A.18.2.3: Technical Compliance Review
Perform regular reviews of information systems for compliance with the organization’s information security policies and standards.
A.18.2.2: Compliance with Security Policies and Standards
Ensure that managers regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards, and any other security requirements.
A.18.2.1: Independent Review of Information Security
Conduct an independent review of the information security policy and its implementation at planned intervals or when significant changes occur.
A.14.1.2: Securing Application Services on Public Networks
Ensure that information involved in application services passing over public networks is protected from fraudulent activity, contract dispute, and unauthorized disclosure and modification.
A.14.1.1: Information Security Requirements Analysis and Specification
Ensure that information security requirements are included in the requirements for new information systems or enhancements to existing information systems.
A.13.2.3: Electronic Messaging
Implement controls to protect the information involved in electronic messaging.
A.12.1.1: Documented Operating Procedures
Document and maintain operating procedures for information processing facilities.
A.11.2.9: Clear Desk and Clear Screen Policy
Adopt a clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities.
A.11.2.8: Unattended User Equipment
Develop and implement procedures to protect unattended user equipment.
A.11.2.7: Secure Disposal or Re-Use of Equipment
Ensure that equipment containing storage media is checked to verify that any sensitive data and licensed software has been removed or securely overwritten.
A.11.2.6: Security of Equipment and Assets Off-Premises
Ensure the security of equipment and assets used off-premises.
A.11.2.5: Removal of Assets
Implement policies and procedures to manage the removal of assets to ensure the protection of assets that leave the organization's premises.
A.11.2.4: Equipment Maintenance
Maintain equipment to ensure its continued availability and integrity.
A.11.2.3: Cabling Security
Protect power and telecommunications cabling to prevent interception or damage.
A.11.2.1: Equipment Siting and Protection
Site and protect equipment to reduce risks from environmental threats and hazards, and opportunities for unauthorized access.
A.11.1.6: Delivery and Loading Areas
Protect delivery and loading areas to ensure that they are controlled.
A.11.1.5: Working in Secure Areas
Design and apply procedures for working in secure areas.
A.11.1.4: Protecting Against External and Environmental Threats
Protect equipment from external and environmental threats.
A.11.1.3: Securing Offices, Rooms, and Facilities
Ensure that offices, rooms, and facilities are physically secure.
