Front matter added with prepend_frontmatter.py

Corpus/Standards/ISO27x/OST/27002/EN/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.10"
+title: "Acceptable use of information and other associated assets"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Asset_management
+  - Information_protection
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.10 Acceptable use of information and other associated assets
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                  | Security domains                      |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.11-Return-of-assets.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.11"
+title: "Return of assets"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Asset_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.11 Return of assets
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.12"
+title: "Classification of information"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Information_protection]
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.12 Classification of information
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities | Security domains     |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.13-Labelling-of-information.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.13"
+title: "Labelling of information"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Information_protection]
+security_domains:
+  - Defence
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.13 Labelling of information
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-5.14-Information-transfer.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.14"
+title: "Information transfer"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Asset_management
+  - Information_protection
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.14 Information transfer
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                  | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.15"
+title: "Access control"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.15 Access control
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities        | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.16-Identity-management.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.16"
+title: "Identity management"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.16 Identity management
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities        | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.17"
+title: "Authentication information"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.17 Authentication information
 
 ### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.18-Access-rights.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.18"
+title: "Access rights"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.18 Access rights
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities        | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.19"
+title: "Information security in supplier relationships"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Supplier_relationships_security]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.19 Information security in supplier relationships
 
 **Control**

Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md

@@ -1,3 +1,28 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.2"
+title: "Information security roles and responsibilities"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Governance]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+  - Resilience
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.2 Information security roles and responsibilities
 
 ### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.20"
+title: "Addressing information security within supplier agreements"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Supplier_relationships_security]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.20 Addressing information security within supplier agreements
 
 **Control**

Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.21"
+title: "Managing information security in the ICT supply chain"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Supplier_relationships_security]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.21 Managing information security in the ICT supply chain
 
 **Control**

Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.22"
+title: "Monitoring, review and change management of supplier services"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Supplier_relationships_security]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+  - Defence
+  - Information_security_assurance
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.22 Monitoring, review, and change management of supplier services
 
 **Control**

Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.23"
+title: "Information security for use of cloud services"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Supplier_relationships_security]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.23 Information security for use of cloud services
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.24"
+title: "Information security incident management planning and preparation"
+theme: Organizational
+control_type: [Corrective]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Respond
+  - Recover
+operational_capabilities:
+  - Governance
+  - Information_security_event_management
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.24 Information security incident management planning and preparation
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.25-Assessment-and-decision-on-information-security-events.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.25"
+title: "Assessment and decision on information security events"
+theme: Organizational
+control_type: [Detective]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Detect
+  - Respond
+operational_capabilities: [Information_security_event_management]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.25 Assessment and decision on information security events
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-5.26-Response-to-information-security-incidents.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.26"
+title: "Response to information security incidents"
+theme: Organizational
+control_type: [Corrective]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Respond
+  - Recover
+operational_capabilities: [Information_security_event_management]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.26 Response to information security incidents
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.27"
+title: "Learning from information security incidents"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities: [Information_security_event_management]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.27 Learning from information security incidents
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.28-Collection-of-evidence.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.28"
+title: "Collection of evidence"
+theme: Organizational
+control_type: [Corrective]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Detect
+  - Respond
+operational_capabilities: [Information_security_event_management]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.28 Collection of evidence
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md

@@ -1,3 +1,31 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.29"
+title: "Information security during disruption"
+theme: Organizational
+control_type:
+  - Preventive
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Respond
+operational_capabilities: [Continuity]
+security_domains:
+  - Protection
+  - Resilience
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.29 Information security during disruption
 
 | Control type            | Information security properties           | Cybersecurity concepts | Operational capabilities | Security domains        |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.3"
+title: "Segregation of duties"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Governance
+  - Identity_and_access_management
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.3 Segregation of duties
 
 ### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md

@@ -1,3 +1,22 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.30"
+title: "ICT readiness for business continuity"
+theme: Organizational
+control_type: [Corrective]
+information_security_properties: [Availability]
+cybersecurity_concepts: [Respond]
+operational_capabilities: [Continuity]
+security_domains: [Resilience]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## **5.30** **ICT** **readiness** **for** **business** continuity
 
 ## Purpose

Corpus/Standards/ISO27x/OST/27002/EN/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.31"
+title: "Legal, statutory, regulatory and contractual requirements"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Legal_and_compliance]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.31 Legal, statutory, regulatory and contractual requirements
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities | Security domains                      |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.32"
+title: "Intellectual property rights"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Legal_and_compliance]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.32 Intellectual property rights
 
 **Control**

Corpus/Standards/ISO27x/OST/27002/EN/a-5.33-Protection-of-records.md

@@ -1,11 +1,30 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.33"
+title: "Protection of records"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities:
+  - Legal_and_compliance
+  - Asset_management
+  - Information_protection
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
 ## 5.33 Protection of records
-
-  
-
-| Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                                        | Security domains |
-| ------------ | ----------------------------------------- | ---------------------- | --------------------------------------------------------------- | ---------------- |
-| #Preventive  | #Confidentiality #Integrity #Availability | #Identify #Protect     | #Legal_and_compliance #Asset_management #Information_protection | #Defence         |
-
   
 **Control**
 Records should be protected from loss, destruction, falsification, unauthorized access and unauthorized release.

Corpus/Standards/ISO27x/OST/27002/EN/a-5.34-Privacy-and-protection-of-PII.md

@@ -1,10 +1,31 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.34"
+title: "Privacy and protection of PII"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities:
+  - Information_protection
+  - Legal_and_compliance
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.34 Privacy and protection of PII
 
-  
-
-| Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                      | Security domains |
-| ------------ | ----------------------------------------- | ---------------------- | --------------------------------------------- | ---------------- |
-| #Preventive  | #Confidentiality #Integrity #Availability | #Identify #Protect     | #Information_protection #Legal_and_compliance | #Protection      |
 
 **Control**
 The organization should identify and meet the requirements regarding the preservation of privacy and protection of PII according to applicable laws and regulations and contractual requirements.

Corpus/Standards/ISO27x/OST/27002/EN/a-5.35-Independent-review-of-information-security.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.35"
+title: "Independent review of information security"
+theme: Organizational
+control_type:
+  - Preventive
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities: [Information_security_assurance]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.35 Independent review of information security
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.36"
+title: "Compliance with policies, rules and standards for information security"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities:
+  - Legal_and_compliance
+  - Information_security_assurance
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.36 Compliance with policies, rules and standards for information security
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                              | Security domains          |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md

@@ -1,3 +1,41 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.37"
+title: "Documented operating procedures"
+theme: Organizational
+control_type:
+  - Preventive
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Recover
+operational_capabilities:
+  - Asset_management
+  - Physical_security
+  - System_and_network_security
+  - Application_security
+  - Secure_configuration
+  - Identity_and_access_management
+  - Threat_and_vulnerability_management
+  - Continuity
+  - Information_security_event_management
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.37 Documented operating procedures
 
 | Control type            | Information security properties           | Cybersecurity concepts | Operational capabilities                                                                                                                                                                                                              | Security domains                               |

Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.4"
+title: "Management responsibilities"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Governance]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.4 Management responsibilities
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md

@@ -1,3 +1,33 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.5"
+title: "Contact with authorities"
+theme: Organizational
+control_type:
+  - Preventive
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+  - Respond
+  - Recover
+operational_capabilities: [Governance]
+security_domains:
+  - Defence
+  - Resilience
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.5 Contact with authorities
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md

@@ -1,3 +1,30 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.6"
+title: "Contact with special interest groups"
+theme: Organizational
+control_type:
+  - Preventive
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Respond
+  - Recover
+operational_capabilities: [Governance]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.6 Contact with special interest groups
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md

@@ -1,3 +1,33 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.7"
+title: "Threat intelligence"
+theme: Organizational
+control_type:
+  - Preventive
+  - Detective
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Detect
+  - Respond
+operational_capabilities: [Threat_and_vulnerability_management]
+security_domains:
+  - Defence
+  - Resilience
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.7 Threat intelligence
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.8"
+title: "Information security in project management"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities: [Governance]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.8 Information security in project management
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.5.9"
+title: "Inventory of information and other associated assets"
+theme: Organizational
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities: [Asset_management]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 5.9 Inventory of information and other associated assets
 
 | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.1"
+title: "Screening"
+theme: People
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Human_resource_security]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.1 Screening
 
 | **Control type** | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities** | **Security domains**      |

Corpus/Standards/ISO27x/OST/27002/EN/a-6.2-Terms-and-conditions-of-employment.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.2"
+title: "Terms and conditions of employment"
+theme: People
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Human_resource_security]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.2 Terms and conditions of employment
 
 | **Control type** | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities** | **Security domains**      |

Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.3"
+title: "Information security awareness, education and training"
+theme: People
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Human_resource_security]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.3 Information security awareness, education and training
 
 | **Control type** | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities** | **Security domains**      |

Corpus/Standards/ISO27x/OST/27002/EN/a-6.4-Disciplinary-process.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.4"
+title: "Disciplinary process"
+theme: People
+control_type:
+  - Preventive
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Respond
+operational_capabilities: [Human_resource_security]
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.4 Disciplinary process
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.5"
+title: "Responsibilities after termination or change of employment"
+theme: People
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Human_resource_security
+  - Asset_management
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.5 Responsibilities after termination or change of employment
 
 | **Control type** | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.6"
+title: "Confidentiality or non-disclosure agreements"
+theme: People
+control_type: [Preventive]
+information_security_properties: [Confidentiality]
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Human_resource_security
+  - Information_protection
+  - Supplier_relationships_security
+security_domains: [Governance_and_Ecosystem]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.6 Confidentiality or non-disclosure agreements
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-6.7-Remote-working.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.7"
+title: "Remote working"
+theme: People
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Asset_management
+  - Information_protection
+  - Physical_security
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.7 Remote working
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md

@@ -1,13 +1,26 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.6.8"
+title: "Information security event reporting"
+theme: People
+control_type: [Detective]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Detect]
+operational_capabilities: [Information_security_event_management]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 6.8 Information security event reporting
-
-  
-
-| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
-
-|------------------|-----------------------------------------|---------------------------|---------------------------------------------|---------------------|
-
-| #Detective | #Confidentiality #Integrity #Availability | #Detect | #Information_security_event_management | #Defence |
-
   
 
 **Control**

Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md

@@ -1,9 +1,26 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.1"
+title: "Physical security perimeters"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Physical_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
 ## 7.1 Physical security perimeters
 
-| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
-|------------------|-----------------------------------------|---------------------------|-----------------------------------|---------------------|
-| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security |
-
 **Control**
 Security perimeters should be defined and used to protect areas that contain information and other associated assets.
 

Corpus/Standards/ISO27x/OST/27002/EN/a-7.10-Storage-media.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.10"
+title: "Storage media"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Asset_management
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.10 Storage media
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.11-Supporting-utilities.md

@@ -1,3 +1,28 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.11"
+title: "Supporting utilities"
+theme: Physical
+control_type:
+  - Preventive
+  - Detective
+information_security_properties:
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Detect
+operational_capabilities: [Physical_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.11 Supporting utilities
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.12-Cabling-security.md

@@ -1,3 +1,24 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.12"
+title: "Cabling security"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Physical_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.12 Cabling security
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.13-Equipment-maintenance.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.13"
+title: "Equipment maintenance"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Asset_management
+security_domains:
+  - Protection
+  - Resilience
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.13 Equipment maintenance
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.14-Secure-disposal-or-re-use-of-equipment.md

@@ -1,3 +1,24 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.14"
+title: "Secure disposal or re-use of equipment"
+theme: Physical
+control_type: [Preventive]
+information_security_properties: [Confidentiality]
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Asset_management
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.14 Secure disposal or re-use of equipment
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.2-Physical-entry.md

@@ -1,14 +1,30 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.2"
+title: "Physical entry"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Identity_and_access_management
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.2 Physical entry
 
-  
 
-| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
-
-|------------------|-----------------------------------------|---------------------------|-----------------------------------------------------|---------------------|
-
-| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Identity_and_Access
-
-  
 
 **Control**
 

Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.3"
+title: "Securing offices, rooms and facilities"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Asset_management
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.3 Securing offices, rooms and facilities
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md

@@ -1,3 +1,31 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.4"
+title: "Physical security monitoring"
+theme: Physical
+control_type:
+  - Preventive
+  - Detective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Detect
+operational_capabilities: [Physical_security]
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.4 Physical security monitoring
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.5-Protecting-against-physical-and-environmental-threats.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.5"
+title: "Protecting against physical and environmental threats"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Physical_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.5 Protecting against physical and environmental threats
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.6-Working-in-secure-areas.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.6"
+title: "Working in secure areas"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Physical_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.6 Working in secure areas
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.7-Clear-desk-and-clear-screen.md

@@ -1,3 +1,22 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.7"
+title: "Clear desk and clear screen"
+theme: Physical
+control_type: [Preventive]
+information_security_properties: [Confidentiality]
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Physical_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.7 Clear desk and clear screen
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.8-Equipment-siting-and-protection.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.8"
+title: "Equipment siting and protection"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Asset_management
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.8 Equipment siting and protection
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-7.9-Security-of-assets-off-premises.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.7.9"
+title: "Security of assets off-premises"
+theme: Physical
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Physical_security
+  - Asset_management
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 7.9 Security of assets off-premises
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-8.1-User-endpoint-devices.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.1"
+title: "User endpoint devices"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Asset_management
+  - Information_protection
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.1 User endpoint devices
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-8.10-Information-deletion.md

@@ -1,3 +1,24 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.10"
+title: "Information deletion"
+theme: Technological
+control_type: [Preventive]
+information_security_properties: [Confidentiality]
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Information_protection
+  - Legal_and_compliance
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.10 Information deletion
 
 | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities**                  | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.11-Data-masking.md

@@ -1,3 +1,22 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.11"
+title: "Data masking"
+theme: Technological
+control_type: [Preventive]
+information_security_properties: [Confidentiality]
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Information_protection]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.11 Data masking
 
 | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.12-Data-leakage-prevention.md

@@ -1,3 +1,28 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.12"
+title: "Data leakage prevention"
+theme: Technological
+control_type:
+  - Preventive
+  - Detective
+information_security_properties: [Confidentiality]
+cybersecurity_concepts:
+  - Protect
+  - Detect
+operational_capabilities: [Information_protection]
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.12 Data leakage prevention
 
 | **Control type**       | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md

@@ -1,3 +1,24 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.13"
+title: "Information backup"
+theme: Technological
+control_type: [Corrective]
+information_security_properties:
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Recover]
+operational_capabilities: [Continuity]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.13 Information backup
 
 | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.14-Redundancy-of-information-processing-facilities.md

@@ -1,3 +1,26 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.14"
+title: "Redundancy of information processing facilities"
+theme: Technological
+control_type: [Preventive]
+information_security_properties: [Availability]
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Continuity
+  - Asset_management
+security_domains:
+  - Protection
+  - Resilience
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.14 Redundancy of information processing facilities
 
 | Control type | Information security properties | Cybersecurity concepts | Operational capabilities      | Security domains        |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.15"
+title: "Logging"
+theme: Technological
+control_type: [Detective]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Detect]
+operational_capabilities: [Information_security_event_management]
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.15 Logging
 
 | **Control type** | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities**           | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.16"
+title: "Monitoring activities"
+theme: Technological
+control_type:
+  - Detective
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Detect
+  - Respond
+operational_capabilities: [Information_security_event_management]
+security_domains: [Defence]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.16 Monitoring activities
 
 | **Control type**       | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities**           | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.17-Clock-synchronization.md

@@ -1,3 +1,26 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.17"
+title: "Clock synchronization"
+theme: Technological
+control_type: [Detective]
+information_security_properties: [Integrity]
+cybersecurity_concepts:
+  - Protect
+  - Detect
+operational_capabilities: [Information_security_event_management]
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.17 Clock synchronization
 
 | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities**           | **Security domains** |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.18-Use-of-privileged-utility-programs.md

@@ -1,3 +1,28 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.18"
+title: "Use of privileged utility programs"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - System_and_network_security
+  - Secure_configuration
+  - Application_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.18 Use of privileged utility programs
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                                                 | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.19"
+title: "Installation of software on operational systems"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Secure_configuration
+  - Application_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.19 Installation of software on operational systems
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                    | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.2"
+title: "Privileged access rights"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.2 Privileged access rights
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities        | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.20-Networks-security.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.20"
+title: "Networks security"
+theme: Technological
+control_type:
+  - Preventive
+  - Detective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Detect
+operational_capabilities: [System_and_network_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.20 Networks security
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.21"
+title: "Security of network services"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [System_and_network_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.21 Security of network services
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities     | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.22"
+title: "Segregation of networks"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [System_and_network_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.22 Segregation of networks
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities     | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.23-Web-filtering.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.23"
+title: "Web filtering"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [System_and_network_security]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.23 Web filtering
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities     | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.24"
+title: "Use of cryptography"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Secure_configuration]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.24 Use of cryptography
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.25"
+title: "Secure development life cycle"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Application_security
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.25 Secure development life cycle
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                           | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.26"
+title: "Application security requirements"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Application_security
+  - System_and_network_security
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.26 Application security requirements
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                           | Security domains     |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.27"
+title: "Secure system architecture and engineering principles"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Application_security
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.27 Secure system architecture and engineering principles
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                           | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.28"
+title: "Secure coding"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Application_security
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.28 Secure coding
 
 #### Control

Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md

@@ -1,3 +1,28 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.29"
+title: "Security testing in development and acceptance"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Identify]
+operational_capabilities:
+  - Application_security
+  - Information_security_assurance
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.29 Security testing in development and acceptance
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                                                           | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.3-Information-access-restriction.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.3"
+title: "Information access restriction"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.3 Information access restriction
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities        | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.30-Outsourced-development.md

@@ -1,3 +1,35 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.30"
+title: "Outsourced development"
+theme: Technological
+control_type:
+  - Preventive
+  - Detective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+  - Detect
+operational_capabilities:
+  - System_and_network_security
+  - Application_security
+  - Supplier_relationships_security
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.30 Outsourced development
 
 | Control type           | Information security properties              | Cybersecurity concepts        | Operational capabilities                                                            | Security domains                      |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.31-Separation-of-development-test-and-production-environments.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.31"
+title: "Separation of development, test and production environments"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Application_security
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.31 Separation of development, test and production environments
 
 | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md

@@ -1,3 +1,27 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.32"
+title: "Change management"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Application_security
+  - System_and_network_security
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.32 Change management
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                           | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.33-Test-information.md

@@ -1,3 +1,24 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.33"
+title: "Test information"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Information_protection]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.33 Test information
 
 | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.34-Protection-of-information-systems-during-audit-testing.md

@@ -1,3 +1,29 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.34"
+title: "Protection of information systems during audit testing"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - System_and_network_security
+  - Information_protection
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.34 Protection of information systems during audit testing
 
 | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.4-Access-to-source-code.md

@@ -1,3 +1,28 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.4"
+title: "Access to source code"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities:
+  - Identity_and_access_management
+  - Application_security
+  - Secure_configuration
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.4 Access to source code
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                                                    | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.5"
+title: "Secure authentication"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Identity_and_access_management]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.5 Secure authentication
 
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities        | Security domains |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.6-Capacity-management.md

@@ -1,3 +1,31 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.6"
+title: "Capacity management"
+theme: Technological
+control_type:
+  - Preventive
+  - Detective
+information_security_properties:
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+  - Detect
+operational_capabilities: [Continuity]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.6 Capacity management
 
 | Control type           | Information security properties | Cybersecurity concepts     | Operational capabilities | Security domains                      |

Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md

@@ -1,3 +1,34 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.7"
+title: "Protection against malware"
+theme: Technological
+control_type:
+  - Preventive
+  - Detective
+  - Corrective
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Protect
+  - Detect
+operational_capabilities:
+  - System_and_network_security
+  - Information_protection
+security_domains:
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.7  Protection against malware
 
 ## Control 

Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md

@@ -1,3 +1,30 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.8"
+title: "Management of technical vulnerabilities"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts:
+  - Identify
+  - Protect
+operational_capabilities: [Threat_and_vulnerability_management]
+security_domains:
+  - Governance_and_Ecosystem
+  - Protection
+  - Defence
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.8 Management of technical vulnerabilities
 
   

Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md

@@ -1,3 +1,25 @@
+---
+notetype: sourcetext
+standard: ISO 27002
+version: 2022
+language: EN
+type: control
+id: "A.8.9"
+title: "Configuration management"
+theme: Technological
+control_type: [Preventive]
+information_security_properties:
+  - Confidentiality
+  - Integrity
+  - Availability
+cybersecurity_concepts: [Protect]
+operational_capabilities: [Secure_configuration]
+security_domains: [Protection]
+tags:
+  - iso27002/2022/EN
+status: active
+---
+
 ## 8.9 Configuration management
 
 ### Control