← Frameworks / Management System

ISO/IEC 27001:2022

Information security management systems standard. Specifies requirements for establishing, implementing, maintaining and continually improving an ISMS.

Controls: 31

Total Mappings: 539

Publisher: ISO/IEC

Version: 2022

AC (1) AT (2) AU (1) CA (3) CM (2) CP (1) IA (1) IR (1) MA (1) MP (1) PE (1) PL (2) PS (3) PT (1) RA (3) SA (2) SC (1) SI (2) SR (2)

AC Access Control

Control	Name	ISO 27001:2022 References
AC-01	Access Control Policies and Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

AT Awareness and Training

Control	Name	ISO 27001:2022 References
AT-01	Security Awareness And Training Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +21 more
AT-02	Security Awareness	7.47.4(a)7.4(b)7.4(c)7.4(d)

AU Audit and Accountability

Control	Name	ISO 27001:2022 References
AU-01	Audit And Accountability Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

CA Security Assessment and Authorization

Control	Name	ISO 27001:2022 References
CA-01	Certification, Accreditation, And Security Assessment Policies And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more
CA-02	Security Assessments	8.19.19.1(a)9.1(b)9.1(c)9.1(d)9.1(e)9.1(f)
CA-07	Continuous Monitoring	10.18.1

CM Configuration Management

Control	Name	ISO 27001:2022 References
CM-01	Configuration Management Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more
CM-03	Configuration Change Control	6.3

CP Contingency Planning

Control	Name	ISO 27001:2022 References
CP-01	Contingency Planning Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

IA Identification and Authentication

Control	Name	ISO 27001:2022 References
IA-01	Identification And Authentication Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

IR Incident Response

Control	Name	ISO 27001:2022 References
IR-01	Incident Response Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

MA Maintenance

Control	Name	ISO 27001:2022 References
MA-01	System Maintenance Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

MP Media Protection

Control	Name	ISO 27001:2022 References
MP-01	Media Protection Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

PE Physical and Environmental Protection

Control	Name	ISO 27001:2022 References
PE-01	Physical And Environmental Protection Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

PL Planning

Control	Name	ISO 27001:2022 References
PL-01	Security Planning Policy And Procedures	4.15.1(a)5.1(e)5.25.2(a)5.2(b)5.2(c)5.2(d) +22 more
PL-04	Rules Of Behavior	7.37.3(a)7.3(b)7.3(c)

PS Personnel Security

Control	Name	ISO 27001:2022 References
PS-01	Personnel Security Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +21 more
PS-02	Position Categorization	7.27.2(a)7.2(b)7.2(c)7.2(d)
PS-03	Personnel Screening	7.2(b)7.2(c)

PT Personally Identifiable Information Processing and Transparency

Control	Name	ISO 27001:2022 References
PT-01	Policy and Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

RA Risk Assessment

Control	Name	ISO 27001:2022 References
RA-01	Risk Assessment Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +40 more
RA-02	Security Categorization	6.1.2(d)(3)
RA-03	Risk Assessment	6.1.2(d)6.1.2(d)(1)6.1.2(d)(2)6.1.2(d)(3)6.1.2(e)6.1.2(e)(1)6.1.2(e)(2)8.2

SA System and Services Acquisition

Control	Name	ISO 27001:2022 References
SA-01	System And Services Acquisition Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more
SA-05	Information System Documentation	4.3

SC System and Communications Protection

Control	Name	ISO 27001:2022 References
SC-01	System And Communications Protection Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more

SI System and Information Integrity

Control	Name	ISO 27001:2022 References
SI-01	System And Information Integrity Policy And Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more
SI-05	Security Alerts And Advisories	7.47.4(a)7.4(b)7.4(c)7.4(d)

SR Supply Chain Risk Management

Control	Name	ISO 27001:2022 References
SR-01	Policy and Procedures	5.1(a)5.25.2(a)5.2(b)5.2(c)5.2(d)5.2(e)5.2(f) +16 more
SR-07	Supply Chain Operations Security	8.1