APPENDIX: MAPPING OF ENISA’S TECHNICAL GUIDELINES AND ISO 27001 ANNEX A
Security objective |
Description |
ISO 27001 Annex A reference controls |
1: Information security policy |
Establish and maintain an information security policy. |
A.5 Information security policies |
2: Risk management |
Establish and maintain an appropriate governance and risk management framework to identify and address risks. |
All |
3: Security roles |
Assign security roles and responsibilities to designated staff. |
A.6.1 Internal organization |
4: Third-party management |
Establish and maintain a policy that sets out the security requirements for customer and supplier contracts. |
A.15.1 Information security in supplier relationships |
5: Background checks |
Perform background checks before ... |
Get A concise introduction to the NIS Directive - A pocket guide for digital service providers now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.