Tag: "A.12.6.1" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Filling SoA

    I already used risk ID's inside the SoA template and wrote down „Risk #8, #10, #38“ for example. I did it like Dejan’s video tutorial said. But control A.12.6.1 includes (in my opinion) almost any risks out of the risk assessment table and I would like to write a general statement for „reason for selection / exclusion“ instead of writing each risk ID down. Is this possible? I did it for some other controls inside the SoA already too.

  • Filling SoA justification

    I have a question about control A.12.6.1 handling of technical vulnerabilities (inside the SoA table). In the column „reason for selection / exclusion“ I could basically enter almost any risk from the risk assessment table. Cause a lot of risks are based on technical things. I'm guessing that's not the way to go(?) For some other controls out of this table I have chosen general statements as the "reason for selection / exclusion“ without mentioning the concrete risks out of the risk assessment table. Would that make sense with control A 12.6.1, too?