ISO 2700193

Requirements in this framework

• Annex A 5.1: Policies for Information Security
• Annex A 5.10: Acceptable Use of Information and Other Associated Assets
• Annex A 5.11: Return of Assets
• Annex A 5.12: Classification of Information
• Annex A 5.13: Labelling of Information
• Annex A 5.14: Information Transfer
• Annex A 5.15: Access Control
• Annex A 5.16: Identity Management
• Annex A 5.17: Authentication Information
• Annex A 5.18: Access Rights
• Annex A 5.19: Information Security in Supplier Relationships
• Annex A 5.2: Information Security Roles and Responsibilities
• Annex A 5.20: Addressing Information Security Within Supplier Agreements
• Annex A 5.21: Managing Information Security in the ICT Supply Chain
• Annex A 5.22: Monitoring, Review and Change Management of Supplier Services
• Annex A 5.23: Information Security for Use of Cloud Services
• Annex A 5.24: Information Security Incident Management Planning and Preparation
• Annex A 5.25: Assessment and Decision on Information Security Events
• Annex A 5.26: Response to Information Security Incidents
• Annex A 5.27: Learning From Information Security Incidents
• Annex A 5.28: Collection of Evidence
• Annex A 5.29: Information Security During Disruption
• Annex A 5.3: Segregation of Duties
• Annex A 5.30: ICT Readiness for Business Continuity
• Annex A 5.31: Legal, Statutory, Regulatory and Contractual Requirements
• Annex A 5.32: Intellectual Property Rights
• Annex A 5.33: Protection of Records
• Annex A 5.34: Privacy and Protection of PII
• Annex A 5.35: Independent Review of Information Security
• Annex A 5.36: Compliance With Policies, Rules and Standards for Information Security
• Annex A 5.37: Documented Operating Procedures
• Annex A 5.4: Management Responsibilities
• Annex A 5.5: Contact With Authorities
• Annex A 5.6: Contact With Special Interest Groups
• Annex A 5.7: Threat Intelligence
• Annex A 5.8: Information Security in Project Management
• Annex A 5.9: Inventory of Information and Other Associated Assets
• Annex A 6.1: Screening
• Annex A 6.2: Terms And Conditions Of Employment
• Annex A 6.3: Information Security Awareness Education Training
• Annex A 6.4: Disciplinary Process
• Annex A 6.5: Responsibilities After Termination Change Of Employment
• Annex A 6.6: Confidentiality Or Non Disclosure Agreements
• Annex A 6.7: Remote Working
• Annex A 6.8: Information Security Event Reporting
• Annex A 7.1: Physical Security Perimeters
• Annex A 7.10: Storage Media
• Annex A 7.11: Supporting Utilities
• Annex A 7.12: Cabling Security
• Annex A 7.13: Equipment Maintenance
• Annex A 7.14: Secure Disposal Or Re Use Of Equipment
• Annex A 7.2: Physical Entry
• Annex A 7.3: Securing Offices Rooms Facilities
• Annex A 7.4: Physical Security Monitoring
• Annex A 7.5: Protecting Against Physical Environmental Threats
• Annex A 7.6: Working In Secure Areas
• Annex A 7.7: Clear Desk Clear Screen
• Annex A 7.8: Equipment Siting Protection
• Annex A 7.9: Security Of Assets Off Premises
• Annex A 8.1: User Endpoint Devices
• Annex A 8.10: Information Deletion
• Annex A 8.11: Data Masking
• Annex A 8.12: Data Leakage Prevention
• Annex A 8.13: Information Backup
• Annex A 8.14: Redundancy Of Information Processing Facilities
• Annex A 8.15: Logging
• Annex A 8.16: Monitoring Activities
• Annex A 8.17: Clock Synchronisation
• Annex A 8.18: Use Of Privileged Utility Programs
• Annex A 8.19: Installation Software On Operational Systems
• Annex A 8.2: Use Of Privileged Access Rights
• Annex A 8.20: Network Security
• Annex A 8.21: Security Of Network Services
• Annex A 8.22: Segregation Of Networks
• Annex A 8.23: Web Filtering
• Annex A 8.24: Use Of Cryptography
• Annex A 8.25: Secure Development Life Cycle
• Annex A 8.26: Application Security Requirements
• Annex A 8.27: Secure System Architecture Engineering Principles
• Annex A 8.28: Secure Coding
• Annex A 8.29: Security Testing In Development Acceptance
• Annex A 8.3: Information Access Restriction
• Annex A 8.30: Outsourced Development
• Annex A 8.31: Separation Of Development Test Production Environments
• Annex A 8.32: Change Management
• Annex A 8.33: Test Information
• Annex A 8.34: Protection Information Systems During Audit Testing
• Annex A 8.4: Access To Source Code
• Annex A 8.5: Secure Authentication
• Annex A 8.6: Capacity Management
• Annex A 8.7: Protection Against Malware
• Annex A 8.8: Management Of Technical Vulnerabilities
• Annex A 8.9: Configuration Management