Requirements included in the framework

10
ISO 27017

Encryption

10.1
ISO 27017

Encryption management

10.1.2
ISO 27017

Key management

11
ISO 27017

Physical and environmental security

11.2
ISO 27017

Equipment

11.2.7
ISO 27017

Secure disposal or re-use of equipment

12
ISO 27017

Operational security

13
ISO 27017

Communications security

13.1.3
ISO 27017

Segregation in networks

15
ISO 27017

Supplier relationships

15.1
ISO 27017

Information security in supplier relationships

15.1.2
ISO 27017

Addressing security within supplier agreements

15.1.3
ISO 27017

Information and communication technology supply chain

16
ISO 27017

Information security incident management

16.1
ISO 27017

Information security incident and improvement management

16.1.2
ISO 27017

Reporting information security events

18
ISO 27017

Compliance

18.1
ISO 27017

Compliance with legal and contractual requirements

18.1.2
ISO 27017

Intellectual property rights

18.1.5
ISO 27017

Regulation of cryptographic controls

6
ISO 27017

Organization of information security

6.1
ISO 27017

Internal organization

6.1.3
ISO 27017

Contact with authorities

6.1.4
ISO 27017

Contact with special interest groups