← All frameworks
International INTERNATIONAL · pass_fail · International

ISO 27001

ISO/IEC 27001:2022

2022

93 controls · 4 domains
Start assessment in platform →

About this framework

ISO 27001 is the leading international standard for information security management. It sets out how to build a system that finds your risks and applies the right controls, with independent certification to prove it.

Who needs this

For organisations wanting a globally recognised, certifiable mark of strong security, often required by enterprise customers.

Cross-framework coverage

Controls in ISO 27001 also cover:

NCA ECC-2 22 shared
Qatar NIA 22 shared
UAE IA 22 shared
ADHICS 21 shared
NCA OTCC 20 shared

See how ISO 27001 connects to the rest → the Security Universe

Control domains

A.5 · Organizational controls 37
A.5.1
Policies for information security
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.2
Information security roles and responsibilities
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.3
Segregation of duties
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.4
Management responsibilities
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.5
Contact with authorities
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.6
Contact with special interest groups
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.7
Threat intelligence
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.8
Information security in project management
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.9
Inventory of information and other associated assets
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.10
Acceptable use of information and other associated assets
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.11
Return of assets
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.12
Classification of information
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.5.13
Labelling of information
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.5.14
Information transfer
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.5.15
Access control
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.16
Identity management
CJISADHICSCIS ControlsHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFQatar NIASAMA CSFUAE IAPCI DSS 4.0.1
A.5.17
Authentication information
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.18
Access rights
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.19
Information security in supplier relationships
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.20
Addressing information security within supplier agreements
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.21
Managing information security in the ICT supply chain
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.22
Monitoring, review and change management of supplier services
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.23
Information security for use of cloud services
CJISADHICSCIS ControlsNCA CCCNCA ECC-2Qatar NIASAMA CSFUAE IA
A.5.24
Information security incident management planning and preparation
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.25
Assessment and decision on information security events
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.26
Response to information security incidents
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.27
Learning from information security incidents
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.28
Collection of evidence
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.29
Information security during disruption
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
A.5.30
ICT readiness for business continuity
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
A.5.31
Legal, statutory, regulatory and contractual requirements
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.32
Intellectual property rights
A.5.33
Protection of records
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.5.34
Privacy and protection of personal identifiable information (PII)
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.5.35
Independent review of information security
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
A.5.36
Compliance with policies, rules and standards for information security
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.5.37
Documented operating procedures
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.6 · People controls 8
A.6.1
Screening
NCA ECC-2NCA OTCCNIS2Qatar NIAUAE IAADHICSNCA CCCPCI DSS 4.0.1SAMA CSF
A.6.2
Terms and conditions of employment
NCA ECC-2NCA OTCCNIS2Qatar NIAUAE IAADHICSNCA CCCPCI DSS 4.0.1SAMA CSF
A.6.3
Information security awareness, education and training
CJISADHICSCIS ControlsGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IAUK GDPR
A.6.4
Disciplinary process
NCA ECC-2NCA OTCCNIS2Qatar NIAUAE IAADHICSNCA CCCPCI DSS 4.0.1SAMA CSF
A.6.5
Responsibilities after termination or change of employment
NCA ECC-2NCA OTCCNIS2Qatar NIAUAE IAADHICSNCA CCCPCI DSS 4.0.1SAMA CSF
A.6.6
Confidentiality or non-disclosure agreements
NCA ECC-2NCA OTCCNIS2Qatar NIAUAE IAADHICSNCA CCCPCI DSS 4.0.1SAMA CSF
A.6.7
Remote working
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.6.8
Information security event reporting
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.7 · Physical controls 14
A.7.1
Physical security perimeters
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.2
Physical entry
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.3
Securing offices, rooms and facilities
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.4
Physical security monitoring
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.7.5
Protecting against physical and environmental threats
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.6
Working in secure areas
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.7
Clear desk and clear screen
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.8
Equipment siting and protection
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.9
Security of assets off-premises
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.10
Storage media
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.11
Supporting utilities
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.12
Cabling security
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.13
Equipment maintenance
ADHICSHIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.7.14
Secure disposal or re-use of equipment
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8 · Technological controls 34
A.8.1
User endpoint devices
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.2
Privileged access rights
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.3
Information access restriction
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.4
Access to source code
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.5
Secure authentication
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.6
Capacity management
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
A.8.7
Protection against malware
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIAUAE IA
A.8.8
Management of technical vulnerabilities
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORANCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.8.9
Configuration management
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.10
Information deletion
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.8.11
Data masking
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.8.12
Data leakage prevention
CJISADHICSCIS ControlsGDPR (EU)NCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCC
A.8.13
Information backup
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
A.8.14
Redundancy of information processing facilities
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
A.8.15
Logging
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.16
Monitoring activities
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.17
Clock synchronization
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.18
Use of privileged utility programs
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.19
Installation of software on operational systems
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.20
Networks security
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIAUAE IA
A.8.21
Security of network services
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIAUAE IA
A.8.22
Segregation of networks
CJISADHICSCIS ControlsNCA ECC-2NCA OTCCNIST CSFQatar NIAUAE IAPCI DSS 4.0.1
A.8.23
Web filtering
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusNCA CCCNCA ECC-2NCA OTCCNIST CSFPCI DSS 4.0.1Qatar NIAUAE IA
A.8.24
Use of cryptography
CJISADHICSCIS ControlsGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.25
Secure development life cycle
CJISCIS ControlsNCA ECC-2UAE IAADHICSNCA CCCPCI DSS 4.0.1Qatar NIASAMA CSF
A.8.26
Application security requirements
CJISCIS ControlsNCA ECC-2UAE IAADHICSNCA CCCPCI DSS 4.0.1Qatar NIASAMA CSF
A.8.27
Secure system architecture and engineering principles
CJISCIS ControlsNCA ECC-2UAE IAADHICSNCA CCCPCI DSS 4.0.1Qatar NIASAMA CSF
A.8.28
Secure coding
CJISCIS ControlsNCA ECC-2UAE IAADHICSNCA CCCPCI DSS 4.0.1Qatar NIASAMA CSF
A.8.29
Security testing in development and acceptance
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORANCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1Qatar NIASAMA CSFUAE IA
A.8.30
Outsourced development
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
A.8.31
Separation of development, test and production environments
CJISADHICSCIS ControlsNCA ECC-2NCA OTCCNIST CSFQatar NIAUAE IAPCI DSS 4.0.1
A.8.32
Change management
NCA OTCCQatar NIAUAE IANCA CCCNCA ECC-2PCI DSS 4.0.1
A.8.33
Test information
CJISCIS ControlsNCA ECC-2UAE IAADHICSNCA CCCPCI DSS 4.0.1Qatar NIASAMA CSF
A.8.34
Protection of information systems during audit testing
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleNCA CCCNCA ECC-2NCA OTCCNIS2NIST CSFPDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1

Ready to assess against ISO 27001?

Start free trial →