Policies for information security.
Information for security roles and responsibilities.
Segregation of duties.
Management responsibilities.
Contact with authorities.
Contact with special interest groups.
Threat intelligence.
Information in project management.
Inventory of information and other associated assets.
Acceptable use of information and other associated assets.
Return of assets.
Classification of information.
Labeling of information.
Information transfer.
Access control.
Identity management.
Authentication information.
Access rights.
Information security in supplier relationships.