ISO 27001:2022 Mapping for Implementation

jonashirner · jonashirner · commit d97054c62c0b · 2023-03-30T09:56:57.000+02:00
diff --git a/src/assets/YAML/default/Implementation/ApplicationHardening.yaml b/src/assets/YAML/default/Implementation/ApplicationHardening.yaml
@@ -23,10 +23,11 @@ Implementation:
         samm2:
         - D-SR-2-A
         iso27001-2017:
-        - hardening is not explicitly covered by ISO 27001 - too specific
+        - Hardening is not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -53,10 +54,11 @@ Implementation:
         samm2:
         - D-SR-3-A
         iso27001-2017:
-        - hardening is not explicitly covered by ISO 27001 - too specific
+        - Hardening is not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -102,10 +104,11 @@ Implementation:
         samm2:
         - D-SR-1-A
         iso27001-2017:
-        - hardening is not explicitly covered by ISO 27001 - too specific
+        - Hardening is not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -132,10 +135,11 @@ Implementation:
         samm2:
         - D-SR-3-A
         iso27001-2017:
-        - hardening is not explicitly covered by ISO 27001 - too specific
+        - Hardening is not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Hardening is not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
diff --git a/src/assets/YAML/default/Implementation/DevelopmentAndSourceControl.yaml b/src/assets/YAML/default/Implementation/DevelopmentAndSourceControl.yaml
@@ -68,11 +68,12 @@ Implementation:
         samm2:
         - V-ST-1-A
         iso27001-2017:
+        - 14.2.1  
+        - 14.2.5
+        iso27001-2022:
         - 8.25  # Secure development lifecycle
         - 8.27  # Secure system architecture and engineering principles
         - 8.28  # Secure coding
-        iso27001-2022:
-        - ISO 27001:2022 mapping is missing
       isImplemented: false
       evidence: ""
       comments: ""
@@ -98,11 +99,13 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - peer review - four eyes principle is not explicitly required by ISO 27001
+        - Peer review - four eyes principle is not explicitly required by ISO 27001
         - 6.1.2
         - 14.2.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Peer review - four eyes principle is not explicitly required by ISO 27001
+        - 5.3
+        - 8.25
       isImplemented: false
       evidence: ""
       comments: ""
@@ -124,12 +127,14 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 12.1.1
         - 12.1.2
         - 14.2.2
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 5.37
+        - 8.32
       isImplemented: false
       evidence: ""
       comments: ""
@@ -153,11 +158,13 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - 5.17    # Authentication information
+        - 9.2.4
         - 6.1.2   # Segregation of duties.
         - 14.2.1  # Secure development policies.
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 5.17    # Authentication information
+        - 5.3
+        - 8.25
         d3f:
         - Multi-factorAuthentication
       isImplemented: false
diff --git a/src/assets/YAML/default/Implementation/InfrastructureHardening.yaml b/src/assets/YAML/default/Implementation/InfrastructureHardening.yaml
@@ -21,12 +21,15 @@ Implementation:
         samm2:
         - TODO
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 9.1.1
         - 9.4.2
         - 14.2.5
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 5.15
+        - 8.5
+        - 8.27
       isImplemented: false
       evidence: ""
       comments: ""
@@ -45,10 +48,11 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - virtual environments are not explicitly covered by ISO 27001 - too specific
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -72,10 +76,11 @@ Implementation:
         samm2:
         - TODO
         iso27001-2017:
-        - "12.3"
+        - 12.3
         - 14.2.6
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.13
+        - 8.31
       isImplemented: false
       evidence: ""
       comments: ""
@@ -94,11 +99,13 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 14.2.1
         - 14.2.5
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 8.25
+        - 8.27
       isImplemented: false
       evidence: ""
       comments: ""
@@ -120,10 +127,11 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - virtual environments are not explicitly covered by ISO 27001 - too specific
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -144,10 +152,11 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 17.2.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 8.14
       isImplemented: false
       evidence: ""
       comments: ""
@@ -173,11 +182,13 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 12.1.1
         - 12.1.2
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 5.37
+        - 8.32
       isImplemented: false
       evidence: ""
       comments: ""
@@ -203,10 +214,11 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - virtual environments are not explicitly covered by ISO 27001 - too specific
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
         - 13.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
+        - 8.22
       isImplemented: false
       evidence: ""
       comments: ""
@@ -230,7 +242,7 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - system hardening is not explicitly covered by ISO 27001 - too specific
+        - System hardening is not explicitly covered by ISO 27001 - too specific
         iso27001-2022:
         - ISO 27001:2022 mapping is missing
       isImplemented: false
@@ -251,7 +263,7 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001
+        - Not explicitly covered by ISO 27001
         iso27001-2022:
         - ISO 27001:2022 mapping is missing
       isImplemented: false
@@ -282,7 +294,8 @@ Implementation:
         - 12.1.4
         - 17.2.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.31
+        - 8.14
       isImplemented: false
       evidence: ""
       comments: ""
@@ -309,7 +322,7 @@ Implementation:
         iso27001-2017:
         - 9.4.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.3
       isImplemented: false
       evidence: ""
       comments: ""
@@ -333,7 +346,7 @@ Implementation:
         iso27001-2017:
         - 9.4.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.3
       isImplemented: false
       evidence: ""
       comments: ""
@@ -385,10 +398,11 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 17.1.3
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 5.29
       isImplemented: false
       evidence: ""
       comments: ""
@@ -432,7 +446,7 @@ Implementation:
         iso27001-2017:
         - 10.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.24
       isImplemented: false
       evidence: ""
       comments: ""
@@ -454,7 +468,7 @@ Implementation:
         iso27001-2017:
         - 10.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.24
       isImplemented: false
       evidence: ""
       comments: ""
@@ -477,7 +491,7 @@ Implementation:
         iso27001-2017:
         - 10.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - 8.24
       isImplemented: false
       evidence: ""
       comments: ""
@@ -526,11 +540,13 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - not explicitly covered by ISO 27001 - too specific
+        - Not explicitly covered by ISO 27001 - too specific
         - 12.1.4
         - 17.2.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Not explicitly covered by ISO 27001 - too specific
+        - 8.31
+        - 8.14
       isImplemented: false
       evidence: ""
       comments: ""
@@ -552,12 +568,15 @@ Implementation:
         samm2:
         - O-EM-1-A
         iso27001-2017:
-        - virtual environments are not explicitly covered by ISO 27001 - too specific
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
         - 12.1.3
         - 13.1.3
         - 17.2.1
         iso27001-2022:
-        - ISO 27001:2022 mapping is missing
+        - Virtual environments are not explicitly covered by ISO 27001 - too specific
+        - 8.6
+        - 8.22
+        - 8.14
       isImplemented: false
       evidence: ""
       comments: ""
