| Application & Interface Security | Application Security |
| Application & Interface Security | Customer Access Requirements |
| Application & Interface Security | Data Integrity |
| Application & Interface Security | Data Security / Integrity |
| Audit Assurance & Compliance | Audit Planning |
| Audit Assurance & Compliance | Independent Audits |
| Audit Assurance & Compliance | Information System Regulatory Mapping |
| Business Continuity Management & Operational Resilience | Business Continuity Planning |
| Business Continuity Management & Operational Resilience | Business Continuity Testing |
| Business Continuity Management & Operational Resilience | Datacenter Utilities / Environmental Conditions |
| Business Continuity Management & Operational Resilience | Documentation |
| Business Continuity Management & Operational Resilience | Environmental Risks |
| Business Continuity Management & Operational Resilience | Equipment Location |
| Business Continuity Management & Operational Resilience | Equipment Maintenance |
| Business Continuity Management & Operational Resilience | Equipment Power Failures |
| Business Continuity Management & Operational Resilience | Impact Analysis |
| Business Continuity Management & Operational Resilience | Policy |
| Business Continuity Management & Operational Resilience | Retention Policy |
| Change Control & Configuration Management | New Development / Acquisition |
| Change Control & Configuration Management | Outsourced Development |
| Change Control & Configuration Management | Quality Testing |
| Change Control & Configuration Management | Unauthorized Software Installations |
| Change Control & Configuration Management | Production Changes |
| Data Security & Information Lifecycle Management | Classification |
| Data Security & Information Lifecycle Management | Data Inventory / Flows |
| Data Security & Information Lifecycle Management | Ecommerce Transactions |
| Data Security & Information Lifecycle Management | Handling / Labeling / Security Policy |
| Data Security & Information Lifecycle Management | Non-Production Data |
| Data Security & Information Lifecycle Management | Ownership / Stewardship |
| Data Security & Information Lifecycle Management | Secure Disposal |
| Datacenter Security | Asset Management |
| Datacenter Security | Controlled Access Points |
| Datacenter Security | Equipment Identification |
| Datacenter Security | Off-Site Authorization |
| Datacenter Security | Off-Site Equipment |
| Datacenter Security | Policy |
| Datacenter Security | Secure Area Authorization |
| Datacenter Security | Unauthorized Persons Entry |
| Datacenter Security | User Access |
| Encryption & Key Management | Entitlement |
| Encryption & Key Management | Key Generation |
| Encryption & Key Management | Sensitive Data Protection |
| Encryption & Key Management | Storage and Access |
| Governance and Risk Management | Baseline Requirements |
| Governance and Risk Management | Data Focus Risk Assessments |
| Governance and Risk Management | Management Oversight |
| Governance and Risk Management | Management Program |
| Governance and Risk Management | Management Support/Involvement |
| Governance and Risk Management | Policy |
| Governance and Risk Management | Policy Enforcement |
| Governance and Risk Management | Policy Impact on Risk Assessments |
| Governance and Risk Management | Policy Reviews |
| Governance and Risk Management | Risk Assessments |
| Governance and Risk Management | Risk Management Framework |
| Human Resources | Asset Returns |
| Human Resources | Background Screening |
| Human Resources | Employment Agreements |
| Human Resources | Employment Termination |
| Human Resources | Mobile Device Management |
| Human Resources | Non-Disclosure Agreements |
| Human Resources | Roles / Responsibilities |
| Human Resources | Technology Acceptable Use |
| Human Resources | Training / Awareness |
| Human Resources | User Responsibility |
| Human Resources | Workspace |
| Identity & Access Management | Audit Tools Access |
| Identity & Access Management | Credential Lifecycle / Provision Management |
| Identity & Access Management | Diagnostic / Configuration Ports Access |
| Identity & Access Management | Policies and Procedures |
| Identity & Access Management | Segregation of Duties |
| Identity & Access Management | Source Code Access Restriction |
| Identity & Access Management | Third Party Access |
| Identity & Access Management | Trusted Sources |
| Identity & Access Management | User Access Authorization |
| Identity & Access Management | User Access Reviews |
| Identity & Access Management | User Access Revocation |
| Identity & Access Management | User ID Credentials |
| Identity & Access Management | Utility Programs Access |
| Infrastructure & Virtualization Security | Audit Logging / Intrusion Detection |
| Infrastructure & Virtualization Security | Change Detection |
| Infrastructure & Virtualization Security | Clock Synchronization |
| Infrastructure & Virtualization Security | Information System Documentation |
| Infrastructure & Virtualization Security | Vulnerability Management |
| Infrastructure & Virtualization Security | Network Security |
| Infrastructure & Virtualization Security | OS Hardening and Base Controls |
| Infrastructure & Virtualization Security | Production / Non-Production Environments |
| Infrastructure & Virtualization Security | Segmentation |
| Infrastructure & Virtualization Security | VM Security - Data Protection |
| Infrastructure & Virtualization Security | Hypervisor Hardening |
| Infrastructure & Virtualization Security | Wireless Security |
| Infrastructure & Virtualization Security | Network Architecture |
| Interoperability & Portability | APIs |
| Interoperability & Portability | Data Request |
| Interoperability & Portability | Policy & Legal |
| Interoperability & Portability | Standardized Network Protocols |
| Interoperability & Portability | Virtualization |
| Mobile Security | Anti-Malware |
| Mobile Security | Application Stores |
| Mobile Security | Approved Applications |
| Mobile Security | Approved Software for BYOD |
| Mobile Security | Awareness and Training |
| Mobile Security | Cloud Based Services |
| Mobile Security | Compatibility |
| Mobile Security | Device Eligibility |
| Mobile Security | Device Inventory |
| Mobile Security | Device Management |
| Mobile Security | Encryption |
| Mobile Security | Jailbreaking and Rooting |
| Mobile Security | Legal |
| Mobile Security | Lockout Screen |
| Mobile Security | Operating Systems |
| Mobile Security | Passwords |
| Mobile Security | Policy |
| Mobile Security | Remote Wipe |
| Mobile Security | Security Patches |
| Mobile Security | Users |
| Security Incident Management, E-Discovery & Cloud Forensics | Contact / Authority Maintenance |
| Security Incident Management, E-Discovery & Cloud Forensics | Incident Management |
| Security Incident Management, E-Discovery & Cloud Forensics | Incident Reporting |
| Security Incident Management, E-Discovery & Cloud Forensics | Incident Response Legal Preparation |
| Security Incident Management, E-Discovery & Cloud Forensics | Incident Response Metrics |
| Supply Chain Management, Transparency and Accountability | Data Quality and Integrity |
| Supply Chain Management, Transparency and Accountability | Incident Reporting |
| Supply Chain Management, Transparency and Accountability | Network / Infrastructure Services |
| Supply Chain Management, Transparency and Accountability | Provider Internal Assessments |
| Supply Chain Management, Transparency and Accountability | Supply Chain Agreements |
| Supply Chain Management, Transparency and Accountability | Supply Chain Governance Reviews |
| Supply Chain Management, Transparency and Accountability | Supply Chain Metrics |
| Supply Chain Management, Transparency and Accountability | Third Party Assessment |
| Supply Chain Management, Transparency and Accountability | Third Party Audits |
| Threat and Vulnerability Management | Anti-Virus / Malicious Software |
| Threat and Vulnerability Management | Vulnerability / Patch Management |
| Threat and Vulnerability Management | Mobile Code |