| ๐ผ 8.1 User end point devices | | 9 | 11 | |
| ๐ผ 8.2 Privileged access rights | | 7 | 7 | |
| ๐ผ 8.3 Information access restriction | | 10 | 11 | |
| ๐ผ 8.4 Access to source code | | 8 | 9 | |
| ๐ผ 8.5 Secure authentication | | | | |
| ๐ผ 8.6 Capacity management | | 3 | 3 | |
| ๐ผ 8.7 Protection against malware | | 1 | 1 | |
| ๐ผ 8.8 Management of technical vulnerabilities | | 9 | 9 | |
| ๐ผ 8.9 Configuration management | | | | |
| ๐ผ 8.10 Information deletion | | | | |
| ๐ผ 8.11 Data masking | | | | |
| ๐ผ 8.12 Data leakage prevention | | | | |
| ๐ผ 8.13 Information backup | | 1 | 1 | |
| ๐ผ 8.14 Redundancy of information processing facilities | | | | |
| ๐ผ 8.15 Logging | | 19 | 20 | |
| ๐ผ 8.16 Monitoring activities | | 6 | 6 | |
| ๐ผ 8.17 Clock synchronization | | | | |
| ๐ผ 8.18 Use of privileged utility programs | | | | |
| ๐ผ 8.19 Installation of software on operational systems | | | | |
| ๐ผ 8.20 Networks security | | 5 | 5 | |
| ๐ผ 8.21 Security of network services | | | | |
| ๐ผ 8.22 Segregation of networks | | 5 | 5 | |
| ๐ผ 8.23 Web filtering | | | | |
| ๐ผ 8.24 Use of cryptography | | | | |
| ๐ผ 8.25 Secure development life cycle | | 2 | 2 | |
| ๐ผ 8.26 Application security requirements | | 2 | 2 | |
| ๐ผ 8.27 Secure system architecture and engineering principles | | 1 | 1 | |
| ๐ผ 8.28 Secure coding | | | | |
| ๐ผ 8.29 Security testing in development and acceptance | | | | |
| ๐ผ 8.30 Outsourced development | | | | |
| ๐ผ 8.31 Separation of development, test and production environments | | | | |
| ๐ผ 8.32 Change management | | | | |
| ๐ผ 8.33 Test information | | | | |
| ๐ผ 8.34 Protection of information systems during audit testing | | | | |