Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ISO 27001
  3. >Technological Controls
  4. >ISO27001-8.8
ISO27001-8.8Active

Management of technical vulnerabilities

Statement

Information about technical vulnerabilities of information systems in use should be obtained, the organisation’s exposure to such vulnerabilities should be evaluated and appropriate measures should be taken.

Location

Control Group
Technological Controls

Control Details

Identifier
ISO27001-8.8
Number
Annex A 8.8

Classification

Annex A Control

Control Group

Implementation Guidance

Information about technical vulnerabilities of information systems in use should be obtained, the organisation’s exposure to such vulnerabilities should be evaluated and appropriate measures should...

AESCSF
AESCSF-RISK-2drelatedvia aescsf-reference
AESCSF-RISK-2irelatedvia aescsf-reference
AESCSF-RISK-3brelatedvia aescsf-reference
AESCSF-THREAT-1arelatedvia aescsf-reference
AESCSF-THREAT-1brelatedvia aescsf-reference
View in graphReport an issue
← Back to Technological Controls
Technological Controls34 controls
ISO27001-8.1User endpoint devicesISO27001-8.2Privileged access rightsISO27001-8.3Information access restrictionISO27001-8.4Access to source codeISO27001-8.5Secure authenticationISO27001-8.6Capacity managementISO27001-8.7Protection against malwareISO27001-8.8Management of technical vulnerabilitiesISO27001-8.9Configuration managementISO27001-8.10Information deletionISO27001-8.11Data maskingISO27001-8.12Data leakage preventionISO27001-8.13Information backupISO27001-8.14Redundancy of information processing facilitiesISO27001-8.15LoggingISO27001-8.16Monitoring activitiesISO27001-8.17Clock synchronizationISO27001-8.18Use of privileged utility programsISO27001-8.19Installation of software on operational systemsISO27001-8.20Networks securityISO27001-8.21Security of network servicesISO27001-8.22Segregation of networksISO27001-8.23Web filteringISO27001-8.24Use of cryptographyISO27001-8.25Secure development life cycleISO27001-8.26Application security requirementsISO27001-8.27Secure system architecture and engineering principlesISO27001-8.28Secure codingISO27001-8.29Security testing in development and acceptanceISO27001-8.30Outsourced developmentISO27001-8.31Separation of development, test and production environmentsISO27001-8.32Change managementISO27001-8.33Test informationISO27001-8.34Protection of information systems during audit testing