| 💼 Authenticate users with strength of authentication commensurate with sensitivity of the information asset being accessed | | | | |
| 💼 Implement secure software | | | | |
| 💼 Implementation controls minimise risk of new vulnerabilities from system change, systems are secure by design | | | | |
| 💼 Inform decision-makers of the sufficiency of information security and direct activity as appropriate | | | | |
| 💼 Limit access to what has been authorised based on job role and principle of least privilege | | | | |
| 💼 Orderly response to information security incidents | | | | |
| 💼 Protect networks from unauthorised network traffic | | | | |
| 💼 Protect system-to-system communication, including exchange of data, from unauthorised access and use | | | | |
| 💼 Protect systems from malicious attacks | | | | |
| 💼 Recovery under all plausible scenarios | | | | |
| 💼 Resilience of systems to handle failure of individual components | | | | |
| 💼 Timely detection of unauthorised access and use | | | | |
| 💼 Timely identification and remediation of new threats | | | | |
| 💼 Timely identification and remediation of new vulnerabilities | | | | |