Professional Documents
Culture Documents
Iso 27000 22
Iso 27000 22
#iso27001 is published.
● The title is changed to ISO/IEC 27001:2022 Information security, cybersecurity and privacy
protection — Information security management systems — Requirements
● Although new text has been added and some rearranged, these changes only clarify the
requirements and do not add new ones to the standard
• 11 new controls introduced to address the evolvement in technologies and industrial practices:
A.5.7 Threat intelligence
A.5.23 Information security for use of cloud services
A.5.30 ICT readiness for business continuity
A.7.4 Physical security monitoring
A.8.9 Configuration management
A.8.10 Information deletion
A.8.11 Data masking
A.8.12 Data leakage prevention
A.8.16 Monitoring activities
A.8.23 Web filtering
A.8.28 Secure coding
• The outdated '6.2.2 Teleworking' has been updated to '6.7 Remote working'
• similar controls integrated to become one main control; reducing redundancy (with previous 57
controls being merged into 24 controls)
• total no. of controls reduced from previous count of 114 controls to 93 controls
• controls have also been assigned different attributes for easier classification and management:
- Control type: Preventive, Detective, Corrective
- Information security properties: CIA
- Cybersecurity concepts: Identify, Protect, Detect, Respond, Recover
- Operational capabilities: e.g. Continuity, Physical security, Information security event management
- Security domains: Governance and Ecosystem, Protection, Defence, Resilience
https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-3:v1:en