Latest updates

Updated in the latest version 3.9

Chapter 16. Authentication and Access Controls: Section16.1. Identification, Authentication, and Authorisation

  • ID 15351 - 16.1.1 has changed – Edit Content
  • ID 15354 - 16.1.2 has changed – Edit Content
  • ID 18192 - 16.1.3 is new – New Content
  • ID 18192 - 16.1.3 is new – New Content
  • ID 18193 - 16.1.4 is new – New Content
  • ID 18194 - 16.1.5 is new – New Content
  • ID 18195 - 16.1.6 is new – New Content
  • ID 18197 - 16.1.7 is new – New Content
  • ID 18198 - 16.1.8 is new – New Content
  • ID 18160 - 16.1.9 is new – New Content
  • ID 18161 - 16.1.10 is new – New Content
  • ID 18162 - 16.1.11 is new – New Content
  • ID 18163 - 16.1.12 is new – New Content
  • ID 18200 - 16.1.13 is new – New Content
  • ID 18201 - 16.1.14 is new – New Content
  • ID 18203- 16.1.15 is new – New Content
  • ID 18205 - 16.1.16 is new – New Content
  • ID 18206 - 16.1.17 is new – New Content
  • ID 18207 - 16.1.18 is new – New Content
  • ID 18208- 16.1.19 is new – New Content
  • ID 18209 - 16.1.20 is new – New Content
  • ID 18210 - 16.1.21 is new – New Content

Rationale & Controls

Policies and procedures

  • ID 15394 - 16.1.24.R.01. has changed – Edit Rationale

Implement zero trust principles

  • ID 18212 – 16.1.25.R.01. is new – New Rationale
  • ID 18213 - 16.1.25.C.01. is new – New Control [CID:7541]

Shared accounts

  • ID 18216 - 16.1.27.C.02. is new – New Control [CID:7542]

Methods for system user identification

  • ID 15408 - 16.1.29.R.01. has changed – Edit Rationale

Centralisation of Identification and authentication management

  • ID 18215 – 16.1.30.R.01. is new – New Rationale
  • ID 18217 – 16.1.30.R.02. is new – New Rationale
  • ID 18219 - 16.1.30.C.01. is new – New Control [CID:7543]

Passwords and policies

  • ID 18221 – 16.1.31.R.01. is new – New Rationale
  • ID 18222 – 16.1.31.R.02. is new – New Rationale
  • ID 18223 – 16.1.31.R.03. is new – New Rationale
  • ID 18224 – 16.1.31.R.04. is new – New Rationale
  • ID 18225 – 16.1.31.R.05. is new – New Rationale
  • ID 18226 – 16.1.31.R.06. is new – New Rationale
  • ID 18227 – 16.1.31.R.07. is new – New Rationale
  • ID 18228 – 16.1.31.R.08. is new – New Rationale
  • ID 18229 – 16.1.31.R.09. is new – New Rationale
  • ID 18230 – 16.1.31.R.10. is new – New Rationale
  • ID 18231 - 16.1.31.C.01. is new – New Control [CID:7544]
  • ID 18232 - 16.1.31.C.02. is new – New Control [CID:7545]
  • ID 18233 - 16.1.31.C.03. is new – New Control [CID:7546]
  • ID 18234 - 16.1.31.C.04. is new – New Control [CID:7547]
  • ID 18241 - 16.1.31.C.05. has changed – Edit Control [CID:1869]
  • ID 18235 - 16.1.31.C.06. is new – New Control [CID:7548]
  • ID 18243 - 16.1.31.C.07. is new – New Control [CID:7549]

Hashing

  • ID 15419 - 16.1.34.C.01. has changed – Edit Control [CID:6553]
  • ID 18276 - 16.1.34.C.01. is new – New Control [CID:7562]

Resetting passwords and authentication vectors

  • ID 15445 - 16.1.36.R.01. has changed – Edit Rationale
  • ID 15447 - 16.1.36.C.01 has changed – Edit Control [CID:1875]
  • ID 18248 - 16.1.36.C.02. is new – New Control [CID:7551]
  • ID 18249 - 16.1.36.C.03. is new – New Control [CID:7553]

Securing Passwords

  • ID 18265 - 16.1.37.R.01. is new – New Rationale
  • ID 18266 - 16.1.37.R.02. is new – New Rationale
  • ID 18267 - 16.1.37.R.03. is new – New Rationale
  • ID 18268 - 16.1.37.R.04. is new – New Rationale
  • ID 18269 - 16.1.37.C.01. is new – New Control [CID:7558]
  • ID 18270 - 16.1.37.C.02. is new – New Control [CID:7559]

Passwordless Authentication

  • ID 18253 - 16.1.38.R.01. is new – New Rationale
  • ID 18254 - 16.1.38.R.02. is new – New Rationale
  • ID 18255 - 16.1.38.R.03. is new – New Rationale
  • ID 18256 - 16.1.38.R.04. is new – New Rationale
  • ID 18257 - 16.1.38.R.05. is new – New Rationale
  • ID 18258 - 16.1.38.R.06. is new – New Rationale
  • ID 18259 - 16.1.38.R.07. is new – New Rationale
  • ID 18260 - 16.1.38.C.01. is new – New Control [CID:7556]

Disabling vulnerable authentication mechanisms

  • ID 18251 - 16.1.39.C.01. is new – New Control [CID:7554]
  • ID 15450 - 16.1.39.C.02. has changed – Edit Control [CID:1878]

Session termination

  • ID 18246 – 16.1.40.R.03. is new – New Rationale
  • ID 15453 - 16.1.40.C.01. has changed – Edit Control [CID:1881]

Suspension of access

  • ID 15464 - 16.1.40.C.01. has changed – Edit Control [CID:1892]

 

Chapter 16. Authentication and Access Controls: Section16.1. Identification, Authentication, and Authorisation: Deleted Controls

[CID:1857] [CID:1858] [CID:1868] [CID:1870] [CID:1871] [CID:1904] [CID:1909] [CID:1910] 

 

Chapter 16. Authentication and Access Controls: Section 16.2. System Access

  • ID 15501 - 16.2.4.R.01. has changed – Edit Rationale
  • ID 15502 – 16.2.4.C.01. has changed – Edit Control [CID:1930]

 

Chapter 16. Authentication and Access Controls: Section 16.3. Privileged User Access: Deleted Controls

[CID:1946]

 

Chapter 16. Authentication and Access Controls: Section 16.4. Privileged Access Management

  • ID 18239 - 16.4.14 is new – New Content
  • ID 18237 - 16.4.15 is new – New Content
  • ID 18240 - 16.4.16 is new – New Content
  • ID 18241 - 16.4.17 is new – New Content
  • ID 18242 - 16.4.18 is new – New Content
  • ID 18244 - 16.4.22 is new – New Content
  • ID 15582 – 16.4.39.C.01. has changed – Edit Control [CID:6852]

Chapter 16. Authentication and Access Controls: Section 16.5. Remote Access

  • ID 18261 – 16.5.12.R.03. is new – New Rationale
  • ID 18162 - 16.5.12.C.02. is new – New Control [CID:7555]

 

Chapter 16. Authentication and Access Controls: Section 16.6. Event monitoring, logging and auditing

  • ID 15655 – 16.6.9.C.01. has changed – Edit Control [CID:2009]
  • ID 15659 – 16.6.10.C.02. has changed – Edit Control [CID:2013]
  • ID 15676 – 16.6.13.C.04. has changed – Edit Control [CID:2030]
  • ID 15677 - 16.6.13.C.05. has changed – Edit Control [CID:2031]
  • ID 18272 – 16.6.15.R.01. is new – New Rationale
  • ID 18273 – 16.6.15.R.02. is new – New Rationale
  • ID 18274 - 16.6.15.C.01. is new – New Control [CID:7560]
  • ID 18275 - 16.6.15.C.02. is new – New Control [CID:7561]

 

Chapter 16. Authentication and Access Controls: Section 16.7. Multi-Factor authentication

  • ID 15683 - 16.7.1 has changed – Edit Content
  • ID 15686 - 16.7.2 has changed – Edit Content
  • ID 15690 - 16.7.5 has changed – Edit Content
  • ID 15691 - 16.7.6 is new – New Content
  • ID 15692 - 16.7.7 has changed – Edit Content
  • ID 15693 - 16.7.8 is new – New Content
  • ID 15696 - 16.7.11 is new – New Content
  • ID 18278 - 16.7.12 is new – New Content
  • ID 18279 - 16.7.13 is new – New Content
  • ID 18280 - 16.7.14 is new – New Content
  • ID 18281 - 16.7.15 is new – New Content
  • ID 18282 - 16.7.16 is new – New Content
  • ID 18283 - 16.7.17 is new – New Content
  • ID 18284 - 16.7.18 is new – New Content
  • ID 18285 - 16.7.19 is new – New Content
  • ID 18286 - 16.7.20 is new – New Content
  • ID 18289 – 16.7.42.R.02. is new – New Rationale
  • ID 18293 – 16.7.42.R.03. is new – New Rationale
  • ID 18294 – 16.7.42.R.04. is new – New Rationale
  • ID 18287- 16.7.42.C.01. is new – New Control [CID:7563]
  • ID 18288 - 16.7.42.C.03. is new – New Control [CID:7564]
  • ID 18289 - 16.7.42.C.04. is new – New Control [CID:7565]
  • ID 18290 - 16.7.42.C.05. is new – New Control [CID:7566]
  • ID 18291 - 16.7.42.C.06. is new – New Control [CID:7567]

 

Chapter 7. Information Security Incidents: Section 7.1. Detecting Information Security Incidents

  • ID 13100 - 7.1.1 has changed – Edit Content
  • ID 13113– 7.1.7.R.02. has changed – Edit Rationale
  • ID 13114 - 7.1.7.R.03. is new – New Rationale
  • ID 13115 – 7.1.7.R.04. has changed – Edit Rationale
  • ID 13116 – 7.1.7.R.05. has changed – Edit Rationale
  • ID 13118 - 7.1.7.C.02. has changed – Edit Control [CID:1154]

 

Chapter 7. Information Security Incidents: Section 7.2. Reporting Information Security Incidents

  • ID 13122 - 7.2.1 has changed – Edit Content
  • ID 13123 - 7.2.2 has changed – Edit Content
  • ID 13126 - 7.2.3 is new – Edit
  • ID 13131 – 7.2.7 is new – New Content
  • ID 18172 – 7.2.8 is new – Edit
  • ID 18178– 7.2.13 is new – Edit
  • ID 18179 – 7.2.14 is new – Edit
  • ID 18180 – 7.2.15 is new – Edit
  • ID 13155 - 7.2.20.R.01. is new – New Rationale
  • ID 18050 – 7.2.20.C.03. is new – New Control [CID:7536]

 

Chapter 7. Information Security Incidents: Section 7.3. Managing Information Security Incidents

  • ID 13179 - 7.3.1 has changed – Edit Content
  • ID 18299 – 7.3.5.R.02. is new – New Rationale
  • ID 13192 - 7.3.6.C.01. has changed – Edit Control [CID:1264]
  • ID 13193 - 7.3.6.C.02. has changed – Edit Control [CID:1266]
  • ID 13201 - 7.3.7.C.06. has changed – Edit Control [CID:1277]

Chapter 11. Communications systems and devices: Section 11.6 Secure Spaces: Deleted Controls

 [CID:3052] [CID:3054] [CID:3055]

Chapter 11. Communications systems and devices: Section 11.8 Multifunction devices, network printers and fax machines.

  • ID 18186 - 11.8.13.R.01. is new – New Rationale
  • ID 18187 - 11.8.13.C.01. is new – New Control [CID:7537]

 

Chapter 18. Network Security: Section 18.2 Wireless Local Area Networks

  • ID 16265 - 18.2.9.R.01. is new – New Rationale
  • ID 16266 - 18.2.9.R.02. has changed – Edit Rationale
  • ID 18188 - 18.2.9.C.01. is new – New Control [CID:7538]
  • ID 16308 - 18.2.19.R.01. is new – New Rationale
  • ID 18189 - 18.2.19.C.01. is new – New Control [CID:7539]
  • ID 16309 - 18.2.19.C.02. has changed – Edit Control [CID:3386]
  • ID 18190 - 18.2.19.C.03. is new – New Control [CID:7540]
  • ID 16319 - 18.2.22.R.01. is new – New Rationale

 

  • ID 17216 - Enterprise systems security has changed