ISO 27001 · A.8 Technological
A.8.9 Configuration management
Establish, document, implement, monitor and review the configuration of hardware, software, services and networks.
Mapped across 10 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
4.1 Establish and maintain a secure configuration processSecure configuration & hardening
- NIST 800-53EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
CM-6 Configuration settingsSecure configuration & hardening
- Cyber EssentialsEquivalentCuratedCE-2 Secure configuration
Secure configuration & hardening
- Cyber EssentialsPartialCuratedCE-1 Firewalls
Secure configuration & hardening
- Essential EightPartialCuratedE8-5 Application control
Secure configuration & hardening
- Essential EightPartialCuratedE8-6 Restrict Microsoft Office macros
Secure configuration & hardening
- Essential EightPartialCuratedE8-7 User application hardening
Secure configuration & hardening
- NIST 800-171EquivalentCurated3.4.2 Establish and enforce security configuration settings
Secure configuration & hardening
- NIST CSF 2.0EquivalentCuratedPR.PS-01 Configuration management practices established
Secure configuration & hardening
- PCI DSSEquivalentCuratedReq. 2 Apply secure configurations to all system components
Secure configuration & hardening