Compliance Frameworks Reference

Nghị định 85/2016/NĐ-CP — An toàn thông tin theo cấp độ

5 Security Levels:

Thông tư 12/2022/TT-BTTTT

Chi tiết hóa yêu cầu đảm bảo ATTT cho từng cấp độ, bao gồm:

• Yêu cầu kiểm tra, đánh giá ATTT
• Giám sát an toàn thông tin
• Ứng cứu sự cố
• Kiểm tra, đánh giá định kỳ

ISO/IEC 27001:2022 — Quick Reference

Annex A Control Domains (93 controls in 4 themes):

1. Organizational (37): Policies, roles, threat intel, asset management, access control, supplier relationships, incident management, compliance
2. People (8): Screening, terms, awareness, disciplinary, termination, remote working, reporting
3. Physical (14): Perimeters, entry, offices, monitoring, utilities, cabling, equipment, storage media, maintenance
4. Technological (34): Endpoints, privileged access, access restriction, source code, authentication, capacity, malware, vulnerabilities, logging, network, web filtering, cryptography, SDLC, testing, change management, data masking, DLP, monitoring, redundancy

Key New Controls in 2022:

• A.5.7 Threat intelligence
• A.5.23 Cloud services security
• A.5.30 ICT readiness for business continuity
• A.7.4 Physical security monitoring
• A.8.9 Configuration management
• A.8.10 Information deletion
• A.8.11 Data masking
• A.8.12 Data leakage prevention
• A.8.16 Monitoring activities
• A.8.23 Web filtering
• A.8.28 Secure coding

NIST CSF 2.0 — Quick Reference

6 Functions:

1. GOVERN (GV): Organizational context, risk management strategy, roles, policy, oversight, supply chain
2. IDENTIFY (ID): Asset management, risk assessment, improvement
3. PROTECT (PR): Identity management, awareness, data security, platform security, technology resilience
4. DETECT (DE): Continuous monitoring, adverse event analysis
5. RESPOND (RS): Incident management, analysis, mitigation, reporting, communication
6. RECOVER (RC): Incident recovery plan execution, communication

Cross-Framework Control Mapping (Top 20)