← Frameworks / Governance

Control Objectives for Information Technologies

Framework for IT governance and management. Helps organizations develop, implement, and improve IT governance and management practices.

Controls: 61
Total Mappings: 434
Publisher: ISACA
Version: 2019
AC (1) AT (1) AU (3) CA (4) CM (4) CP (6) IA (2) IR (3) MA (1) MP (3) PE (10) PL (1) PS (2) PT (1) RA (3) SA (5) SC (1) SI (5) SR (5)

AC Access Control

Control Name COBIT 2019 References
AC-01 Access Control Policies and Procedures
APO01.09APO02.02APO13.03DSS05.04DSS06.03EDM01.01EDM01.03EDM05.01

AT Awareness and Training

Control Name COBIT 2019 References
AT-01 Security Awareness And Training Policy And Procedures
APO01.09APO02.02APO13.03EDM01.01EDM01.03EDM05.01

AU Audit and Accountability

Control Name COBIT 2019 References
AU-01 Audit And Accountability Policy And Procedures
APO01.09APO02.02APO13.03DSS01.03DSS05.07DSS06.05EDM01.01EDM01.03 +2 more
AU-02 Auditable Events
BAI10.02BAI10.03BAI10.05DSS06.05DSS06.06
AU-06 Audit Monitoring, Analysis, And Reporting
DSS06.05

CA Security Assessment and Authorization

Control Name COBIT 2019 References
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures
APO01.09APO02.02APO13.03BAI03.08EDM01.01EDM01.03EDM05.01
CA-02 Security Assessments
BAI01.01BAI01.02BAI01.03BAI01.04BAI01.05BAI01.06BAI01.07BAI01.08 +36 more
CA-05 Plan Of Action And Milestones
APO12.05MEA01.05MEA02.04
CA-07 Continuous Monitoring
MEA02.01MEA02.02MEA04.01MEA04.02MEA04.03MEA04.04MEA04.05MEA04.06 +3 more

CM Configuration Management

Control Name COBIT 2019 References
CM-01 Configuration Management Policy And Procedures
APO01.09APO02.02APO13.03BAI10.01BAI10.02BAI10.03BAI10.04BAI10.05 +4 more
CM-02 Baseline Configuration
BAI10.02BAI10.03BAI10.05DSS06.06
CM-06 Configuration Settings
BAI10.02DSS06.06
CM-08 Information System Component Inventory
BAI09.01

CP Contingency Planning

Control Name COBIT 2019 References
CP-01 Contingency Planning Policy And Procedures
APO01.09APO02.02APO13.03DSS04.01DSS04.02DSS04.03DSS04.04DSS04.05 +6 more
CP-02 Contingency Plan
DSS04.01DSS04.02DSS04.03DSS04.04DSS04.05DSS04.06DSS04.07DSS04.08
CP-03 Contingency Training
DSS04.06
CP-04 Contingency Plan Testing And Exercises
DSS04.04DSS04.08
CP-09 Information System Backup
APO14.10DSS04.07
CP-10 Information System Recovery And Reconstitution
DSS04.01DSS04.02DSS04.03DSS04.04DSS04.05DSS04.06DSS04.07DSS04.08

IA Identification and Authentication

Control Name COBIT 2019 References
IA-01 Identification And Authentication Policy And Procedures
APO01.09APO02.02APO13.03DSS05.04DSS06.03EDM01.01EDM01.03EDM05.01
IA-02 User Identification And Authentication
DSS05.04

IR Incident Response

Control Name COBIT 2019 References
IR-01 Incident Response Policy And Procedures
APO01.09APO02.02APO13.03DSS02.01DSS02.02DSS02.03DSS02.04DSS02.05 +5 more
IR-04 Incident Handling
DSS02.01DSS02.02DSS02.03DSS02.04DSS02.05DSS02.06DSS02.07
IR-06 Incident Reporting
DSS02.07EDM05.02

MA Maintenance

Control Name COBIT 2019 References
MA-01 System Maintenance Policy And Procedures
APO01.09APO02.02APO13.03EDM01.01EDM01.03EDM05.01

MP Media Protection

Control Name COBIT 2019 References
MP-01 Media Protection Policy And Procedures
APO01.09APO02.02APO13.03APO14.01APO14.02APO14.03APO14.04APO14.05 +8 more
MP-02 Media Access
DSS05.01DSS05.02DSS05.03DSS05.04DSS05.05DSS05.06DSS05.07
MP-06 Media Sanitization And Disposal
APO14.07

PE Physical and Environmental Protection

Control Name COBIT 2019 References
PE-01 Physical And Environmental Protection Policy And Procedures
APO01.09APO02.02APO13.03DSS01.04DSS01.05DSS05.05EDM01.01EDM01.03 +1 more
PE-02 Physical Access Authorizations
DSS05.05
PE-03 Physical Access Control
DSS01.05DSS05.05
PE-09 Power Equipment And Power Cabling
DSS01.04
PE-10 Emergency Shutoff
DSS01.04
PE-11 Emergency Power
DSS01.04
PE-12 Emergency Lighting
DSS01.04
PE-13 Fire Protection
DSS01.04
PE-14 Temperature And Humidity Controls
DSS01.04
PE-15 Water Damage Protection
DSS01.04

PL Planning

Control Name COBIT 2019 References
PL-01 Security Planning Policy And Procedures
APO01.09APO02.02APO03.02APO03.03APO04.01APO05.01APO05.02APO05.03 +27 more

PS Personnel Security

Control Name COBIT 2019 References
PS-01 Personnel Security Policy And Procedures
APO01.09APO02.02APO07.01APO07.04APO07.05APO07.06APO13.03EDM01.01 +2 more
PS-02 Position Categorization
APO01.08

PT Personally Identifiable Information Processing and Transparency

Control Name COBIT 2019 References
PT-01 Policy and Procedures
APO01.09APO02.02APO03.01APO03.02APO03.03APO03.04APO03.05APO04.01 +6 more

RA Risk Assessment

Control Name COBIT 2019 References
RA-01 Risk Assessment Policy And Procedures
APO01.09APO02.02APO12.01APO12.02APO12.03APO12.04APO12.05APO12.06 +7 more
RA-03 Risk Assessment
APO12.02MEA02.01MEA02.02
RA-05 Vulnerability Scanning
DSS05.07

SA System and Services Acquisition

Control Name COBIT 2019 References
SA-01 System And Services Acquisition Policy And Procedures
APO01.09APO02.02APO03.02APO03.03APO04.01APO13.03BAI03.02BAI03.03 +9 more
SA-02 Allocation Of Resources
APO06.01APO06.02APO06.03APO06.04APO06.05EDM02.01EDM02.02EDM02.03 +4 more
SA-03 Life Cycle Support
BAI01.01BAI01.02BAI01.03BAI01.04BAI01.05BAI01.06BAI01.07BAI01.08 +3 more
SA-04 Acquisitions
APO03.02APO03.03APO04.01APO10.01APO10.02APO10.03APO10.04APO10.05 +9 more
SA-08 Security Engineering Principles
APO03.01APO03.02APO03.03APO03.04APO03.05APO04.05BAI10.02DSS06.06

SC System and Communications Protection

Control Name COBIT 2019 References
SC-01 System And Communications Protection Policy And Procedures
APO01.09APO02.02APO03.01APO03.02APO03.03APO03.04APO03.05APO04.05 +5 more

SI System and Information Integrity

Control Name COBIT 2019 References
SI-01 System And Information Integrity Policy And Procedures
APO01.09APO02.02APO03.01APO03.02APO03.03APO03.04APO03.05APO04.05 +4 more
SI-02 Flaw Remediation
DSS05.07MEA01.01
SI-03 Malicious Code Protection
DSS05.01DSS05.07MEA01.01
SI-04 Information System Monitoring Tools And Techniques
DSS01.03DSS05.07DSS06.05MEA01.01
SI-12 Information Output Handling And Retention
APO14.09

SR Supply Chain Risk Management

Control Name COBIT 2019 References
SR-01 Policy and Procedures
APO01.09APO02.02APO10.01APO10.02APO10.03APO10.04APO10.05APO13.03 +4 more
SR-02 Supply Chain Risk Management Plan
APO10.04APO12.01APO12.02APO12.03APO12.04
SR-03 Supply Chain Controls and Processes
APO10.04
SR-06 Supplier Assessments and Reviews
APO09.03APO09.04APO09.05APO10.05
SR-07 Supply Chain Operations Security
APO12.01APO12.02APO12.03APO12.04