Annex A.8

Question 1

A.8.1

Answer 1

User Endpoint Devices

Question 2

A.8.2

Answer 2

Privileged Access Rights

Question 3

A.8.3

Answer 3

Information Access Restriction

Question 4

A.8.4

Answer 4

Access to source code

Question 5

A.8.5

Answer 5

Secure Authentication

Question 6

A.8.6

Answer 6

Capacity Management

Question 7

A.8.7

Answer 7

Protection against Malware

Question 8

A.8.8

Answer 8

Management of technical vulnerabilities

Question 9

A.8.9

Answer 9

Configuration Management

Question 10

A.8.10

Answer 10

Information Deletion

Question 11

A.8.11

Answer 11

Data Masking

Question 12

A.8.12

Answer 12

Data Leakage Prevention

Question 13

A.8.13

Answer 13

Information Backup

Question 14

A.8.14

Answer 14

Redundancy of Information processing facilities

Question 15

A.8.15

Answer 15

Logging

Question 16

A.8.16

Answer 16

Monitoring activities

Question 17

A.8.17

Answer 17

Clock Synchronization

Question 18

A.8.18

Answer 18

Use of privileged utility programs

Question 19

A.8.19

Answer 19

Installation of software on operational systems

Question 20

A.8.20

Answer 20

Network Security

Question 21

A.8.21

Answer 21

Security of Network Services

Question 22

A.8.22

Answer 22

Segregation of Networks

Question 23

A.8.23

Answer 23

Web filtering

Question 24

A.8.24

Answer 24

Use of cryptography

Question 25

A.8.25

Answer 25

Secure Development Lifecycle

Question 26

A.8.26

Answer 26

Application Security Requirements

Question 27

A.8.27

Answer 27

Secure System Architecture and Engineering Principle

Question 28

A.8.28

Answer 28

Secure Coding

Question 29

A.8.29

Answer 29

Security Testing in Development and Acceptance

Question 30

A.8.30

Answer 30

Outsourced Development

Question 31

A.8.31

Answer 31

Separation of Development, Test, and Production Environments

Question 32

A.8.32

Answer 32

Change Management

Question 33

A.8.33

Answer 33

Test Information

Question 34

A.8.34

Answer 34

Protection of Information Systems during Audit Testing