Scribd Logo
Upload

Welcome to Scribd!

  • Declaracion de Aplicabilidad

    Uploaded by

    Genny Pineda
    10 views7 pages

    Original Title

    DECLARACION DE APLICABILIDAD

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views7 pages

    Declaracion de Aplicabilidad

    Uploaded by

    Genny Pineda

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Control Name Reference Control Description

    Management direction for Information Applicable


    A.5.1
    A.5.1.1 security Yes
    A.5 Policies A.5.1.2 Policies
    Review offorthe
    information security
    policies for information Yes
    security
    Information security roles and Yes
    A.6.1.1 responsibilities Yes
    A.6.1.2 Segregation of duties Yes
    A.6
    Organisation of A.6.1.3
    A.6.1.4 Contact with authorities Yes
    information Contact withsecurity
    Information special in
    interest
    projectgroups Yes
    security A.6.1.5 management Yes
    A.6.2.1 Mobile device policy Yes
    A.6.2.2 Teleworking Yes
    A.7.1.1 Screening Yes
    A.7.1.2 Terms and Conditions of employment Yes
    A. 7 Human A.7.2.1 Management responsibilities
    Information Security awareness, Yes
    resource security A.7.2.2 education and training Yes
    A.7.2.3 Disciplinary Process Yes
    A.7.3.1 Termination or change Yes
    A.8.1.1 Inventory of Assets Yes
    A.8.1.2 Ownership of Assets Yes
    A.8.1.3 Acceptable use of Assets Yes
    A.8.1.4 Return of Assets Yes
    A. 8 Asset A.8.2.1 Classification of Information Yes
    Management A.8.2.2 Labelling of information Yes
    A.8.2.3 Handling of Assets Yes
    A.8.3.1 Management of removable media No
    A.8.3.2 Disposal of media Yes
    A.8.3.3 Physical media transfer No
    A.9.1.1 Access control policy Yes
    A.9.1.2
    A.9.2.1 Access to networks and services Yes
    User registration and de-registration Yes
    A.9.2.2 User access provisioning
    Management of priviledged access Yes
    A.9.2.3 rights
    Management of secret authentication Yes
    A.9 A.9.2.4 information of users Yes
    Access A.9.2.5 Review of user access rights Yes
    Control A.9.2.6 Removal or adjustment of access rights Yes
    A.9.3.1 Use of secret authentication information Yes
    A.9.4.1 Information access restrictions Yes
    A.9.4.2
    A.9.4.3 Secure log-on procedures Yes
    Password management system Yes
    A.9.4.4 Use of priviledged utility programs Yes
    A.9.4.5 Access control to program source code Yes
    Policy on the use of cryptographic
    A.10 A.10.1.1 controls Yes
    Cryptography A.10.1.2 Key management Yes
    A.11.1.1 Pysical security perimiter No
    A.11.1.2 Physical entry controls No
    A.11.1.3 Securing
    Protectingoffices,
    againstrooms andand
    external facilities No
    A.11.1.4 environmental threats No
    A.11.1.5 Working in secure areas No
    A.11.1.6
    A.11.2.1 Delivery and loading areas No
    A.11
    Physical and Equipment siting and protection Yes
    environmental A.11.2.2 Supporting utilities No
    security A.11.2.3 Cabling security No
    A.11.2.4 Equipment maintenance Yes
    A.11.2.5 Removalof
    Security ofequipment
    assets and assets off- Yes
    A.11.2.6 premises
    Secure disposal and re-use of Yes
    A.11.2.7 equipment Yes
    A.11.2.8
    A.11.2.9 Unattended user equipment Yes
    Clear desk and clear screen policy Yes
    A.12.1.1 Documented operating procedures Yes
    A.12.1.2 Change management Yes
    A.12.1.3 Capacity
    Separation management
    of dev, test and production Yes
    A.12.1.4 environments Yes
    A.12.2.1 Controls against malware Yes
    A.12.3.1 Information backup Yes
    A.12 A.12.4.1 Event logging Yes
    Operations
    security A.12.4.2 Protection of log information Yes
    A.12.4.3 Administrator and operator logs Yes
    A.12.4.4 Clock synchronisation
    Installation of software on operational No
    A.12.5.1 systems Yes
    A.12.6.1 Management of technical vulnerabilities Yes
    A.12.6.2
    A.12.7.1 Restrictions on software installations No
    Information systems audit controls No
    A.13.1.1 Network controls No
    A.13.1.2 Security of network services Yes
    A.13 A.13.1.3 Segregation in networks
    Information transfer policies and No
    Communications A.13.2.1 procedures No
    Security A.13.2.2 Agreements on information transfer No
    A.13.2.3
    A.13.2.4 Electronic messaging
    Confidentiality or non-disclosure Yes
    A.14.1.1 agreements
    Information security requirements Yes
    A.14.1.2 analysis
    Securingand specification
    application services on public Yes
    networks
    Protecting application services Yes
    A.14.1.3 transactions Yes

    A.14
    System
    acquisition,
    development &
    A.14.2.1 Secure development policy Yes
    A.14 A.14.2.2 System
    Technical change
    reviewcontrol procedures
    of applications after Yes
    System A.14.2.3 operating platform changes Yes
    acquisition, Restrictions to changes of software
    development & A.14.2.4 packages Yes
    maintenance A.14.2.5 Secure system engineering principles Yes
    A.14.2.6 Secure development environment Yes
    A.14.2.7 Outsourced development No
    A.14.2.8 System security testing Yes
    A.14.2.9 System acceptance testing Yes
    A.14.3.1
    A.15.1.1 Protection of test data Yes
    A.15.1.2 Security
    Addressing policy for supplier
    security relationships
    within supplier Yes
    A.15 agreements
    Information and communication Yes
    Supplier A.15.1.3 technology and
    Monitoring supply chain
    review of supplier Yes
    relationships A.15.2.1 services Yes
    A.15.2.2 Managing changes to supplier services Yes
    A.16.1.1
    A.16.1.2 Responsibilities and procedures Yes
    A.16.1.3 Reporting
    Reporting information security events
    information security Yes
    A.16 weaknesses Yes
    Information Assessment of and decision on
    security incident A.16.1.4
    A.16.1.5 information
    Response tosecurity events
    information security Yes
    management A.16.1.6 incidents
    Learning from information security Yes
    incidents Yes
    A.16.1.7
    A.17.1.1 Collection of evidence Yes
    A.17 Planning
    Implementinginformation security
    information continuity
    security Yes
    InfoSec aspects of A.17.1.2 continuity
    Verify, review and evaluate information Yes
    business A.17.1.3 security continuity Yes
    A.17.2.1 Availability of information processing
    continuity
    facilities
    Identification of applicable legislation Yes
    A.18.1.1 and contractual requirements Yes
    A.18.1.2 Intellectual property rights Yes
    A.18.1.3 Protection
    Privacy andofprotection
    records of personally Yes
    A.18.1.4
    A.18.1.5 identifiable information Yes
    A.18 Compliance
    Regulation
    Independent ofreview
    cryptographic controls
    of information Yes
    A.18.2.1 security
    Compliance with security policies and Yes
    A.18.2.2 standards Yes
    A.18.2.3 Technical Compliance Review Yes
    C.1 Virtual Private Cloud network controls Yes
    Custom Controls C.2 Security of cloud network services Yes
    C.3 Segregation in cloud networks Yes
    Remarks (With
    Justification for
    Exclusions) LR CO BR/BP RRA
    Remarks (Overwiew of Implementacion)

    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###
    ###

    You might also like