ISO 27001:2013新版的要求控制項,由原先ISO 27001:2005的A.5至A.15變成A.5至A.18,控制措施的數量由133減至114個。
原先ISO 27001:2005年版本的通訊與作業管理被獨立出來變成 “Operations Security"與 "Communication Security",另外新增了2個新的領域加以控制:Cryptography(密碼加密) 、Supplier relationship (供應商關係)。
ISO 27001:2013控制項資訊彙整如下:
A.5 Information security policies
A.6 Organization of information security
A.7 Human resource security
A.8 Asset management
A.9 Access control
A.10 Cryptography (New)
A.11 Physical and enviromental security
A.12 Operations security
A.13 Communication security
A.14 System acquisition,development and maintenance security
A.15 Supplier relationships (New)
A.16 Information security incident management
A.17 Information security aspects of business continuity management
A.18 Compliance
