GV · Govern 6
GV.OC
Organizational Context
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.RM
Risk Management Strategy
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.RR
Roles, Responsibilities, and Authorities
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.PO
Policy
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.OV
Oversight
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.SC
Cybersecurity Supply Chain Risk Management
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
ID · Identify 3
ID.AM
Asset Management
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
ID.RA
Risk Assessment
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1Qatar NIASAMA CSFUAE IAGDPR (EU)HIPAA Security RulePDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021UK GDPR
ID.IM
Improvement
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
PR · Protect 5
PR.AA
Identity Management, Authentication, and Access Control
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRNCA CCC
PR.AT
Awareness and Training
CJISADHICSCIS ControlsGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1Qatar NIASAMA CSFUAE IAUK GDPR
PR.DS
Data Security
CJISADHICSCIS ControlsGDPR (EU)ISO 27001NCA ECC-2NCA OTCCPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCCHIPAA Security RuleNIS2SAMA CSF
PR.PS
Platform Security
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusISO 27001NCA CCCNCA ECC-2NCA OTCCPCI DSS 4.0.1Qatar NIAUAE IADORAGDPR (EU)HIPAA Security RuleNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021SAMA CSFUK GDPR
PR.IR
Technology Infrastructure Resilience
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusNCA CCCNCA ECC-2NCA OTCCPCI DSS 4.0.1Qatar NIAUAE IAISO 27001DORAGDPR (EU)HIPAA Security RuleNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021UK GDPR
DE · Detect 2
DE.CM
Continuous Monitoring
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
DE.AE
Adverse Event Analysis
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRNCA CCC
RS · Respond 4
RS.MA
Incident Management
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RS.AN
Incident Analysis
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RS.CO
Incident Response Reporting and Communication
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RS.MI
Incident Mitigation
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RC · Recover 2
RC.RP
Incident Recovery Plan Execution
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
RC.CO
Incident Recovery Communication
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR