SecFrame Explorer
3/3
// Level 3 · Controls

Technological Controls

Annex A.8 — 34 controls covering access, cryptography, secure development, and monitoring.

A.8.1High

User end point devices

User end point devices.

A.8.2High

Privileged access rights

Privileged access rights.

A.8.3High

Information access restriction

Information access restriction.

A.8.4High

Access to source code

Access to source code.

A.8.5High

Secure authentication

Secure authentication.

A.8.6High

Capacity management

Capacity management.

A.8.7High

Protection against malware

Protection against malware.

A.8.8High

Management of technical vulnerabilities

Management of technical vulnerabilities.

A.8.9High

Configuration management

Configuration management.

A.8.10High

Information deletion

Information deletion.

A.8.11High

Data masking

Data masking.

A.8.12High

Data leakage prevention

Data leakage prevention.

A.8.13High

Information backup

Information backup.

A.8.14High

Redundancy of information processing facilities

Redundancy of information processing facilities.

A.8.15High

Logging

Logging.

A.8.16High

Monitoring activities

Monitoring activities.

A.8.17High

Clock synchronization

Clock synchronization.

A.8.18High

Use of privileged utility programs

Use of privileged utility programs.

A.8.19High

Installation of software on operational systems

Installation of software on operational systems.

A.8.20High

Networks security

Networks security.

A.8.21High

Security of network services

Security of network services.

A.8.22High

Segregation of networks

Segregation of networks.

A.8.23High

Web filtering

Web filtering.

A.8.24High

Use of cryptography

Use of cryptography.

A.8.25High

Secure development life cycle

Secure development life cycle.

A.8.26High

Application security requirements

Application security requirements.

A.8.27High

Secure system architecture and engineering principles

Secure system architecture and engineering principles.

A.8.28High

Secure coding

Secure coding.

A.8.29High

Security testing in development and acceptance

Security testing in development and acceptance.

A.8.30High

Outsourced development

Outsourced development.

A.8.31High

Separation of development, test and production environments

Separation of development, test and production environments.

A.8.32High

Change management

Change management.

A.8.33High

Test information

Test information.

A.8.34High

Protection of information systems during audit testing

Protection of information systems during audit testing.