APPENDIX: MAPPING OF ENISA’S TECHNICAL GUIDELINES AND ISO 27001 ANNEX A

Security objective

Description

ISO 27001 Annex A reference controls

1: Information security policy

Establish and maintain an information security policy.

A.5 Information security policies

2: Risk management

Establish and maintain an appropriate governance and risk management framework to identify and address risks.

All

3: Security roles

Assign security roles and responsibilities to designated staff.

A.6.1 Internal organization

4: Third-party management

Establish and maintain a policy that sets out the security requirements for customer and supplier contracts.

A.15.1 Information security in supplier relationships

5: Background checks

Perform background checks before ...

Get A concise introduction to the NIS Directive - A pocket guide for digital service providers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.