2320 lines
No EOL
48 KiB
Python
2320 lines
No EOL
48 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
prepend_frontmatter.py
|
|
|
|
For each ISO 27002 control note in the target folder:
|
|
- Skips files that already have YAML frontmatter (starts with ---)
|
|
- Skips a-3-Terms*
|
|
- Prepends the correct frontmatter block and writes the file back
|
|
|
|
Run from anywhere:
|
|
python3 prepend_frontmatter.py
|
|
|
|
Requires Python 3.6+. No dependencies.
|
|
"""
|
|
|
|
import os
|
|
|
|
VAULT_DIR = "/Users/rico/src/iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN"
|
|
|
|
FRONTMATTER = {
|
|
"a-5.1-Policies-for-information-security.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.1"
|
|
title: "Policies for information security"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Governance]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.2-Information-security-roles-and-responsibilities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.2"
|
|
title: "Information security roles and responsibilities"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Governance]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.3-Segregation-of-duties.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.3"
|
|
title: "Segregation of duties"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Governance
|
|
- Identity_and_access_management
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.4-Management-responsibilities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.4"
|
|
title: "Management responsibilities"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Governance]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.5-Contact-with-authorities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.5"
|
|
title: "Contact with authorities"
|
|
theme: Organizational
|
|
control_type:
|
|
- Preventive
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
- Respond
|
|
- Recover
|
|
operational_capabilities: [Governance]
|
|
security_domains:
|
|
- Defence
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.6-Contact-with-special-interest-groups.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.6"
|
|
title: "Contact with special interest groups"
|
|
theme: Organizational
|
|
control_type:
|
|
- Preventive
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Respond
|
|
- Recover
|
|
operational_capabilities: [Governance]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.7-Threat-intelligence.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.7"
|
|
title: "Threat intelligence"
|
|
theme: Organizational
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Detect
|
|
- Respond
|
|
operational_capabilities: [Threat_and_vulnerability_management]
|
|
security_domains:
|
|
- Defence
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.8-Information-security-in-project-management.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.8"
|
|
title: "Information security in project management"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities: [Governance]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.9-Inventory-of-information-and-other-associated-assets.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.9"
|
|
title: "Inventory of information and other associated assets"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Asset_management]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.10-Acceptable-use-of-information-and-other-associated-assets.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.10"
|
|
title: "Acceptable use of information and other associated assets"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Asset_management
|
|
- Information_protection
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.11-Return-of-assets.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.11"
|
|
title: "Return of assets"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Asset_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.12-Classification-of-information.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.12"
|
|
title: "Classification of information"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Information_protection]
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.13-Labelling-of-information.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.13"
|
|
title: "Labelling of information"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Information_protection]
|
|
security_domains:
|
|
- Defence
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.14-Information-transfer.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.14"
|
|
title: "Information transfer"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Asset_management
|
|
- Information_protection
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.15-Access-control.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.15"
|
|
title: "Access control"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.16-Identity-management.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.16"
|
|
title: "Identity management"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.17-Authentication-information.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.17"
|
|
title: "Authentication information"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.18-Access-rights.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.18"
|
|
title: "Access rights"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.19-Information-security-in-supplier-relationships.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.19"
|
|
title: "Information security in supplier relationships"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Supplier_relationships_security]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.20-Addressing-information-security-within-supplier-agreements.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.20"
|
|
title: "Addressing information security within supplier agreements"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Supplier_relationships_security]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.21-Managing-information-security-in-the-ICT-supply-chain.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.21"
|
|
title: "Managing information security in the ICT supply chain"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Supplier_relationships_security]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.22-Monitoring-review-and-change-management-of-supplier-services.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.22"
|
|
title: "Monitoring, review and change management of supplier services"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Supplier_relationships_security]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
- Defence
|
|
- Information_security_assurance
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.23-Information-security-for-use-of-cloud-services.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.23"
|
|
title: "Information security for use of cloud services"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Supplier_relationships_security]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.24-Information-security-incident-management-planning-and-preparation.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.24"
|
|
title: "Information security incident management planning and preparation"
|
|
theme: Organizational
|
|
control_type: [Corrective]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Respond
|
|
- Recover
|
|
operational_capabilities:
|
|
- Governance
|
|
- Information_security_event_management
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.25-Assessment-and-decision-on-information-security-events.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.25"
|
|
title: "Assessment and decision on information security events"
|
|
theme: Organizational
|
|
control_type: [Detective]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Detect
|
|
- Respond
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.26-Response-to-information-security-incidents.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.26"
|
|
title: "Response to information security incidents"
|
|
theme: Organizational
|
|
control_type: [Corrective]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Respond
|
|
- Recover
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.27-Learning-from-information-security-incidents.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.27"
|
|
title: "Learning from information security incidents"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.28-Collection-of-evidence.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.28"
|
|
title: "Collection of evidence"
|
|
theme: Organizational
|
|
control_type: [Corrective]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Detect
|
|
- Respond
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.29-Information-security-during-disruption.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.29"
|
|
title: "Information security during disruption"
|
|
theme: Organizational
|
|
control_type:
|
|
- Preventive
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Respond
|
|
operational_capabilities: [Continuity]
|
|
security_domains:
|
|
- Protection
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.30-ICT-readiness-for-business-continuity.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.30"
|
|
title: "ICT readiness for business continuity"
|
|
theme: Organizational
|
|
control_type: [Corrective]
|
|
information_security_properties: [Availability]
|
|
cybersecurity_concepts: [Respond]
|
|
operational_capabilities: [Continuity]
|
|
security_domains: [Resilience]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.31"
|
|
title: "Legal, statutory, regulatory and contractual requirements"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Legal_and_compliance]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.32-Intellectual-property-rights.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.32"
|
|
title: "Intellectual property rights"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities: [Legal_and_compliance]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.33-Protection-of-records.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.33"
|
|
title: "Protection of records"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities:
|
|
- Legal_and_compliance
|
|
- Asset_management
|
|
- Information_protection
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.34-Privacy-and-protection-of-PII.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.34"
|
|
title: "Privacy and protection of PII"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities:
|
|
- Information_protection
|
|
- Legal_and_compliance
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.35-Independent-review-of-information-security.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.35"
|
|
title: "Independent review of information security"
|
|
theme: Organizational
|
|
control_type:
|
|
- Preventive
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities: [Information_security_assurance]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.36"
|
|
title: "Compliance with policies, rules and standards for information security"
|
|
theme: Organizational
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities:
|
|
- Legal_and_compliance
|
|
- Information_security_assurance
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-5.37-Documented-operating-procedures.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.5.37"
|
|
title: "Documented operating procedures"
|
|
theme: Organizational
|
|
control_type:
|
|
- Preventive
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Recover
|
|
operational_capabilities:
|
|
- Asset_management
|
|
- Physical_security
|
|
- System_and_network_security
|
|
- Application_security
|
|
- Secure_configuration
|
|
- Identity_and_access_management
|
|
- Threat_and_vulnerability_management
|
|
- Continuity
|
|
- Information_security_event_management
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.1-Screening.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.1"
|
|
title: "Screening"
|
|
theme: People
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Human_resource_security]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.2-Terms-and-conditions-of-employment.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.2"
|
|
title: "Terms and conditions of employment"
|
|
theme: People
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Human_resource_security]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.3-Information-security-awareness-education-and-training.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.3"
|
|
title: "Information security awareness, education and training"
|
|
theme: People
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Human_resource_security]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.4-Disciplinary-process.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.4"
|
|
title: "Disciplinary process"
|
|
theme: People
|
|
control_type:
|
|
- Preventive
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Respond
|
|
operational_capabilities: [Human_resource_security]
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.5-Responsibilities-after-termination-or-change-of-employment.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.5"
|
|
title: "Responsibilities after termination or change of employment"
|
|
theme: People
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Human_resource_security
|
|
- Asset_management
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.6-Confidentiality-or-non-disclosure-agreements.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.6"
|
|
title: "Confidentiality or non-disclosure agreements"
|
|
theme: People
|
|
control_type: [Preventive]
|
|
information_security_properties: [Confidentiality]
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Human_resource_security
|
|
- Information_protection
|
|
- Supplier_relationships_security
|
|
security_domains: [Governance_and_Ecosystem]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.7-Remote-working.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.7"
|
|
title: "Remote working"
|
|
theme: People
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Asset_management
|
|
- Information_protection
|
|
- Physical_security
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-6.8-Information-security-event-reporting.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.6.8"
|
|
title: "Information security event reporting"
|
|
theme: People
|
|
control_type: [Detective]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Detect]
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.1-Physical-security-perimeters.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.1"
|
|
title: "Physical security perimeters"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Physical_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.2-Physical-entry.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.2"
|
|
title: "Physical entry"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Identity_and_access_management
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.3-Securing-offices-rooms-and-facilities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.3"
|
|
title: "Securing offices, rooms and facilities"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Asset_management
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.4-Physical-security-monitoring.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.4"
|
|
title: "Physical security monitoring"
|
|
theme: Physical
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities: [Physical_security]
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.5-Protecting-against-physical-and-environmental-threats.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.5"
|
|
title: "Protecting against physical and environmental threats"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Physical_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.6-Working-in-secure-areas.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.6"
|
|
title: "Working in secure areas"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Physical_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.7-Clear-desk-and-clear-screen.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.7"
|
|
title: "Clear desk and clear screen"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties: [Confidentiality]
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Physical_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.8-Equipment-siting-and-protection.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.8"
|
|
title: "Equipment siting and protection"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Asset_management
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.9-Security-of-assets-off-premises.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.9"
|
|
title: "Security of assets off-premises"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Asset_management
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.10-Storage-media.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.10"
|
|
title: "Storage media"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Asset_management
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.11-Supporting-utilities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.11"
|
|
title: "Supporting utilities"
|
|
theme: Physical
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
information_security_properties:
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities: [Physical_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.12-Cabling-security.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.12"
|
|
title: "Cabling security"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Physical_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.13-Equipment-maintenance.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.13"
|
|
title: "Equipment maintenance"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Asset_management
|
|
security_domains:
|
|
- Protection
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-7.14-Secure-disposal-or-re-use-of-equipment.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.7.14"
|
|
title: "Secure disposal or re-use of equipment"
|
|
theme: Physical
|
|
control_type: [Preventive]
|
|
information_security_properties: [Confidentiality]
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Physical_security
|
|
- Asset_management
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.1-User-endpoint-devices.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.1"
|
|
title: "User endpoint devices"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Asset_management
|
|
- Information_protection
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.2-Privileged-access-rights.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.2"
|
|
title: "Privileged access rights"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.3-Information-access-restriction.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.3"
|
|
title: "Information access restriction"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.4-Access-to-source-code.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.4"
|
|
title: "Access to source code"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Identity_and_access_management
|
|
- Application_security
|
|
- Secure_configuration
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.5-Secure-authentication.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.5"
|
|
title: "Secure authentication"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Identity_and_access_management]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.6-Capacity-management.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.6"
|
|
title: "Capacity management"
|
|
theme: Technological
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
information_security_properties:
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities: [Continuity]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.7-Protection-against-malware.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.7"
|
|
title: "Protection against malware"
|
|
theme: Technological
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities:
|
|
- System_and_network_security
|
|
- Information_protection
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.8-Management-of-technical-vulnerabilities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.8"
|
|
title: "Management of technical vulnerabilities"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
operational_capabilities: [Threat_and_vulnerability_management]
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.9-Configuration-management.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.9"
|
|
title: "Configuration management"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Secure_configuration]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.10-Information-deletion.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.10"
|
|
title: "Information deletion"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties: [Confidentiality]
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Information_protection
|
|
- Legal_and_compliance
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.11-Data-masking.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.11"
|
|
title: "Data masking"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties: [Confidentiality]
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Information_protection]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.12-Data-leakage-prevention.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.12"
|
|
title: "Data leakage prevention"
|
|
theme: Technological
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
information_security_properties: [Confidentiality]
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities: [Information_protection]
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.13-Information-backup.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.13"
|
|
title: "Information backup"
|
|
theme: Technological
|
|
control_type: [Corrective]
|
|
information_security_properties:
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Recover]
|
|
operational_capabilities: [Continuity]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.14-Redundancy-of-information-processing-facilities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.14"
|
|
title: "Redundancy of information processing facilities"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties: [Availability]
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Continuity
|
|
- Asset_management
|
|
security_domains:
|
|
- Protection
|
|
- Resilience
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.15-Logging.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.15"
|
|
title: "Logging"
|
|
theme: Technological
|
|
control_type: [Detective]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Detect]
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.16-Monitoring-activities.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.16"
|
|
title: "Monitoring activities"
|
|
theme: Technological
|
|
control_type:
|
|
- Detective
|
|
- Corrective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Detect
|
|
- Respond
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains: [Defence]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.17-Clock-synchronization.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.17"
|
|
title: "Clock synchronization"
|
|
theme: Technological
|
|
control_type: [Detective]
|
|
information_security_properties: [Integrity]
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities: [Information_security_event_management]
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.18-Use-of-privileged-utility-programs.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.18"
|
|
title: "Use of privileged utility programs"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- System_and_network_security
|
|
- Secure_configuration
|
|
- Application_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.19-Installation-of-software-on-operational-systems.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.19"
|
|
title: "Installation of software on operational systems"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Secure_configuration
|
|
- Application_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.20-Networks-security.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.20"
|
|
title: "Networks security"
|
|
theme: Technological
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities: [System_and_network_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.21-Security-of-network-services.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.21"
|
|
title: "Security of network services"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [System_and_network_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.22-Segregation-of-networks.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.22"
|
|
title: "Segregation of networks"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [System_and_network_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.23-Web-filtering.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.23"
|
|
title: "Web filtering"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [System_and_network_security]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.24-Use-of-cryptography.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.24"
|
|
title: "Use of cryptography"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Secure_configuration]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.25-Secure-development-life-cycle.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.25"
|
|
title: "Secure development life cycle"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.26-Application-security-requirements.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.26"
|
|
title: "Application security requirements"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- System_and_network_security
|
|
security_domains:
|
|
- Protection
|
|
- Defence
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.27-Secure-system-architecture-and-engineering-principles.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.27"
|
|
title: "Secure system architecture and engineering principles"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.28-Secure-coding.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.28"
|
|
title: "Secure coding"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.29-Security-testing-in-development-and-acceptance.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.29"
|
|
title: "Security testing in development and acceptance"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Identify]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- Information_security_assurance
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.30-Outsourced-development.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.30"
|
|
title: "Outsourced development"
|
|
theme: Technological
|
|
control_type:
|
|
- Preventive
|
|
- Detective
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts:
|
|
- Identify
|
|
- Protect
|
|
- Detect
|
|
operational_capabilities:
|
|
- System_and_network_security
|
|
- Application_security
|
|
- Supplier_relationships_security
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.31-Separation-of-development-test-and-production-environments.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.31"
|
|
title: "Separation of development, test and production environments"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.32-Change-management.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.32"
|
|
title: "Change management"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- Application_security
|
|
- System_and_network_security
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.33-Test-information.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.33"
|
|
title: "Test information"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities: [Information_protection]
|
|
security_domains: [Protection]
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
|
|
"a-8.34-Protection-of-information-systems-during-audit-testing.md": """---
|
|
notetype: sourcetext
|
|
standard: ISO 27002
|
|
version: 2022
|
|
language: EN
|
|
type: control
|
|
id: "A.8.34"
|
|
title: "Protection of information systems during audit testing"
|
|
theme: Technological
|
|
control_type: [Preventive]
|
|
information_security_properties:
|
|
- Confidentiality
|
|
- Integrity
|
|
- Availability
|
|
cybersecurity_concepts: [Protect]
|
|
operational_capabilities:
|
|
- System_and_network_security
|
|
- Information_protection
|
|
security_domains:
|
|
- Governance_and_Ecosystem
|
|
- Protection
|
|
tags:
|
|
- iso27002/2022/EN
|
|
status: active
|
|
---""",
|
|
}
|
|
|
|
|
|
def main():
|
|
written = []
|
|
skipped_fm = []
|
|
skipped_missing = []
|
|
errors = []
|
|
|
|
for filename, frontmatter in sorted(FRONTMATTER.items()):
|
|
filepath = os.path.join(VAULT_DIR, filename)
|
|
|
|
if not os.path.exists(filepath):
|
|
skipped_missing.append(filename)
|
|
continue
|
|
|
|
with open(filepath, "r", encoding="utf-8") as f:
|
|
content = f.read()
|
|
|
|
if content.startswith("---"):
|
|
skipped_fm.append(filename)
|
|
continue
|
|
|
|
new_content = frontmatter + "\n\n" + content
|
|
|
|
with open(filepath, "w", encoding="utf-8") as f:
|
|
f.write(new_content)
|
|
|
|
written.append(filename)
|
|
|
|
print(f"Written: {len(written)}")
|
|
print(f"Already had FM: {len(skipped_fm)}")
|
|
print(f"File not found: {len(skipped_missing)}")
|
|
print(f"Errors: {len(errors)}")
|
|
|
|
if skipped_fm:
|
|
print("\nAlready had frontmatter (skipped):")
|
|
for f in skipped_fm:
|
|
print(f" {f}")
|
|
if skipped_missing:
|
|
print("\nNot found (skipped):")
|
|
for f in skipped_missing:
|
|
print(f" {f}")
|
|
if errors:
|
|
print("\nErrors:")
|
|
for e in errors:
|
|
print(f" {e}")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main() |