richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removed BoF cruft

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-30 18:33:25 +02:00
parent d39edec574
commit 228a58056c
48 changed files with 32 additions and 296 deletions
Download patch file Download diff file Expand all files Collapse all files

203
Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md → Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md
View file

@ -1,7 +1,4 @@
#iso27002/2022/EN
**3.1** **Terms** **and** **definitions**
## 3.1 Terms and definitions
@ -75,7 +72,7 @@ ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, co
— organizations structure.
— organization's structure.
@ -115,7 +112,7 @@ Note 1 to entry: Material includes information and other associated _assets_ (3.
[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — “Note 1 to entry” added]
[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — "Note 1 to entry" added]
@ -151,7 +148,7 @@ Note 2 to entry: Controls may not always exert the intended or assumed modifying
**disrupti****on**
incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organizations objectives
incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization's objectives
@ -251,7 +248,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f
[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — “breach of information security” has been replaced with “information security breach”]
[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — "breach of information security" has been replaced with "information security breach"]
@ -259,7 +256,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f
**information** **security incident**
one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organizations _assets_ (3.1.2) or compromise its operations
one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization's _assets_ (3.1.2) or compromise its operations
@ -309,11 +306,11 @@ ability to prove the occurrence of a claimed event or action and its originating
**pers****onnel**
persons doing work under the organizations direction
persons doing work under the organization's direction
Note 1 to entry: The concept of personnel includes the organizations members, such as the governing body, top management, employees, temporary staff, contractors and volunteers.
Note 1 to entry: The concept of personnel includes the organization's members, such as the governing body, top management, employees, temporary staff, contractors and volunteers.
@ -351,7 +348,7 @@ any information that (a) can be used to establish a link between the information
Note 1 to entry: The “natural person” in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person.
Note 1 to entry: The "natural person" in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person.
@ -367,7 +364,7 @@ natural person to whom the _personally identifiable_ _information_ _(PII)_ (3.1.
Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”.
Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym "data subject" can also be used instead of the term "PII principal".
@ -397,7 +394,7 @@ intentions and direction of an organization, as formally expressed by its top ma
**privacy** **impact** **assessment** **PIA**
overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organizations broader risk management framework
overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization's broader risk management framework
@ -437,37 +434,11 @@ information created, received and maintained as evidence and as an _asset_ (3.1.
**4** © ISO/IEC 2022 All rights reserved
Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com)
ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited.
**ISO/IEC 27002:2022(E)**
Note 1 to entry: Legal obligations in this context include all legal, statutory, regulatory and contractual requirements.
[SOURCE: ISO 15489-1:2016, 3.14, modified— “Note 1 to entry” added.]
[SOURCE: ISO 15489-1:2016, 3.14, modified— "Note 1 to entry" added.]
@ -501,7 +472,7 @@ property of consistent intended behaviour and results
**rule**
accepted principle or instruction that states the organizations expectations on what is required to be done, what is allowed or not allowed
accepted principle or instruction that states the organization's expectations on what is required to be done, what is allowed or not allowed
@ -545,7 +516,7 @@ EXAMPLE Topic-specific policy on _access_ _control_ (3.1.1), topic-specific poli
**u****ser**
_interested_ _party_ (3.1.18) with access to the organizations _information_ _systems_ (3.1.17)
_interested_ _party_ (3.1.18) with access to the organization's _information_ _systems_ (3.1.17)
@ -553,40 +524,6 @@ EXAMPLE _Personnel_ (3.1.20), customers, suppliers.
© ISO/IEC 2022 All rights reserved
**5**
**ISO/IEC 27002:2022(E)**
**3.1.37**
**user** **endpoint** **device**
@ -617,202 +554,90 @@ weakness of an _asset_ (3.1.2) or _control_ (3.1.8) that can be exploited by one
ABAC attribute-based access control
ACL access control list
BIA business impact analysis
BYOD bring your own device
CAPTCHA completely automated public Turing test to tell computers and humans apart
CPU central processing unit
DAC discretionary access control
DNS domain name system
GPS global positioning system
IAM identity and access management
ICT information and communication technology
ID identifier
IDE integrated development environment
IDS intrusion detection system
IoT internet of things
IP internet protocol
IPS intrusion prevention system
IT information technology
ISMS information security management system
MAC mandatory access control
NTP network time protocol
PIA privacy impact assessment
PII personally identifiable information
**6** © ISO/IEC 2022 All rights reserved
Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com)
ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited.
**ISO/IEC 27002:2022(E)**
PIN personal identification number
PKI public key infrastructure
PTP precision time protocol
RBAC role-based access control
RPO recovery point objective
RTO recovery time objective
SAST static application security testing
SD secure digital
SDN software-defined networking
SD-WAN software-defined wide area networking
SIEM security information and event management
SMS short message service
SQL structured query language
SSO single sign on
SWID software identification
UEBA user and entity behaviour analytics
UPS uninterruptible power supply
URL uniform resource locator
USB universal serial bus
VM virtual machine
VPN virtual private network
WiFi wireless fidelity

12
Corpus/Standards/ISO27x/OST/27002/EN/a-5.1-Policies-for-information-security.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.1 Policies for information security
#### Control
@ -8,7 +7,7 @@ Information security policy and topic-specific policies should be defined, appro
To ensure continuing suitability, adequacy, effectiveness of management direction and support for information security in accordance with business, legal, statutory, regulatory and contractual requirements.
#### Guidance
At the highest level, the organization should define an “information security policy” which is approved by top management and which sets out the organizations approach to managing its information security.
At the highest level, the organization should define an "information security policy" which is approved by top management and which sets out the organization's approach to managing its information security.
The information security policy should take into consideration requirements derived from:
@ -45,10 +44,10 @@ j) information classification and handling;
k) management of technical vulnerabilities;
l) secure development.
The responsibility for the development, review and approval of the topic-specific policies should be allocated to relevant personnel based on their appropriate level of authority and technical competency. The review should include assessing opportunities for improvement of the organizations information security policy and topic-specific policies and managing information security in response to changes to:
The responsibility for the development, review and approval of the topic-specific policies should be allocated to relevant personnel based on their appropriate level of authority and technical competency. The review should include assessing opportunities for improvement of the organization's information security policy and topic-specific policies and managing information security in response to changes to:
a) the organizations business strategy;
b) the organizations technical environment;
a) the organization's business strategy;
b) the organization's technical environment;
c) regulations, statutes, legislation and contracts;
d) information security risks;
e) the current and projected information security threat environment;
@ -56,7 +55,7 @@ f) lessons learned from information security events and incidents.
The review of information security policy and topic-specific policies should take the results of management reviews and audits into account. Review and update of other related policies should be considered when one policy is changed to maintain consistency.
The information security policy and topic-specific policies should be communicated to relevant personnel and interested parties in a form that is relevant, accessible and understandable to the intended reader. Recipients of the policies should be required to acknowledge they understand and agree to comply with the policies where applicable. The organization can determine the formats and names of these policy documents that meet the organizations needs. In some organizations, the information security policy and topic-specific policies can be in a single document. The organization can name these topic-specific policies as standards, directives, policies or others.
The information security policy and topic-specific policies should be communicated to relevant personnel and interested parties in a form that is relevant, accessible and understandable to the intended reader. Recipients of the policies should be required to acknowledge they understand and agree to comply with the policies where applicable. The organization can determine the formats and names of these policy documents that meet the organization's needs. In some organizations, the information security policy and topic-specific policies can be in a single document. The organization can name these topic-specific policies as standards, directives, policies or others.
If the information security policy or any topic-specific policy is distributed outside the organization, care should be taken not to improperly disclose confidential information.
@ -74,4 +73,3 @@ Topic-specific policies can vary across organizations.
# Related
- [[ISO_27002_PE 5.1 Policies for information security]]

2
Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 5.15 Access control
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.17 Authentication information
### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.19 Information security in supplier relationships
**Control**

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.2 Information security roles and responsibilities
### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.20 Addressing information security within supplier agreements
**Control**

3
Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md
View file

@ -1,6 +1,3 @@
#iso27002/2022/EN
[[ISO_27002_PE 5.21 Managing information security in the ICT supply chain]]
## 5.21 Managing information security in the ICT supply chain
**Control**

2
Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md
View file

@ -1,4 +1,4 @@
#iso27002/2022/EN
## 5.22 Monitoring, review, and change management of supplier services
**Control**
The organization should regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery.

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.23 Information security for use of cloud services
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.24 Information security incident management planning and preparation
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.27 Learning from information security incidents
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.29 Information security during disruption
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

19
Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.3 Segregation of duties
### Control
@ -12,24 +11,24 @@ Segregation of duties and areas of responsibility aims to separate conflicting d
The organization should determine which duties and areas of responsibility need to be segregated. The following are examples of activities that can require segregation:
a)   initiating, approving and executing a change;
a) initiating, approving and executing a change;
b)   requesting, approving and implementing access rights;
b) requesting, approving and implementing access rights;
c)   designing, implementing and reviewing code;
c) designing, implementing and reviewing code;
d)   developing software and administering production systems;
d) developing software and administering production systems;
e)   using and administering applications;
e) using and administering applications;
f)   using applications and administering databases;
f) using applications and administering databases;
g)   designing, auditing and assuring information security controls.
g) designing, auditing and assuring information security controls.
The  possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision.
The possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision.
Care should be taken when using role-based access control systems to ensure that persons are not granted conflicting roles. When there is a large number of roles, the organization should consider using automated tools to identify conflicts and facilitate their removal. Roles should be carefully defined and provisioned to minimize access problems if a role is removed or reassigned.
### Other **information**
### Other information
No other information.

7
Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md
View file

@ -1,9 +1,4 @@
#iso27002/2022/EN
See also:
- [BCP_Bedrijfscontinuïteitsplanning](../../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
- [Disaster Recovery Planning](../../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
# **5.30** **ICT** **readiness** **for** **business** continuity
## **5.30** **ICT** **readiness** **for** **business** continuity
## Purpose

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.32 Intellectual property rights
**Control**

2
Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md
View file

@ -1,5 +1,3 @@
## 5.37 Documented operating procedures
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.4 Management responsibilities
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.5 Contact with authorities
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.6 Contact with special interest groups
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.7 Threat intelligence
#### Control

1
Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 5.8 Information security in project management
#### Control

2
Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 5.9 Inventory of information and other associated assets
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 6.3 Information security awareness, education and training
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md
View file

@ -1,5 +1,3 @@
## 6.5 Responsibilities after termination or change of employment
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md
View file

@ -1,5 +1,3 @@
## 6.6 Confidentiality or non-disclosure agreements

2
Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md
View file

@ -1,5 +1,3 @@
## 6.8 Information security event reporting

2
Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md
View file

@ -1,5 +1,3 @@
## 7.1 Physical security perimeters
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md
View file

@ -1,5 +1,3 @@
## 7.3 Securing offices, rooms and facilities

2
Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md
View file

@ -1,5 +1,3 @@
## 7.4 Physical security monitoring

1
Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 8.13 Information backup
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 8.15 Logging
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

1
Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 8.16 Monitoring activities
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

1
Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 8.19 Installation of software on operational systems
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 8.2 Privileged access rights
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md
View file

@ -1,5 +1,3 @@
## 8.21 Security of network services
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 8.22 Segregation of networks
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

6
Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md
View file

@ -1,9 +1,3 @@
---
tags:
- iso27001/2022/EN
---
## 8.24 Use of cryptography

5
Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md
View file

@ -1,8 +1,3 @@
---
tags:
- iso27001/2022/EN
---
## 8.25 Secure development life cycle
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

1
Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 8.26 Application security requirements
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

5
Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md
View file

@ -1,8 +1,3 @@
---
tags:
- iso27001/2022/EN
---
## 8.27 Secure system architecture and engineering principles
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

6
Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md
View file

@ -1,9 +1,3 @@
---
tags:
- iso27001/2022/EN
---
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 8.29 Security testing in development and acceptance
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

1
Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 8.32 Change management
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
## 8.5 Secure authentication
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md
View file

@ -1,6 +1,4 @@
#iso27002/2022/EN
# 8.7  **Protection** **against** **malware**
## 8.7  **Protection** **against** **malware**
## Control
Protection against malware should be implemented and supported by appropriate user awareness.

2
Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md
View file

@ -1,5 +1,3 @@
#iso27002/2022/EN
x
## 8.8 Management of technical vulnerabilities

1
Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md
View file

@ -1,4 +1,3 @@
#iso27002/2022/EN
## 8.9 Configuration management
### Control