🧠

Harpe Wiki

⌘Ctrlk

Raise a bug

🧠

Harpe Wiki

Introduction
- Set up your ISMS
- Company Settings
- Overview
- Annex A Controls
  Annex A.5 - Organisational Controls
  Annex A.6 - People Controls
  Annex A.7 -Physical Controls
  Annex A.8 - Technological Controls
  Annex A 8.1 - User Endpoint Devices
  Annex A 8.2 - Privileged Access Rights
  Annex A 8.3 - Information Access Restriction
  Annex A 8.4 - Access to Source Code
  Annex A 8.5 - Secure Authentication
  Annex A 8.6 - Capacity Management
  Annex A 8.7 - Protection Against Malware
  Annex A 8.8 - Management of Technical Vulnerabilities
  Annex A 8.9 - Configuration Management
  Annex A 8.10 - Information Deletion
  Annex A 8.11 - Data Masking
  Annex A 8.12 - Data Leakage Prevention
  Annex A 8.13 - Information Backup
  Annex A 8.14 - Redundancy of Information Processing Facilities
  Annex A 8.15 - Logging
  Annex A 8.16 - Monitoring Activities
  Annex A 8.17 - Clock Synchronization
  Annex A 8.18 - Use of Privileged Utility Programs
  Annex A 8.19 - Installation of Software on Operational Systems
  Annex A 8.20 - Networks Security
  Annex A 8.21 - Security of Network Services
  Annex A 8.22 - Segregation of Networks
  Annex A 8.23 - Web filtering
  Annex A 8.24 - Use of Cryptography
  Annex A 8.25 - Secure Development Life Cycle
  Annex A 8.26 - Application Security Requirements
  Annex A 8.27 - Secure System Architecture and Engineering Principles
  Annex A 8.28 - Secure Coding
  Annex A 8.29 - Security Testing in Development and Acceptance
  Annex A 8.30 - Outsourced Development
  Annex A 8.31 - Separation of Development, Test and Production Environments
  Annex A 8.32 - Change Management
  Annex A 8.33 - Test Information
  Annex A 8.34 - Protection of Information Systems During Audit Testing
- Overview
- Controls
- Tools
- Suppliers
Payments and refunds

Powered by GitBook

ISO27001:2022 Wiki
Annex A Controls
Annex A.8 - Technological Controls

Annex A 8.9 - Configuration Management

Configurations, including security configurations, of hardware, software, services, and networks shall be established, documented, implemented, monitored, and reviewed.

PreviousAnnex A 8.8 - Management of Technical Vulnerabilities NextAnnex A 8.10 - Information Deletion

Last updated 2 years ago