Class: SecurityControl
A security control from Annex A of ISO/IEC 27001:2022, derived from ISO/IEC 27002:2022. Represents a measure that modifies risk.
classDiagram
class SecurityControl
click SecurityControl href "../SecurityControl/"
NamedEntity <|-- SecurityControl
click NamedEntity href "../NamedEntity/"
SecurityControl : applicable_assets
SecurityControl : applicable_threats
SecurityControl : control_category
SecurityControl --> "0..1" ControlCategory : control_category
click ControlCategory href "../ControlCategory/"
SecurityControl : control_id
SecurityControl : control_owner
SecurityControl : control_text
SecurityControl : control_title
SecurityControl : created_date
SecurityControl : description
SecurityControl : effectiveness_rating
SecurityControl : evidence_references
SecurityControl : id
SecurityControl : implementation_date
SecurityControl : implementation_guidance
SecurityControl : implementation_status
SecurityControl --> "0..1" ImplementationStatus : implementation_status
click ImplementationStatus href "../ImplementationStatus/"
SecurityControl : last_test_date
SecurityControl : modified_date
SecurityControl : name
SecurityControl : related_controls
SecurityControl --> "*" SecurityControl : related_controls
click SecurityControl href "../SecurityControl/"
SecurityControl : version
Inheritance
- NamedEntity
- SecurityControl
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| control_id | 0..1 String |
Control identifier from Annex A (e | direct |
| control_title | 0..1 String |
Title of the control | direct |
| control_category | 0..1 ControlCategory |
Domain category of the control | direct |
| control_text | 0..1 String |
Organization-authored control statement or external control summary | direct |
| implementation_guidance | 0..1 String |
Organization-authored implementation notes for the control | direct |
| related_controls | * SecurityControl |
Other controls related to this one | direct |
| applicable_threats | * String |
Threats this control addresses | direct |
| applicable_assets | * String |
Asset types this control applies to | direct |
| control_owner | 0..1 String |
Person responsible for the control | direct |
| implementation_status | 0..1 ImplementationStatus |
Current implementation status | direct |
| implementation_date | 0..1 Date |
Date the control was implemented | direct |
| effectiveness_rating | 0..1 String |
Rating of control effectiveness | direct |
| last_test_date | 0..1 Date |
Date the control was last tested | direct |
| evidence_references | * String |
References to evidence of implementation | direct |
| id | 1 Uriorcurie |
Unique identifier for this entity instance | NamedEntity |
| name | 1 String |
Human-readable name or title | NamedEntity |
| description | 0..1 String |
Detailed description of the entity | NamedEntity |
| created_date | 0..1 Date |
Date when the entity was created | NamedEntity |
| modified_date | 0..1 Date |
Date when the entity was last modified | NamedEntity |
| version | 0..1 String |
Version identifier for the entity | NamedEntity |
Usages
In Subsets
Comments
- 93 controls organized in four domains (organizational, people, physical, technological)
- Controls are referenced in risk treatment and SoA
- Supports organization-authored control statements and evidence links
- Reference: ISO/IEC 27001:2022 Annex A; ISO/IEC 27002:2022 Clauses 5-8. ISO/IEC standards text is copyright ISO - not reproduced here.
- The control_text slot must contain organization-authored content only, not ISO standards text.
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| iso27001_clause | 6.1.3 |
| annex_reference | Annex A |
Schema Source
- from schema: https://w3id.org/lmodel/iso27001
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | iso27001:SecurityControl |
| native | iso27001:SecurityControl |
| related | cis_controls:Safeguard |
LinkML Source
Direct
name: SecurityControl
annotations:
iso27001_clause:
tag: iso27001_clause
value: 6.1.3
annex_reference:
tag: annex_reference
value: Annex A
description: A security control from Annex A of ISO/IEC 27001:2022, derived from ISO/IEC
27002:2022. Represents a measure that modifies risk.
comments:
- 93 controls organized in four domains (organizational, people, physical, technological)
- Controls are referenced in risk treatment and SoA
- Supports organization-authored control statements and evidence links
- 'Reference: ISO/IEC 27001:2022 Annex A; ISO/IEC 27002:2022 Clauses 5-8. ISO/IEC
standards text is copyright ISO - not reproduced here.'
- The control_text slot must contain organization-authored content only, not ISO standards
text.
in_subset:
- annex_a_controls
from_schema: https://w3id.org/lmodel/iso27001
related_mappings:
- cis_controls:Safeguard
is_a: NamedEntity
slots:
- control_id
- control_title
- control_category
- control_text
- implementation_guidance
- related_controls
- applicable_threats
- applicable_assets
- control_owner
- implementation_status
- implementation_date
- effectiveness_rating
- last_test_date
- evidence_references
Induced
name: SecurityControl
annotations:
iso27001_clause:
tag: iso27001_clause
value: 6.1.3
annex_reference:
tag: annex_reference
value: Annex A
description: A security control from Annex A of ISO/IEC 27001:2022, derived from ISO/IEC
27002:2022. Represents a measure that modifies risk.
comments:
- 93 controls organized in four domains (organizational, people, physical, technological)
- Controls are referenced in risk treatment and SoA
- Supports organization-authored control statements and evidence links
- 'Reference: ISO/IEC 27001:2022 Annex A; ISO/IEC 27002:2022 Clauses 5-8. ISO/IEC
standards text is copyright ISO - not reproduced here.'
- The control_text slot must contain organization-authored content only, not ISO standards
text.
in_subset:
- annex_a_controls
from_schema: https://w3id.org/lmodel/iso27001
related_mappings:
- cis_controls:Safeguard
is_a: NamedEntity
attributes:
control_id:
name: control_id
description: Control identifier from Annex A (e.g., 5.1, 8.24).
comments:
- Format matches Annex A numbering
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: control_id
owner: SecurityControl
domain_of:
- SecurityControl
range: string
pattern: ^[5-8]\.[0-9]{1,2}$
control_title:
name: control_title
description: Title of the control.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: control_title
owner: SecurityControl
domain_of:
- SecurityControl
range: string
control_category:
name: control_category
description: Domain category of the control.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: control_category
owner: SecurityControl
domain_of:
- SecurityControl
range: ControlCategory
control_text:
name: control_text
description: Organization-authored control statement or external control summary.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: control_text
owner: SecurityControl
domain_of:
- SecurityControl
range: string
implementation_guidance:
name: implementation_guidance
description: Organization-authored implementation notes for the control.
comments:
- May reference internal standards, procedures, or external licensed sources
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: implementation_guidance
owner: SecurityControl
domain_of:
- SecurityControl
range: string
related_controls:
name: related_controls
description: Other controls related to this one.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: related_controls
owner: SecurityControl
domain_of:
- InformationSecurityObjective
- SecurityControl
- OperationalProcedure
range: SecurityControl
multivalued: true
applicable_threats:
name: applicable_threats
description: Threats this control addresses.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: applicable_threats
owner: SecurityControl
domain_of:
- SecurityControl
range: string
multivalued: true
applicable_assets:
name: applicable_assets
description: Asset types this control applies to.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: applicable_assets
owner: SecurityControl
domain_of:
- SecurityControl
range: string
multivalued: true
control_owner:
name: control_owner
description: Person responsible for the control.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: control_owner
owner: SecurityControl
domain_of:
- SecurityControl
range: string
implementation_status:
name: implementation_status
description: Current implementation status.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: implementation_status
owner: SecurityControl
domain_of:
- RiskTreatmentPlan
- SoAEntry
- SecurityControl
range: ImplementationStatus
implementation_date:
name: implementation_date
description: Date the control was implemented.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: implementation_date
owner: SecurityControl
domain_of:
- SecurityControl
range: date
effectiveness_rating:
name: effectiveness_rating
description: Rating of control effectiveness.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: effectiveness_rating
owner: SecurityControl
domain_of:
- SecurityControl
range: string
last_test_date:
name: last_test_date
description: Date the control was last tested.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: last_test_date
owner: SecurityControl
domain_of:
- SecurityControl
range: date
evidence_references:
name: evidence_references
description: References to evidence of implementation.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: evidence_references
owner: SecurityControl
domain_of:
- SecurityControl
range: string
multivalued: true
id:
name: id
description: Unique identifier for this entity instance.
comments:
- Should use consistent URI/CURIE format across the dataset
examples:
- value: iso27001:risk-001
- value: iso27001:control-5.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
identifier: true
alias: id
owner: SecurityControl
domain_of:
- NamedEntity
range: uriorcurie
required: true
name:
name: name
description: Human-readable name or title.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: name
owner: SecurityControl
domain_of:
- NamedEntity
range: string
required: true
description:
name: description
description: Detailed description of the entity.
comments:
- Should provide sufficient detail for understanding without external reference
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: description
owner: SecurityControl
domain_of:
- NamedEntity
range: string
created_date:
name: created_date
description: Date when the entity was created.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: created_date
owner: SecurityControl
domain_of:
- NamedEntity
range: date
modified_date:
name: modified_date
description: Date when the entity was last modified.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: modified_date
owner: SecurityControl
domain_of:
- NamedEntity
range: date
version:
name: version
description: Version identifier for the entity.
comments:
- Supports document control requirements per 7.5.3 e)
examples:
- value: '1.0'
- value: 2.3.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: version
owner: SecurityControl
domain_of:
- NamedEntity
range: string