| 💼 8.1 User end point devices | | 8 | 13 | |
| 💼 8.2 Privileged access rights | | 7 | 10 | |
| 💼 8.3 Information access restriction | | 10 | 23 | |
| 💼 8.4 Access to source code | | 8 | 21 | |
| 💼 8.5 Secure authentication | | | 2 | |
| 💼 8.6 Capacity management | | 3 | 3 | |
| 💼 8.7 Protection against malware | | 1 | 1 | |
| 💼 8.8 Management of technical vulnerabilities | | 8 | 10 | |
| 💼 8.9 Configuration management | | | 12 | |
| 💼 8.10 Information deletion | | | | |
| 💼 8.11 Data masking | | | | |
| 💼 8.12 Data leakage prevention | | | | |
| 💼 8.13 Information backup | | 1 | 2 | |
| 💼 8.14 Redundancy of information processing facilities | | | | |
| 💼 8.15 Logging | | 18 | 34 | |
| 💼 8.16 Monitoring activities | | 4 | 5 | |
| 💼 8.17 Clock synchronization | | | | |
| 💼 8.18 Use of privileged utility programs | | | | |
| 💼 8.19 Installation of software on operational systems | | | | |
| 💼 8.20 Networks security | | 5 | 14 | |
| 💼 8.21 Security of network services | | | | |
| 💼 8.22 Segregation of networks | | 4 | 4 | |
| 💼 8.23 Web filtering | | | | |
| 💼 8.24 Use of cryptography | | | | |
| 💼 8.25 Secure development life cycle | | 2 | 2 | |
| 💼 8.26 Application security requirements | | 2 | 2 | |
| 💼 8.27 Secure system architecture and engineering principles | | 1 | 4 | |
| 💼 8.28 Secure coding | | | | |
| 💼 8.29 Security testing in development and acceptance | | | | |
| 💼 8.30 Outsourced development | | | | |
| 💼 8.31 Separation of development, test and production environments | | | | |
| 💼 8.32 Change management | | | | |
| 💼 8.33 Test information | | | | |
| 💼 8.34 Protection of information systems during audit testing | | | | |