ( ma$e availa#le to all users !o nee$ t!em
acu" co"ies of information& softare ( system ima'es s!all #e taen ( teste$ re'ularly in accor$ance it! an a'ree$
>vent lo's recor$in' user activities& e)ce"tions& faults ( information security events s!all #e "ro$uce$& e"t ( re'ularly
o''in' facilities ( lo' information s!all #e "rotecte$ a'ainst tam"erin' ( unaut!orie$ access.
ystem a$ministrator ( system o"erator activities s!all #e lo''e$ ( t!e lo's "rotecte$ ( re'ularly reviee$.
Proce$ures s!all #e im"lemente$ to control t!e installation of softare on o"erational systems.
Rules 'overnin' t!e installation of softare #y users s!all #e esta#lis!e$ ( im"lemente$.
C!an'es to t!e or'aniation& #usiness "rocesses& information "rocessin' facilities ( systems t!at a,ect information seccontrolle$.
*!e use of resources s!all #e monitore$& tune$ ( "roections ma$e of future ca"acity re+uirements to ensure t!e re+uir
"erformance.
evelo"ment& testin'& ( o"erational environments s!all #e se"arate$ to re$uce t!e riss of unaut!orie$ access or c!ao"erational environment.
etection& "revention ( recovery controls to "rotect a'ainst malare s!all #e im"lemente$& com#ine$ it! a""ro"riateaareness.
*!e clocs of all relevant information "rocessin' systems it!in an or'aniation or security $omain s!all #e sync!ronisereference time source.
-nformation a#out tec!nical vulnera#ilities of information systems #ein' use$ s!all #e o#taine$ in a timely fas!ion& t!ee)"osure to suc! vulnera#ilities evaluate$ ( a""ro"riate measures taen to a$$ress t!e associate$ ris.
Au$it re+uirements ( activities involvin' veri%cation of o"erational systems s!all #e carefully "lanne$ ( a'ree$ to minito #usiness "rocesses.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
40/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
41/96
CH ID Control Header CO ID Control Objective
A12 /"erations security A12.1
A12 /"erations security A12.1
A12 /"erations security A12.1
A12 /"erations security A12.1
A12 /"erations security A12.2 Protection from malare /#ective
A12 /"erations security A12.3 acu" /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.5
A12 /"erations security A12.6
A12 /"erations security A12.6
A12 /"erations security A12.7
/"erational "roce$ures (res"onsi#ilities /#ective
/"erational "roce$ures (res"onsi#ilities /#ective
/"erational "roce$ures (
res"onsi#ilities /#ective
/"erational "roce$ures (res"onsi#ilities /#ective
Control of o"erational softare/#ective
*ec!nical vulnera#ility mana'ement/#ective
*ec!nical vulnera#ility mana'ement/#ective
-nformation systems au$itconsi$erations /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
42/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
43/96
Sr. No 27K2 Control Requirement Title CR ID
71 @etor controls Control A13.1.1
72 ecurity of netor services Control A13.1.2
73 e're'ation in netors Control A13.1.3
74 A13.2.1
75 A13.2.2
76 >lectronic messa'in' Control A13.2.3
77 A13.2.4
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
-nformation transfer "olicies ("roce$ures Control
A'reements on information transferControl
Con%$entiality or non$isclosurea'reements Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
44/96
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
45/96
Control Requirement
@etors s!all #e mana'e$ ( controlle$ to "rotect information in systems ( a""lications.
rou"s of information services& users ( information systems s!all #e se're'ate$ on netors.
A'reements s!all a$$ress t!e secure transfer of #usiness information #eteen t!e or'aniation ( e)ternal "arties.
-nformation involve$ in electronic messa'in' s!all #e a""ro"riately "rotecte$.
ecurity mec!anisms& service levels ( mana'ement re+uirements of all netor services s!all #e i$enti%e$ ( inclu$e$ iservices a'reements& !et!er t!ese services are "rovi$e$ in;!ouse or outsource$.
Bormal transfer "olicies& "roce$ures ( controls s!all #e in "lace to "rotect t!e transfer of information t!rou'! t!e use ofcommunication facilities.
Re+uirements for con%$entiality or non;$isclosure a'reements reectin' t!e or'aniations nee$s for t!e "rotection of in#e i$enti%e$& re'ularly reviee$ ( $ocumente$.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
46/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
47/96
CH ID Control Header CO ID Control Objective
A13 Communications security A13.1
A13 Communications security A13.1
A13 Communications security A13.1
A13 Communications security A13.2 -nformation transfer /#ective
A13 Communications security A13.2 -nformation transfer /#ective
A13 Communications security A13.2 -nformation transfer /#ective
A13 Communications security A13.2 -nformation transfer /#ective
@etor security mana'ement/#ective
@etor security mana'ement/#ective
@etor security mana'ement
/#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
48/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
49/96
Sr. No 27K2 Control Requirement Title CR ID
78 A14.1.1
79 A14.1.2
80 A14.1.3
81 ecure $evelo"ment "olicy Control A14.2.1
82 A14.2.2
83 A14.2.3
84 A14.2.4
85 A14.2.5
86 A14.2.6
87 /utsource$ $evelo"ment Control A14.2.7
88 ystem security testin' Control A14.2.8
89 ystem acce"tance testin' Control A14.2.9
90 Protection of test $ata Control A14.3.1
115
116
117
118
119
120
121
122
-nformation security re+uirementsanalysis ( s"eci%cation Control
ecurin' a""lication services on "u#lic
netors Control
Protectin' a""lication servicestransactions Control
ystem c!an'e control "roce$uresControl
*ec!nical revie of a""lications aftero"eratin' "latform c!an'es Control
Restrictions on c!an'es to softare"aca'es Control
ecure system en'ineerin' "rinci"lesControl
ecure $evelo"mentenvironmentControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
50/96
123
124
125
126
127
128
129130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
51/96
Control Requirement
Rules for t!e $evelo"ment of softare ( systems s!all #e esta#lis!e$ an$ a""lie$ to $evelo"ments it!in t!e or'aniati
C!an'es to systems it!in t!e $evelo"ment lifecycle s!all #e controlle$ #y t!e use of formal c!an'e control "roce$ures
o$i%cations to softare "aca'es s!all #e $iscoura'e$& limite$ to necessary c!an'es ( all c!an'es s!all #e strictly co
*!e or'aniation s!all su"ervise ( monitor t!e activity of outsource$ system $evelo"ment.
*estin' of security functionality s!all #e carrie$ out $urin' $evelo"ment.
Acce"tance testin' "ro'rams ( relate$ criteria s!all #e esta#lis!e$ for ne information systems& u"'ra$es ( ne versio
*est $ata s!all #e selecte$ carefully& "rotecte$ ( controlle$.
*!e information security relate$ re+uirements s!all #e inclu$e$ in t!e re+uirements for ne information systems or en!e)istin' information systems.
-nformation involve$ in a""lication services "assin' over "u#lic netors s!all #e "rotecte$ from frau$ulent activity& coan$ unaut!orie$ $isclosure ( mo$i%cation.
-nformation involve$ in a""lication service transactions s!all #e "rotecte$ to "revent incom"lete transmission& mis;routiunaut!orie$ messa'e alteration& unaut!orie$ $isclosure& unaut!orie$ messa'e $u"lication or re"lay.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
52/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
53/96
CH ID Control Header CO ID Control Objective
A14 A14.1
A14 A14.1
A14 A14.1
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.3 *est $ata /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity re+uirements of informationsystems /#ective
ystem ac+uisition&
$evelo"ment ( maintenance
ecurity re+uirements of information
systems /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity re+uirements of informationsystems /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&
$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort
"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
54/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
55/96
Sr. No 27K2 Control Requirement Title CR ID
91 A15.1.1
92 A15.1.2
93 A15.1.3
94 A15.2.1
95 A15.2.2
115
116
117
118
119120
121
122
123
124
125
126
127
128
129130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
-nformation security "olicy for su""lierrelations!i"s Control
A$$ressin' security it!in su""liera'reements Control
-nformation ( communicationtec!nolo'y su""ly c!ain Control
onitorin' ( revie of su""lier servicesControl
ana'in' c!an'es to su""lier servicesControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
56/96
Control Requirement
/r'aniations s!all re'ularly monitor& revie ( au$it su""lier service $elivery.
-nformation security re+uirements for miti'atin' t!e riss associate$ it! su""liers access to t!e or'aniations assetsit! t!e su""lier ( $ocumente$.
All relevant information security re+uirements s!all #e esta#lis!e$ ( a'ree$ it! eac! su""lier t!at may access& "rocescommunicate& or "rovi$e -* infrastructure com"onents for& t!e or'aniations information.
A'reements it! su""liers s!all inclu$e re+uirements to a$$ress t!e information security riss associate$ it! informaticommunications tec!nolo'y services ( "ro$uct su""ly c!ain.
C!an'es to t!e "rovision of services #y su""liers& inclu$in' maintainin' ( im"rovin' e)istin' information security "olici( controls& s!all #e mana'e$& tain' account of t!e criticality of #usiness information& systems ( "rocesses involve$ ( rof riss.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
57/96
CH ID Control Header CO ID Control Objective
A15 u""lier relations!i"s A15.1
A15 u""lier relations!i"s A15.1
A15 u""lier relations!i"s A15.1
A15 u""lier relations!i"s A15.2
A15 u""lier relations!i"s A15.2
-nformation security in su""lierrelations!i"s /#ective
-nformation security in su""lierrelations!i"s /#ective
-nformation security in su""lierrelations!i"s /#ective
u""lier service $eliverymana'ement /#ective
u""lier service $eliverymana'ement /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
58/96
Sr. No 27K2 Control Requirement Title CR ID
96 Res"onsi#ilities ( "roce$ures Control A16.1.1
97 A16.1.2
98 A16.1.3
99 A16.1.4
100 A16.1.5
101 A16.1.6
102 Collection of evi$ence Control A16.1.7
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
Re"ortin' information security events
Control
Re"ortin' information securityeanesses Control
Assessment of ( $ecision oninformation security events Control
Res"onse to information securityinci$ents Control
earnin' from information securityinci$ents Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
59/96
141
142
143
144
145
146
147148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
60/96
Control Requirement
-nformation security events s!all #e re"orte$ t!rou'! a""ro"riate mana'ement c!annels as +uicly as "ossi#le.
-nformation security events s!all #e assesse$ ( it s!all #e $eci$e$ if t!ey are to #e classi%e$ as information security inci
-nformation security inci$ents s!all #e res"on$e$ to in accor$ance it! t!e $ocumente$ "roce$ures.
ana'ement res"onsi#ilities ( "roce$ures s!all #e esta#lis!e$ to ensure a +uic& e,ective ( or$erly res"onse to informinci$ents.
>m"loyees ( contractors usin' t!e or'aniations information systems ( services s!all #e re+uire$ to note ( re"ort anysus"ecte$ information security or services.eanesses in systems
=nole$'e 'aine$ from analysin' ( resolvin' information security inci$ents s!all #e use$ to re$uce t!e lieli!oo$ or iminci$ents.
*!e or'aniation s!all $e%ne ( a""ly "roce$ures for t!e i$enti%cation& collection& ac+uisition ( "reservation of informatiserve as evi$ence.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
61/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
62/96
CH ID Control Header CO ID Control Objective
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$ent
mana'ement
ana'ement of information security
inci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
63/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
64/96
Sr. No 27K2 Control Requirement Title CR ID
103 A17.1.1
104 A17.1.2
105 A17.1.3
106 A17.2.1
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Plannin' information security continuityControl
-m"lementin' information security
continuity Control
erify& revie ( evaluate informationsecurity continuity Control
Availa#ility of information "rocessin'facilities Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
65/96
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
66/96
Control Requirement
-nformation "rocessin' facilities s!all #e im"lemente$ it! re$un$ancy su?cient to meet availa#ility re+uirements.
*!e or'aniation s!all $etermine its re+uirements for information security ( t!e continuity of information security manaa$verse situations& e.'. $urin' a crisis or $isaster.
*!e or'aniation s!all esta#lis!& $ocument& im"lement ( maintain "rocesses& "roce$ures ( controls to ensure t!e re+uircontinuity for information security $urin' an a$verse situation.
*!e or'aniation s!all verify t!e esta#lis!e$ ( im"lemente$ information security continuity controls at re'ular intervals ensure t!at t!ey are vali$ ( e,ective $urin' a$verse situations.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
67/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
68/96
CH ID Control Header CO ID Control Objective
A17 A17.1
A17 A17.1
A17 A17.1
A17 A17.2 Re$un$ancies /#ective
-nformation security as"ects of#usiness continuitymana'ement
-nformation security continuity/#ective
-nformation security as"ects of#usiness continuity
mana'ement
-nformation security continuity
/#ective
-nformation security as"ects of#usiness continuitymana'ement
-nformation security continuity/#ective
-nformation security as"ects of#usiness continuitymana'ement
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
69/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
70/96
Sr. No 27K2 Control Requirement Title CR ID
107 A18.1.1
108 -ntellectual "ro"erty ri'!ts Control A18.1.2
109 Protection of recor$s Control A18.1.3
110 A18.1.4
111 A18.1.5
112 A18.2.1
113 A18.2.2
114 *ec!nical com"liance revie Control A18.2.3
115
116
117
118119
120
121
122
123
124
125
126
127
128129
130
131
132
133
134
135
136
137
138139
140
-$enti%cation of a""lica#le le'islation (contractual re+uirements Control
Privacy ( "rotection of "ersonallyi$enti%a#le information Control
Re'ulation of cry"to'ra"!ic controlsControl
-n$e"en$ent revie of informationsecurity Control
Com"liance it! security "olicies (stan$ar$s Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
71/96
141
142
143
144
145
146
147148
149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
72/96
Control Requirement
Cry"to'ra"!ic controls s!all #e use$ in com"liance it! all relevant a'reements& le'islation ( re'ulations.
-nformation systems s!all #e re'ularly reviee$ for com"liance it! t!e or'aniations information security "olicies ( st
All relevant le'islative statutory& re'ulatory& contractual re+uirements an$ t!e or'aniations a""roac! to meet t!ese res!all #e e)"licitly i$enti%e$& $ocumente$ ( e"t u" to $ate for eac! information system ( t!e or'aniation.
A""ro"riate "roce$ures s!all #e im"lemente$ to ensure com"liance it! le'islative& re'ulatory ( contractual re+uiremeintellectual "ro"erty ri'!ts ( use of "ro"rietary softare "ro$ucts.
Recor$s s!all #e "rotecte$ from loss& $estruction& falsi%cation& unaut!orie$ access ( unaut!orie$ release& in accor$anle'islatory& re'ulatory& contractual ( #usiness re+uirements.
Privacy ( "rotection of "ersonally i$enti%a#le information s!all #e ensure$ as re+uire$ in relevant le'islation ( re'ulatioa""lica#le.
*!e or'aniations a""roac! to mana'in' information security ( its im"lementation Di.e. control o#ectives& controls& "olan$ "roce$ures for information securityE s!all #e reviee$ in$e"en$ently at "lanne$ intervals or !en si'ni%cant c!an'
ana'ers s!all re'ularly revie t!e com"liance of information "rocessin' ( "roce$ures it!in t!eir area of res"onsi#ilita""ro"riate security "olicies& stan$ar$s ( any ot!er security re+uirements.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
73/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
74/96
CH ID CO ID Control Objective
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.2
A18 Com"liance A18.2
A18 Com"liance A18.2
ControlHeader
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractual
re+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
-nformation security revies/#ective
-nformation security revies/#ective
-nformation security revies/#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
75/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
76/96
Sr. No 27K2 Control Requirement Title CR ID
1 Policies for information security Control A5.1.1
2 A5.1.2
3 A6.1.1
4 e're'ation of $uties Control A6.1.2
5 Contact it! aut!orities Control A6.1.3
6 A6.1.4
7 A6.1.5
8 o#ile $evice "olicy Control A6.2.1
9 *eleorin' Control A6.2.2
10 creenin' Control A7.1.1
11 A7.1.2
12 ana'ement res"onsi#ilities Control A7.2.1
13 A7.2.2
14 isci"linary "rocess Control A7.2.3
15 A7.3.1
16 -nventory of assets Control A8.1.1
17 /ners!i" of assets Control A8.1.2
18 Acce"ta#le use of assets Control A8.1.3
19 Return of assets Control A8.1.4
20 Classi%cation of information Control A8.2.1
21 a#ellin' of information Control A8.2.2
22 an$lin' of assets Control A8.2.3
23 A8.3.1
Revie of t!e "olicies for informationsecurity Control
-nformation security roles (
res"onsi#ilities Control
Contact it! s"ecial interest 'rou"sControl
-nformation security in "roectmana'ement Control
*erms ( con$itions of em"loymentControl
-nformation security aareness&e$ucation an$ trainin' Control
*ermination or c!an'e of em"loymentres"onsi#ilities Control
ana'ement of remova#le me$iaControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
77/96
24 is"osal of me$ia Control A8.3.2
25 P!ysical me$ia transfer Control A8.3.3
26 Access control "olicy Control A9.1.1
27 A9.1.2
28 A9.2.1
29 :ser access "rovisionin' Control A9.2.2
30 A9.2.3
31 A9.2.4
32 Revie of user access ri'!ts Control A9.2.5
33 A9.2.6
34 A9.3.1
35 -nformation access restriction Control A9.4.1
36 ecure lo';on "roce$ures Control A9.4.2
37 Passor$ mana'ement system Control A9.4.3
38 A9.4.4
39 A9.4.5
40 A10.1.1
41 =ey mana'ement Control A10.1.2
42 P!ysical security "erimeter Control A11.1.1
43 P!ysical entry controls Control A11.1.2
44 A11.1.3
45 A11.1.4
46
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
78/96
48 >+ui"ment sitin' ( "rotection Control A11.2.1
49 u""ortin' utilities Control A11.2.2
50 Ca#lin' security Control A11.2.3
51 >+ui"ment maintenance Control A11.2.4
52 Removal of assets Control A11.2.5
53 A11.2.6
54 A11.2.7
55 :natten$e$ user e+ui"ment Control A11.2.8
56 Clear $es ( clear screen "olicy Control A11.2.9
57 A12.1.1
58 C!an'e mana'ement Control A12.1.2
59 Ca"acity mana'ement Control A12.1.3
60 A12.1.4
61 Controls a'ainst malare Control A12.2.1
62 -nformation #acu" Control A12.3.1
63 >vent lo''in' Control A12.4.1
64 Protection of lo' information Control A12.4.2
65 A$ministrator ( o"erator lo's Control A12.4.3
66 Cloc sync!ronisation Control A12.4.4
67 A12.5.1
68 A12.6.1
69 A12.6.2
70 A12.7.1
71 @etor controls Control A13.1.1
ecurity of e+ui"ment ( assets o,;"remises Control
ecure $is"osal or reuse of e+ui"mentControl
ocumente$ o"eratin' "roce$uresControl
e"aration of $evelo"ment& testin' (
o"erational environments Control
-nstallation of softare on o"erationalsystems Control
ana'ement of tec!nicalvulnera#ilities Control
Restrictions on softare installationControl
-nformation systems au$it controls
Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
79/96
72 ecurity of netor services Control A13.1.2
73 e're'ation in netors Control A13.1.3
74 A13.2.1
75 A13.2.2
76 >lectronic messa'in' Control A13.2.3
77 A13.2.4
78 A14.1.1
79 A14.1.2
80 A14.1.3
81 ecure $evelo"ment "olicy Control A14.2.1
82 A14.2.2
83 A14.2.3
84 A14.2.4
85 A14.2.5
86 A14.2.6
87 /utsource$ $evelo"ment Control A14.2.7
88 ystem security testin' Control A14.2.8
89 ystem acce"tance testin' Control A14.2.9
-nformation transfer "olicies ("roce$ures Control
A'reements on information transferControl
Con%$entiality or non$isclosurea'reements Control
-nformation security re+uirementsanalysis ( s"eci%cation Control
ecurin' a""lication services on "u#lic
netors Control
Protectin' a""lication servicestransactions Control
ystem c!an'e control "roce$uresControl
*ec!nical revie of a""lications aftero"eratin' "latform c!an'es Control
Restrictions on c!an'es to softare"aca'es Control
ecure system en'ineerin' "rinci"lesControl
ecure $evelo"mentenvironmentControl
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
80/96
90 Protection of test $ata Control A14.3.1
91 A15.1.1
92 A15.1.2
93 A15.1.3
94 A15.2.1
95 A15.2.2
96 Res"onsi#ilities ( "roce$ures Control A16.1.1
97 A16.1.2
98 A16.1.3
99 A16.1.4
100 A16.1.5
101 A16.1.6
102 Collection of evi$ence Control A16.1.7
103 A17.1.1
104 A17.1.2
105 A17.1.3
106 A17.2.1
-nformation security "olicy for su""lierrelations!i"s Control
A$$ressin' security it!in su""liera'reements Control
-nformation ( communicationtec!nolo'y su""ly c!ain Control
onitorin' ( revie of su""lier servicesControl
ana'in' c!an'es to su""lier servicesControl
Re"ortin' information security eventsControl
Re"ortin' information securityeanesses Control
Assessment of ( $ecision oninformation security events Control
Res"onse to information securityinci$ents Control
earnin' from information securityinci$ents Control
Plannin' information security continuityControl
-m"lementin' information securitycontinuity Control
erify& revie ( evaluate informationsecurity continuity Control
Availa#ility of information "rocessin'
facilities Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
81/96
107 A18.1.1
108 -ntellectual "ro"erty ri'!ts Control A18.1.2
109 Protection of recor$s Control A18.1.3
110 A18.1.4
111 A18.1.5
112 A18.2.1
113 A18.2.2
114 *ec!nical com"liance revie Control A18.2.3
115
116
117
118
119120
121
122
123
124
125
126
127
128
129130
131
132
133
134
135
136
137
138
139140
141
-$enti%cation of a""lica#le le'islation (contractual re+uirements Control
Privacy ( "rotection of "ersonallyi$enti%a#le information Control
Re'ulation of cry"to'ra"!ic controlsControl
-n$e"en$ent revie of informationsecurity Control
Com"liance it! security "olicies (stan$ar$s Control
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
82/96
142
143
144
145
146
147
148149
150
151
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
83/96
Control Requirement
All information security res"onsi#ilities s!all #e $e%ne$ ( allocate$.
A""ro"riate contacts it! relevant aut!orities s!all #e maintaine$
A""ro"riate contacts it! s"ecial interest 'rou"s or ot!er s"ecialist security forums ( "rofessional associations s!all #e
-nformation security s!all #e a$$resse$ in "roect mana'ement& re'ar$less of t!e ty"e of t!e "roect.
A "olicy ( su""ortin' security measures s!all #e a$o"te$ to mana'e t!e riss intro$uce$ #y usin' mo#ile $evices.
*!e contractual a'reements it! em"loyees ( contractors s!all state t!eir ( t!e or'aniations res"onsi#ilities for infor
Assets maintaine$ in t!e inventory s!all #e one$.
-nformation s!all #e classi%e$ in terms of le'al re+uirements& value& criticality ( sensitivity to unaut!orie$ $isclosure or
A set of "olicies for information security s!all #e $e%ne$& a""rove$ #y mana'ement& "u#lis!e$ ( communicate$ to em"relevant e)ternal "arties.
*!e "olicies for information security s!all #e reviee$ at "lanne$ intervals or if si'ni%cant c!an'es occur to ensure t!eirsuita#ility& a$e+uacy ( e,ectiveness
Conictin' $uties ( areas of res"onsi#ility s!all #e se're'ate$ to re$uce o""ortunities for unaut!orie$ or unintentionalmisuse of t!e or'aniations assets.
A "olicy ( su""ortin' security measures s!all #e im"lemente$ to "rotect information accesse$& "rocesse$ or store$ at tsites.
ac'roun$ veri%cation c!ecs on all can$i$ates for em"loyment s!all #e carrie$ out in accor$ance it! relevant las& ret!ics ( s!all #e "ro"ortional to t!e #usiness re+uirements& t!e classi%cation of t!e information to #e accesse$ ( t!e "e
ana'ement s!all re+uire all em"loyees ( contractors to a""ly information security in accor$ance it! t!e esta#lis!e$"roce$ures of t!e or'aniation.
All em"loyees of t!e or'aniation an$& !ere relevant& contractors s!all receive a""ro"riate aareness e$ucation ( traiu"$ates in or'aniational "olicies ( "roce$ures& as relevant for t!eir o# function.
*!ere s!all #e a formal ( communicate$ $isci"linary "rocess in "lace to tae action a'ainst em"loyees !o !ave comminformation security #reac!.
-nformation security res"onsi#ilities ( $uties t!at remain vali$ after termination or c!an'e of em"loyment s!all #e $e%ncommunicate$ to t!e em"loyee or contractor ( enforce$.
Assets associate$ it! information ( information "rocessin' facilities s!all #e i$enti%e$ ( an inventory of t!ese assets su" ( maintaine$.
Rules for t!e acce"ta#le use of information ( of assets associate$ it! information ( information "rocessin' facilities s!i$enti%e$& $ocumente$ ( im"lemente$.
All em"loyees ( e)ternal "arty users s!all return all of t!e or'aniational assets in t!eir "ossession u"on termination ofem"loyment& contract or a'reement.
An a""ro"riate set of "roce$ures for information la#ellin' s!all #e $evelo"e$ ( im"lemente$ in accor$ance it! t!e infoclassi%cation sc!eme a$o"te$ #y t!e or'aniation.
Proce$ures for !an$lin' assets s!all #e $evelo"e$ ( im"lemente$ in accor$ance it! t!e information classi%cation sc!e
t!e or'aniation
Proce$ures s!all #e im"lemente$ for t!e mana'ement of remova#le me$ia in accor$ance it! t!e classi%cation sc!emeor'aniation.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
84/96
e$ia s!all #e $is"ose$ of securely !en no lon'er re+uire$& usin' formal "roce$ures.
e$ia containin' information s!all #e "rotecte$ a'ainst unaut!orie$ access& misuse or corru"tion $urin' trans"ortatio
An access control "olicy s!all #e esta#lis!e$& $ocumente$ ( reviee$ #ase$ on #usiness ( information security re+uire
:sers s!all only #e "rovi$e$ it! access to t!e netor ( netor services t!at t!ey !ave #een s"eci%cally aut!orie$ t
A formal user re'istration ( $e;re'istration "rocess s!all #e im"lemente$ to ena#le assi'nment of access ri'!ts.
*!e allocation ( use of "rivile'e$ access ri'!ts s!all #e restricte$ ( controlle$.
*!e allocation of secret aut!entication information s!all #e controlle$ t!rou'! a formal mana'ement "rocess.
Asset oners s!all revie users access ri'!ts at re'ular intervals.
:sers s!all #e re+uire$ to follo t!e or'aniations "ractices in t!e use of secret aut!entication information.
Access to information ( a""lication system functions s!all #e restricte$ in accor$ance it! t!e access control "olicy.
Passor$ mana'ement systems s!all #e interactive ( s!all ensure +uality "assor$s.
*!e use of utility "ro'rams t!at mi'!t #e ca"a#le of overri$in' system ( a""lication controls s!all #e restricte$ ( ti'!tl
Access to "ro'ram source co$e s!all #e restricte$.
A "olicy on t!e use of cry"to'ra"!ic controls for "rotection of information s!all #e $evelo"e$ ( im"lemente$.
A "olicy on t!e use& "rotection ( lifetime of cry"to'ra"!ic eys s!all #e $evelo"e$ ( im"lemente$ t!rou'! t!eir !ole li
ecure areas s!all #e "rotecte$ #y a""ro"riate entry controls to ensure t!at only aut!orie$ "ersonnel are alloe$ acce
P!ysical security for o?ces& rooms ( facilities s!all #e $esi'ne$ ( a""lie$.
P!ysical "rotection a'ainst natural $isasters& malicious attac or acci$ents s!all #e $esi'ne$ ( a""lie$.
Proce$ures for orin' in secure areas s!all #e $esi'ne$ ( a""lie$.
A formal user access "rovisionin' "rocess s!all #e im"lemente$ to assi'n or revoe access ri'!ts for all user ty"es to allservices.
*!e access ri'!ts of all em"loyees ( e)ternal "arty users to information ( information "rocessin' facilities s!all #e remtermination of t!eir em"loyment& contract or a'reement& or a$uste$ u"on c!an'e.
ecurity "erimeters s!all #e $e%ne$ ( use$ to "rotect areas t!at contain eit!er sensitive or critical information ( inform"rocessin' facilities.
Access "oints suc! as $elivery ( loa$in' areas ( ot!er "oints !ere unaut!orie$ "ersons coul$ enter t!e "remises s!alan$& if "ossi#le& isolate$ from information "rocessin' facilities to avoi$ unaut!orie$ access.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
85/96
>+ui"ment s!all #e "rotecte$ from "oer failures ( ot!er $isru"tions cause$ #y failures in su""ortin' utilities.
>+ui"ment s!all #e correctly maintaine$ to ensure its continue$ availa#ility ( inte'rity.
>+ui"ment& information or softare s!all not #e taen o,;site it!out "rior aut!oriation.
ecurity s!all #e a""lie$ to o,;site assets tain' into account t!e $i,erent riss of orin' outsi$e t!e or'aniations "r
:sers s!all ensure t!at unatten$e$ e+ui"ment !as a""ro"riate "rotection.
A clear $es "olicy for "a"ers ( remova#le stora'e me$ia ( a clear screen "olicy for information "rocessin' facilities s!
/"eratin' "roce$ures s!all #e $ocumente$ ( ma$e availa#le to all users !o nee$ t!em
acu" co"ies of information& softare ( system ima'es s!all #e taen ( teste$ re'ularly in accor$ance it! an a'ree$
>vent lo's recor$in' user activities& e)ce"tions& faults ( information security events s!all #e "ro$uce$& e"t ( re'ularly
o''in' facilities ( lo' information s!all #e "rotecte$ a'ainst tam"erin' ( unaut!orie$ access.
ystem a$ministrator ( system o"erator activities s!all #e lo''e$ ( t!e lo's "rotecte$ ( re'ularly reviee$.
Proce$ures s!all #e im"lemente$ to control t!e installation of softare on o"erational systems.
Rules 'overnin' t!e installation of softare #y users s!all #e esta#lis!e$ ( im"lemente$.
@etors s!all #e mana'e$ ( controlle$ to "rotect information in systems ( a""lications.
>+ui"ment s!all #e site$ ( "rotecte$ to re$uce t!e riss from environmental t!reats ( !aar$s& ( o""ortunities for unaaccess.
Poer ( telecommunications ca#lin' carryin' $ata or su""ortin' information services s!all #e "rotecte$ from interce"tior $ama'e.
All items of e+ui"ment containin' stora'e me$ia s!all #e veri%e$ to ensure t!at any sensitive $ata ( license$ softareremove$ or securely overritten "rior to $is"osal or re;use.
C!an'es to t!e or'aniation& #usiness "rocesses& information "rocessin' facilities ( systems t!at a,ect information seccontrolle$.
*!e use of resources s!all #e monitore$& tune$ ( "roections ma$e of future ca"acity re+uirements to ensure t!e re+uir"erformance.
evelo"ment& testin'& ( o"erational environments s!all #e se"arate$ to re$uce t!e riss of unaut!orie$ access or c!a
o"erational environment.
etection& "revention ( recovery controls to "rotect a'ainst malare s!all #e im"lemente$& com#ine$ it! a""ro"riateaareness.
*!e clocs of all relevant information "rocessin' systems it!in an or'aniation or security $omain s!all #e sync!ronisereference time source.
-nformation a#out tec!nical vulnera#ilities of information systems #ein' use$ s!all #e o#taine$ in a timely fas!ion& t!ee)"osure to suc! vulnera#ilities evaluate$ ( a""ro"riate measures taen to a$$ress t!e associate$ ris.
Au$it re+uirements ( activities involvin' veri%cation of o"erational systems s!all #e carefully "lanne$ ( a'ree$ to minito #usiness "rocesses.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
86/96
rou"s of information services& users ( information systems s!all #e se're'ate$ on netors.
A'reements s!all a$$ress t!e secure transfer of #usiness information #eteen t!e or'aniation ( e)ternal "arties.
-nformation involve$ in electronic messa'in' s!all #e a""ro"riately "rotecte$.
Rules for t!e $evelo"ment of softare ( systems s!all #e esta#lis!e$ an$ a""lie$ to $evelo"ments it!in t!e or'aniati
C!an'es to systems it!in t!e $evelo"ment lifecycle s!all #e controlle$ #y t!e use of formal c!an'e control "roce$ures
o$i%cations to softare "aca'es s!all #e $iscoura'e$& limite$ to necessary c!an'es ( all c!an'es s!all #e strictly co
*!e or'aniation s!all su"ervise ( monitor t!e activity of outsource$ system $evelo"ment.
*estin' of security functionality s!all #e carrie$ out $urin' $evelo"ment.
Acce"tance testin' "ro'rams ( relate$ criteria s!all #e esta#lis!e$ for ne information systems& u"'ra$es ( ne versio
ecurity mec!anisms& service levels ( mana'ement re+uirements of all netor services s!all #e i$enti%e$ ( inclu$e$ iservices a'reements& !et!er t!ese services are "rovi$e$ in;!ouse or outsource$.
Bormal transfer "olicies& "roce$ures ( controls s!all #e in "lace to "rotect t!e transfer of information t!rou'! t!e use ofcommunication facilities.
Re+uirements for con%$entiality or non;$isclosure a'reements reectin' t!e or'aniations nee$s for t!e "rotection of in#e i$enti%e$& re'ularly reviee$ ( $ocumente$.
*!e information security relate$ re+uirements s!all #e inclu$e$ in t!e re+uirements for ne information systems or en!e)istin' information systems.
-nformation involve$ in a""lication services "assin' over "u#lic netors s!all #e "rotecte$ from frau$ulent activity& coan$ unaut!orie$ $isclosure ( mo$i%cation.
-nformation involve$ in a""lication service transactions s!all #e "rotecte$ to "revent incom"lete transmission& mis;routiunaut!orie$ messa'e alteration& unaut!orie$ $isclosure& unaut!orie$ messa'e $u"lication or re"lay.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
87/96
*est $ata s!all #e selecte$ carefully& "rotecte$ ( controlle$.
/r'aniations s!all re'ularly monitor& revie ( au$it su""lier service $elivery.
-nformation security events s!all #e re"orte$ t!rou'! a""ro"riate mana'ement c!annels as +uicly as "ossi#le.
-nformation security events s!all #e assesse$ ( it s!all #e $eci$e$ if t!ey are to #e classi%e$ as information security inci
-nformation security inci$ents s!all #e res"on$e$ to in accor$ance it! t!e $ocumente$ "roce$ures.
-nformation "rocessin' facilities s!all #e im"lemente$ it! re$un$ancy su?cient to meet availa#ility re+uirements.
-nformation security re+uirements for miti'atin' t!e riss associate$ it! su""liers access to t!e or'aniations assetsit! t!e su""lier ( $ocumente$.
All relevant information security re+uirements s!all #e esta#lis!e$ ( a'ree$ it! eac! su""lier t!at may access& "rocescommunicate& or "rovi$e -* infrastructure com"onents for& t!e or'aniations information.
A'reements it! su""liers s!all inclu$e re+uirements to a$$ress t!e information security riss associate$ it! informaticommunications tec!nolo'y services ( "ro$uct su""ly c!ain.
C!an'es to t!e "rovision of services #y su""liers& inclu$in' maintainin' ( im"rovin' e)istin' information security "olici( controls& s!all #e mana'e$& tain' account of t!e criticality of #usiness information& systems ( "rocesses involve$ ( rof riss.
ana'ement res"onsi#ilities ( "roce$ures s!all #e esta#lis!e$ to ensure a +uic& e,ective ( or$erly res"onse to informinci$ents.
>m"loyees ( contractors usin' t!e or'aniations information systems ( services s!all #e re+uire$ to note ( re"ort anysus"ecte$ information security or services.eanesses in systems
=nole$'e 'aine$ from analysin' ( resolvin' information security inci$ents s!all #e use$ to re$uce t!e lieli!oo$ or iminci$ents.
*!e or'aniation s!all $e%ne ( a""ly "roce$ures for t!e i$enti%cation& collection& ac+uisition ( "reservation of informatiserve as evi$ence.
*!e or'aniation s!all $etermine its re+uirements for information security ( t!e continuity of information security manaa$verse situations& e.'. $urin' a crisis or $isaster.
*!e or'aniation s!all esta#lis!& $ocument& im"lement ( maintain "rocesses& "roce$ures ( controls to ensure t!e re+uircontinuity for information security $urin' an a$verse situation.
*!e or'aniation s!all verify t!e esta#lis!e$ ( im"lemente$ information security continuity controls at re'ular intervals ensure t!at t!ey are vali$ ( e,ective $urin' a$verse situations.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
88/96
Cry"to'ra"!ic controls s!all #e use$ in com"liance it! all relevant a'reements& le'islation ( re'ulations.
-nformation systems s!all #e re'ularly reviee$ for com"liance it! t!e or'aniations information security "olicies ( st
All relevant le'islative statutory& re'ulatory& contractual re+uirements an$ t!e or'aniations a""roac! to meet t!ese res!all #e e)"licitly i$enti%e$& $ocumente$ ( e"t u" to $ate for eac! information system ( t!e or'aniation.
A""ro"riate "roce$ures s!all #e im"lemente$ to ensure com"liance it! le'islative& re'ulatory ( contractual re+uiremeintellectual "ro"erty ri'!ts ( use of "ro"rietary softare "ro$ucts.
Recor$s s!all #e "rotecte$ from loss& $estruction& falsi%cation& unaut!orie$ access ( unaut!orie$ release& in accor$anle'islatory& re'ulatory& contractual ( #usiness re+uirements.
Privacy ( "rotection of "ersonally i$enti%a#le information s!all #e ensure$ as re+uire$ in relevant le'islation ( re'ulatioa""lica#le.
*!e or'aniations a""roac! to mana'in' information security ( its im"lementation Di.e. control o#ectives& controls& "olan$ "roce$ures for information securityE s!all #e reviee$ in$e"en$ently at "lanne$ intervals or !en si'ni%cant c!an'
ana'ers s!all re'ularly revie t!e com"liance of information "rocessin' ( "roce$ures it!in t!eir area of res"onsi#ilita""ro"riate security "olicies& stan$ar$s ( any ot!er security re+uirements.
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
89/96
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
90/96
CH ID Control Header CO ID Control Objective
A5 -nformation security "olicies A5.1
A5 -nformation security "olicies A5.1
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.1 -nternal or'aniation /#ective
A6 A6.2
A6 A6.2
A7 uman resource security A7.1 Prior to em"loyment /#ective
A7 uman resource security A7.1 Prior to em"loyment /#ective
A7 uman resource security A7.2 urin' em"loyment /#ective
A7 uman resource security A7.2 urin' em"loyment /#ective
A7 uman resource security A7.2 urin' em"loyment /#ective
A7 uman resource security A7.3
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.1 Res"onsi#ility for assets /#ective
A8 Asset mana'ement A8.2 -nformation classi%cation /#ective
A8 Asset mana'ement A8.2 -nformation classi%cation /#ective
A8 Asset mana'ement A8.2 -nformation classi%cation /#ective
A8 Asset mana'ement A8.3 e$ia !an$lin' /#ective
ana'ement $irection forinformation security /#ective
ana'ement $irection forinformation security /#ective
/r'aniation of information
security
/r'aniation of informationsecurity
/r'aniation of informationsecurity
/r'aniation of informationsecurity
/r'aniation of informationsecurity
/r'aniation of information
security
o#ile $evices ( teleorin'
/#ective
/r'aniation of informationsecurity
o#ile $evices ( teleorin'/#ective
*ermination ( c!an'e ofem"loyment /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
91/96
A8 Asset mana'ement A8.3 e$ia !an$lin' /#ective
A8 Asset mana'ement A8.3 e$ia !an$lin' /#ective
A9 Access control A9.1
A9 Access control A9.1
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.2 :ser access mana'ement /#ective
A9 Access control A9.3 :ser res"onsi#ilities /#ective
A9 Access control A9.4
A9 Access control A9.4
A9 Access control A9.4
A9 Access control A9.4
A9 Access control A9.4
A10 Cry"to'ra"!y A10.1 Cry"to'ra"!ic controls /#ective
A10 Cry"to'ra"!y A10.1 Cry"to'ra"!ic controls /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
A11 A11.1 ecure areas /#ective
usiness re+uirements of accesscontrol /#ective
usiness re+uirements of access
control /#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
ystem ( a""lication access control/#ective
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
92/96
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A11 A11.2 >+ui"ment /#ective
A12 /"erations security A12.1
A12 /"erations security A12.1
A12 /"erations security A12.1
A12 /"erations security A12.1
A12 /"erations security A12.2 Protection from malare /#ective
A12 /"erations security A12.3 acu" /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.4 o''in' ( monitorin' /#ective
A12 /"erations security A12.5
A12 /"erations security A12.6
A12 /"erations security A12.6
A12 /"erations security A12.7
A13 Communications security A13.1
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
P!ysical ( environmentalsecurity
/"erational "roce$ures (res"onsi#ilities /#ective
/"erational "roce$ures (res"onsi#ilities /#ective
/"erational "roce$ures (res"onsi#ilities /#ective
/"erational "roce$ures (
res"onsi#ilities /#ective
Control of o"erational softare/#ective
*ec!nical vulnera#ility mana'ement/#ective
*ec!nical vulnera#ility mana'ement/#ective
-nformation systems au$it
consi$erations /#ective@etor security mana'ement/#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
93/96
A13 Communications security A13.1
A13 Communications security A13.1
A13 Communications security A13.2 -nformation transfer /#ective
A13 Communications security A13.2 -nformation transfer /#ective
A13 Communications security A13.2 -nformation transfer /#ective
A13 Communications security A13.2 -nformation transfer /#ective
A14 A14.1
A14 A14.1
A14 A14.1
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
A14 A14.2
@etor security mana'ement/#ective
@etor security mana'ement/#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity re+uirements of informationsystems /#ective
ystem ac+uisition&
$evelo"ment ( maintenance
ecurity re+uirements of information
systems /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity re+uirements of informationsystems /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort"rocesses /#ective
ystem ac+uisition&
$evelo"ment ( maintenance
ecurity in $evelo"ment ( su""ort
"rocesses /#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
94/96
A14 A14.3 *est $ata /#ective
A15 u""lier relations!i"s A15.1
A15 u""lier relations!i"s A15.1
A15 u""lier relations!i"s A15.1
A15 u""lier relations!i"s A15.2
A15 u""lier relations!i"s A15.2
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A16 A16.1
A17 A17.1
A17 A17.1
A17 A17.1
A17 A17.2 Re$un$ancies /#ective
ystem ac+uisition&$evelo"ment ( maintenance
-nformation security in su""lierrelations!i"s /#ective
-nformation security in su""lierrelations!i"s /#ective
-nformation security in su""lierrelations!i"s /#ective
u""lier service $eliverymana'ement /#ective
u""lier service $eliverymana'ement /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security inci$entmana'ement
ana'ement of information securityinci$ents ( im"rovements /#ective
-nformation security as"ects of#usiness continuitymana'ement
-nformation security continuity/#ective
-nformation security as"ects of#usiness continuitymana'ement
-nformation security continuity/#ective
-nformation security as"ects of#usiness continuitymana'ement
-nformation security continuity/#ective
-nformation security as"ects of#usiness continuity
mana'ement
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
95/96
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.1
A18 Com"liance A18.2
A18 Com"liance A18.2
A18 Com"liance A18.2
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
Com"liance it! le'al ( contractualre+uirements /#ective
-nformation security revies/#ective
-nformation security revies/#ective
-nformation security revies/#ective
-
7/25/2019 ISO 27K2 Heade Domainwise Sheets
96/96