= Domains = Security Policy Organization of Information Security Human Resources Security Asset management Access Control Cryptography Physical and Environmental Security Operations Security Communications Security Systems Acquisition, Development and Maintenance Supplier Relationships Information Security Incident Management Information Security Aspects of Business Continuity Management Compliance