Security/ COBIT

ISO/IEC
IT 2019 NIST CSF
27001:20 ITIL v4
Governa Process/Co Function/Category/S
22 Practice
nce ntrol ubcategory
Control
Domain Objective
A.5.1 –
Informat EDM01 – Informatio
Policies
ion Ensure ID.GV-1: Governance n Security
for
Security Governance policies are established Managem
informatio
Policy Framework ent
n security
A.5.9 –
Asset
Inventory
Managem
of BAI09.01 –
Asset ID.AM-1: Physical ent,
informatio Manage
Manage devices and systems Configura
n and configuratio
ment are inventoried tion
other n items
Managem
associated
ent
assets
DSS05.04 –
Identity
Manage
A.5.15 – PR.AC-1: Identities and and
Access user
Access credentials are Access
Control identity and
control managed Managem
logical
ent
access
A.5.4 –
Informatio ID.RA-1: Asset
Risk APO12 – Risk
n security vulnerabilities are
Manage Manage Managem
risk identified and
ment Risk ent
managem documented
ent
A.5.24 –
Informatio
n security DSS02 –
incident Manage
Incident RS.RP-1: Response plan Incident
managem Service
Manage is executed during or Managem
ent Requests
ment after an incident ent
planning and
and Incidents
preparatio
n
A.5.30 –
ICT IT Service
Business DSS04 – PR.IP-9: Response and
readiness Continuity
Continui Manage recovery plans are
for Managem
ty Continuity tested
business ent
continuity
Supplier A.5.22 – APO10 – ID.SC-3: Contracts with Supplier
Manage Managem Manage suppliers are used to Managem
Security/ COBIT
ISO/IEC
IT 2019 NIST CSF
27001:20 ITIL v4
Governa Process/Co Function/Category/S
22 Practice
nce ntrol ubcategory
Control
Domain Objective
ent of
informatio
n security
implement security
ment in Suppliers ent
requirements
supplier
relationsh
ips
A.8.32 –
Change BAI06 – PR.IP-3: Configuration Change
Change
Manage Manage change control Enableme
managem
ment Changes processes are in place nt
ent
System A.8.25 – BAI03 – Software
Acquisiti Secure Manage PR.IP-1: A baseline Developm
on and developm Solutions configuration of ent and
Develop ent Identificatio systems is maintained Managem
ment lifecycle n and Build ent
Monitorin
A.8.16 – DSS01.05 – DE.CM-1: The network
Monitori g and
Monitorin Monitor IT is monitored to detect
ng and Event
g infrastructu potential cybersecurity
Logging Managem
activities re events
ent
A.6.3 –
Informatio
n security BAI08.01 – Workforce
Awarene
awareness Educate PR.AT-1: All users are and Talent
ss and
, and train informed and trained Managem
Training
education, users ent
and
training
A.8.8 –
DSS05.07 – Monitorin
Vulnerab Managem
Manage g and
ility ent of DE.CM-8: Vulnerability
vulnerabiliti Event
Manage technical scans are performed
es and Managem
ment vulnerabil
threats ent
ities
Informatio
A.5.12 –
Data DSS05.02 – n Security
Classificat
Protecti Protect PR.DS-1: Data-at-rest is Managem
ion of
on & against protected ent, Data
informatio
Privacy malware Managem
n
ent
Audit A.5.33 – MEA03 – ID.GV-3: Legal and Audit and
and Independe Monitor, regulatory Complianc
Security/ COBIT
ISO/IEC
IT 2019 NIST CSF
27001:20 ITIL v4
Governa Process/Co Function/Category/S
22 Practice
nce ntrol ubcategory
Control
Domain Objective
Evaluate
and Assess
nt review
Compliance requirements are e
Complia of
with understood and Managem
nce informatio
External managed ent
n security
Requireme
nts

all controls of iso 27001