Identification, documentation and management of other information security requirements

Critical
High
Normal
Low

Compliance with required laws, regulations, standards, and contractual obligations can be as challenging as dealing with an ever-changing threat environment and new forms of cyber-attacks.

The organization shall document the information security requirements and the organisation's operating model for meeting them.

It is important to note that a large part of the requirements (e.g. laws, standards) are evolving entities. It is recommended to define a review interval for the documentation to describe the frequency at which changes in the requirements should at least be checked.

Connected other frameworks and requirements:
18.1.1: Identification of applicable legislation and contractual requirements
ISO 27001
ID.GV-3: Legal and regulatory requirements
NIST CSF
5.31: Legal, statutory, regulatory and contractual requirements
ISO 27001

Compliance of used cryptographic controls in relation to applicable requirements

Critical
High
Normal
Low

Organisation should verify that the set of cryptographic controls that apply to the use of data systems comply with relevant agreements, legislation and regulations.

Connected other frameworks and requirements:
18.1.5: Regulation of cryptographic controls
ISO 27001
18.1.5: Regulation of cryptographic controls
ISO 27017
5.31: Legal, statutory, regulatory and contractual requirements
ISO 27001
No items found.