Organizational controls
People controls
Physical controls
Covered A.5 controls
- A.5.1 Policies for Information Security
- A.5.2 Information Security Roles and Responsibilities
- A.5.3 Segregation of Duties
- A.5.4 Management Responsibilities
- A.5.5 Contact with Authorities
- A.5.6 Contact with Special Interest Groups
- A.5.7 Threat Intelligence
- A.5.8 Information Security in Project Management
- A.5.9 Inventory of Information and Other Associated Assets
- A.5.10 Acceptable Use of Information and Other Associated Assets
- A.5.11 Return of Assets
- A.5.12 Classification of Information
- A.5.13 Labelling of Information
- A.5.14 Information Transfer
- A.5.15 Access Control
- A.5.16 Identity Management
- A.5.17 Authentication Information
- A.5.18 Access Rights
- A.5.19 Information Security in Supplier Relationships
- A.5.20 Addressing Information Security Within Supplier Agreements
- A.5.21 Managing Information Security in the ICT Supply Chain
- A.5.22 Monitoring, Review and Change Management of Supplier Services
- A.5.23 Information Security for Use of Cloud Services
- A.5.24 Information Security Incident Management Planning and Preparation
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
- A.5.27 Learning from Information Security Incidents
- A.5.28 Collection of Evidence
- A.5.29 Information Security During Disruption
- A.5.30 ICT Readiness for Business Continuity
- A.5.31 Legal, Statutory, Regulatory and Contractual Requirements
- A.5.32 Intellectual Property Rights
- A.5.33 Protection of Records
- A.5.34 Privacy and Protection of PII
- A.5.35 Independent Review of Information Security
- A.5.36 Compliance with Policies, Rules and Standards for Information Security
- A.5.37 Documented Operating Procedures
Covered A.6 controls
- A.6.1 Screening
- A.6.2 Terms and Conditions of Employment
- A.6.3 Information Security Awareness Education and Training
- A.6.4 Disciplinary Process
- A.6.5 Responsibilities After Termination or Change of Employment
- A.6.6 Confidentiality or Non-Disclosure Agreements
- A.6.7 Remote Working
- A.6.8 Information Security Event Reporting
Covered A.7 controls
- A.7.1 Physical Security Perimeters
- A.7.2 Physical Entry
- A.7.3 Securing Offices Rooms and Facilities
- A.7.4 Physical Security Monitoring
- A.7.5 Protecting Against Physical and Environmental Threats
- A.7.6 Working in Secure Areas
- A.7.7 Clear Desk and Clear Screen
- A.7.8 Equipment Siting and Protection
- A.7.9 Security of Assets Off-Premises
- A.7.10 Storage Media
- A.7.11 Supporting Utilities
- A.7.12 Cabling Security
- A.7.13 Equipment Maintenance
- A.7.14 Secure Disposal or Re-Use of Equipment
Covered A.8 controls
- A.8.1 User End Point Devices
- A.8.2 Privileged Access Rights
- A.8.3 Information Access Restriction
- A.8.4 Access to Source Code
- A.8.5 Secure Authentication
- A.8.6 Capacity Management
- A.8.7 Protection Against Malware
- A.8.8 Management of Technical Vulnerabilities
- A.8.9 Configuration Management
- A.8.10 Information Deletion
- A.8.11 Data Masking
- A.8.12 Data Leakage Prevention
- A.8.13 Information Backup
- A.8.14 Redundancy of Information Processing Facilities
- A.8.15 Logging
- A.8.16 Monitoring Activities
- A.8.19 Installation of Software on Operational Systems
- A.8.20 Networks Security
- A.8.21 Security of Network Services
- A.8.22 Segregation of Networks
- A.8.23 Web Filtering
- A.8.24 Use of Cryptography
- A.8.25 Secure Development Life Cycle
- A.8.26 Application Security Requirements
- A.8.27 Secure System Architecture and Engineering Principles
- A.8.28 Secure Coding
- A.8.29 Security Testing in Development and Acceptance
- A.8.30 Outsourced Development
- A.8.31 Separation of Development Test and Production Environments
- A.8.32 Change Management
- A.8.33 Test Information
- A.8.34 Protection of Information Systems During Audit Testing
Core Annex A concepts
- Annex A and the Statement of Applicability
- ISO 27001 Knowledge Base MOC
- ISO 27002 Knowledge Base MOC
- ISO 27002 Annex A Control Interpretation Map
- ISO 27005 Knowledge Base MOC
- ISO27002 Control Attributes
- Control Attributes and Risk Treatment Effects
- A.5 Organizational Controls Implementation Guide
- A.5 Organizational Controls Audit Guide
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Guide
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Guide
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Iso27001
- ISO27002
- Annex a
- Moc
Note Metadata
Aliases: Annex A MOC
Source: 99 Indexes/Annex A Controls MOC.md
Related Notes
- Annex A and the Statement of Applicability
- Control Attributes and Risk Treatment Effects
- ISO27002 Control Attributes
- ISO 27001 A.5.1 - Policies for Information Security
- ISO 27001 A.5.10 - Acceptable Use of Information and Other Associated Assets
- ISO 27001 A.5.11 - Return of Assets
- ISO 27001 A.5.12 - Classification of Information
- ISO 27001 A.5.13 - Labelling of Information
- ISO 27001 A.5.14 - Information Transfer
- ISO 27001 A.5.15 - Access Control
- ISO 27001 A.5.16 - Identity Management
- ISO 27001 A.5.17 - Authentication Information
- ISO 27001 A.5.18 - Access Rights
- ISO 27001 A.5.19 - Information Security in Supplier Relationships
- ISO 27001 A.5.2 - Information Security Roles and Responsibilities
- ISO 27001 A.5.20 - Addressing Information Security Within Supplier Agreements
- ISO 27001 A.5.21 - Managing Information Security in the ICT Supply Chain
- ISO 27001 A.5.22 - Monitoring, Review and Change Management of Supplier Services
- ISO 27001 A.5.23 - Information Security for Use of Cloud Services
- ISO 27001 A.5.24 - Information Security Incident Management Planning and Preparation
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- ISO 27001 A.5.26 - Response to Information Security Incidents
- ISO 27001 A.5.27 - Learning from Information Security Incidents
- ISO 27001 A.5.28 - Collection of Evidence
- ISO 27001 A.5.29 - Information Security During Disruption
- ISO 27001 A.5.3 - Segregation of Duties
- ISO 27001 A.5.30 - ICT Readiness for Business Continuity
- ISO 27001 A.5.31 - Legal, Statutory, Regulatory and Contractual Requirements
- ISO 27001 A.5.32 - Intellectual Property Rights
- ISO 27001 A.5.33 - Protection of Records
- ISO 27001 A.5.34 - Privacy and Protection of PII
- ISO 27001 A.5.35 - Independent Review of Information Security
- ISO 27001 A.5.36 - Compliance with Policies, Rules and Standards for Information Security
- ISO 27001 A.5.37 - Documented Operating Procedures
- ISO 27001 A.5.4 - Management Responsibilities
- ISO 27001 A.5.5 - Contact with Authorities
- ISO 27001 A.5.6 - Contact with Special Interest Groups
- ISO 27001 A.5.7 - Threat Intelligence
- ISO 27001 A.5.8 - Information Security in Project Management
- ISO 27001 A.5.9 - Inventory of Information and Other Associated Assets
- A.5 Organizational Controls MOC
- ISO 27001 A.6.1 - Screening
- ISO 27001 A.6.2 - Terms and Conditions of Employment
- ISO 27001 A.6.3 - Information Security Awareness, Education and Training
- ISO 27001 A.6.4 - Disciplinary Process
- ISO 27001 A.6.5 - Responsibilities After Termination or Change of Employment
- ISO 27001 A.6.6 - Confidentiality or Non-Disclosure Agreements
- ISO 27001 A.6.7 - Remote Working
- ISO 27001 A.6.8 - Information Security Event Reporting
- A.6 People Controls MOC
- ISO 27001 A.7.1 - Physical Security Perimeters
- ISO 27001 A.7.10 - Storage Media
- ISO 27001 A.7.11 - Supporting Utilities
- ISO 27001 A.7.12 - Cabling Security
- ISO 27001 A.7.13 - Equipment Maintenance
- ISO 27001 A.7.14 - Secure Disposal or Re-Use of Equipment
- ISO 27001 A.7.2 - Physical Entry
- ISO 27001 A.7.3 - Securing Offices, Rooms and Facilities
- ISO 27001 A.7.4 - Physical Security Monitoring
- ISO 27001 A.7.5 - Protecting Against Physical and Environmental Threats
- ISO 27001 A.7.6 - Working in Secure Areas
- ISO 27001 A.7.7 - Clear Desk and Clear Screen
- ISO 27001 A.7.8 - Equipment Siting and Protection
- ISO 27001 A.7.9 - Security of Assets Off-Premises
- A.7 Physical Controls MOC
- ISO 27001 A.8.1 - User End Point Devices
- ISO 27001 A.8.10 - Information Deletion
- ISO 27001 A.8.11 - Data Masking
- ISO 27001 A.8.12 - Data Leakage Prevention
- ISO 27001 A.8.13 - Information Backup
- ISO 27001 A.8.14 - Redundancy of Information Processing Facilities
- ISO 27001 A.8.15 - Logging
- ISO 27001 A.8.16 - Monitoring Activities
- ISO 27001 A.8.19 - Installation of Software on Operational Systems
- ISO 27001 A.8.2 - Privileged Access Rights
- ISO 27001 A.8.20 - Networks Security
- ISO 27001 A.8.21 - Security of Network Services
- ISO 27001 A.8.22 - Segregation of Networks
- ISO 27001 A.8.23 - Web Filtering
- ISO 27001 A.8.24 - Use of Cryptography
- ISO 27001 A.8.25 - Secure Development Life Cycle
- ISO 27001 A.8.26 - Application Security Requirements
- ISO 27001 A.8.27 - Secure System Architecture and Engineering Principles
- ISO 27001 A.8.28 - Secure Coding
- ISO 27001 A.8.29 - Security Testing in Development and Acceptance
- ISO 27001 A.8.3 - Information Access Restriction
- ISO 27001 A.8.30 - Outsourced Development
- ISO 27001 A.8.31 - Separation of Development Test and Production Environments
- ISO 27001 A.8.32 - Change Management
- ISO 27001 A.8.33 - Test Information
- ISO 27001 A.8.34 - Protection of Information Systems During Audit Testing
- ISO 27001 A.8.4 - Access to Source Code
- ISO 27001 A.8.5 - Secure Authentication
- ISO 27001 A.8.6 - Capacity Management
- ISO 27001 A.8.7 - Protection Against Malware
- ISO 27001 A.8.8 - Management of Technical Vulnerabilities
- ISO 27001 A.8.9 - Configuration Management
- A.5 Organizational Controls Implementation Guide
- A.6 People Controls Implementation Guide
- A.7 Physical Controls Implementation Guide
- A.8 Technological Controls Implementation Guide
- A.5 Organizational Controls Audit Guide
- A.6 People Controls Audit Guide
- A.7 Physical Controls Audit Guide
- A.8 Technological Controls Audit Guide
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27001 Knowledge Base
- ISO 27002 Annex A Control Interpretation Map
- ISO 27002 Knowledge Base
- ISO 27005 Knowledge Base