APPENDIX: MAPPING OF ENISA’S TECHNICAL GUIDELINES AND ISO 27001 ANNEX A
Security objective |
Description |
ISO 27001 Annex A reference controls |
1: Information security policy |
Establish and maintain an information security policy. |
A.5 Information security policies |
2: Risk management |
Establish and maintain an appropriate governance and risk management framework to identify and address risks. |
All |
3: Security roles |
Assign security roles and responsibilities to designated staff. |
A.6.1 Internal organization |
4: Third-party management |
Establish and maintain a policy that sets out the security requirements for customer and supplier contracts. |
A.15.1 Information security in supplier relationships |
5: Background checks |
Perform background checks before ... |
Get A concise introduction to the NIS Directive - A pocket guide for digital service providers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
