127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
14 in ISO27001 · 127 total
| ID | Title | Summary |
|---|---|---|
| ISO27001-A.5.23 | Information security for use of cloud services ISO27001pentest:high | Processes for acquisition, use, management and exit from cloud services shall be established in accordance with the organisation's information security require… |
| ISO27001-A.5.7 | Threat intelligence ISO27001pentest:high | Information relating to information security threats shall be collected and analysed to produce threat intelligence. Theme: Organisational controls. (Full guid… |
| ISO27001-A.8.16 | Monitoring activities ISO27001pentest:high | Networks, systems and applications shall be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incident… |
| ISO27001-A.8.2 | Privileged access rights ISO27001pentest:high | The allocation and use of privileged access rights shall be restricted and managed. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8.2.) |
| ISO27001-A.8.21 | Security of network services ISO27001pentest:high | Security mechanisms, service levels and service requirements of network services shall be identified, implemented and monitored. Theme: Technological controls.… |
| ISO27001-A.8.23 | Web filtering ISO27001pentest:medium | Access to external websites shall be managed to reduce exposure to malicious content. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8.23.) |
| ISO27001-A.8.24 | Use of cryptography ISO27001pentest:high | Rules for the effective use of cryptography, including cryptographic key management, shall be defined and implemented. Theme: Technological controls. (Full gui… |
| ISO27001-A.8.25 | Secure development life cycle ISO27001pentest:high | Rules for the secure development of software and systems shall be established and applied. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8… |
| ISO27001-A.8.26 | Application security requirements ISO27001pentest:high | Information security requirements shall be identified, specified and approved when developing or acquiring applications. Theme: Technological controls. (Full g… |
| ISO27001-A.8.28 | Secure coding ISO27001pentest:high | Secure coding principles shall be applied to software development. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8.28.) |
| ISO27001-A.8.29 | Security testing in development and acceptance ISO27001pentest:high | Security testing processes shall be defined and implemented in the development life cycle. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8… |
| ISO27001-A.8.5 | Secure authentication ISO27001pentest:high | Secure authentication technologies and procedures shall be implemented based on information access restrictions and the topic-specific policy on access control… |
| ISO27001-A.8.8 | Management of technical vulnerabilities ISO27001pentest:high | Information about technical vulnerabilities of information systems in use shall be obtained, the organisation's exposure to such vulnerabilities shall be evalu… |
| ISO27001-A.8.9 | Configuration management ISO27001pentest:high | Configurations, including security configurations, of hardware, software, services and networks shall be established, documented, implemented, monitored and re… |