| ๐ผ Authenticate users with strength of authentication commensurate with sensitivity of the information asset being accessed | | | | |
| ๐ผ Implement secure software | | | | |
| ๐ผ Implementation controls minimise risk of new vulnerabilities from system change, systems are secure by design | | | | |
| ๐ผ Inform decision-makers of the sufficiency of information security and direct activity as appropriate | | | | |
| ๐ผ Limit access to what has been authorised based on job role and principle of least privilege | | | | |
| ๐ผ Orderly response to information security incidents | | | | |
| ๐ผ Protect networks from unauthorised network traffic | | | | |
| ๐ผ Protect system-to-system communication, including exchange of data, from unauthorised access and use | | | | |
| ๐ผ Protect systems from malicious attacks | | | | |
| ๐ผ Recovery under all plausible scenarios | | | | |
| ๐ผ Resilience of systems to handle failure of individual components | | | | |
| ๐ผ Timely detection of unauthorised access and use | | | | |
| ๐ผ Timely identification and remediation of new threats | | | | |
| ๐ผ Timely identification and remediation of new vulnerabilities | | | | |