💼 36 Acquisition and implementation controls would typically be in place to ensure that information security is not compromised by the introduction of new information assets. Ongoing support and maintenance controls would typically be in place to ensure that information assets continue to meet the information security requirements of the APRAregulated entity

• Contextual name: 💼 36 Acquisition and implementation controls would typically be in place to ensure that information security is not compromised by the introduction of new information assets. Ongoing support and maintenance controls would typically be in place to ensure that information assets continue to meet the information security requirements of the APRAregulated entity
• ID: /frameworks/apra-cpg-234/13/36
• Located in: 💼 13 Implementation of controls - Information security controls implemented at all stages

Description

Empty...

Similar

• Internal
  • ID: dec-c-b200b8ff

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 36a change management —information security is addressed as part of the change management process and the information asset inventory is updated;		7	8
💼 36b configuration management —the configuration of information assets minimises vulnerabilities and is defined, assessed, registered, maintained, including when new vulnerabilities and threats are discovered, and applied consistently;		1	1
💼 36c deployment and environment management —development, test and production environments are appropriately segregated and enforce segregation of duties;		2	2
💼 36d access management controls —only authorised users, software and hardware are able to access information assets (refer to Attachment B for further guidance);		14	14
💼 36e hardware and software asset controls —appropriate authorisation to prevent security compromises from unauthorised hardware and software assets;		16	16
💼 36f network design — to ensure authorised network traffic flows and to reduce the impact of security compromises;		29	30
💼 36g vulnerability management controls — which identify and address information security vulnerabilities in a timely manner;		10	10
💼 36h patch management controls — to manage the assessment and application of patches and other updates that address known vulnerabilities in a timely manner;		6	6
💼 36i service level management mechanisms — to monitor, manage and align information security with business objectives;		2	2
💼 36j monitoring controls — for timely detection of compromises to information security;		9	11
💼 36k response controls — to manage information security incidents and feedback mechanisms to address control deficiencies;		9	9
💼 36l capacity and performance management controls — to ensure that availability is not compromised by current or projected business volumes;
💼 36m service provider management controls — to ensure that a regulated entity’s information security requirements are met.