ISO 27008, titled "Information security, cybersecurity and privacy protection — Information security controls — Review of information security controls," provides guidance on the review of information security controls. The standard is part of the ISO 27000 family of standards, which focus on information security management.
The current version is (published November 2019). It is part of the ISO/IEC 27000 family of standards. iso 27008
Understanding ISO/IEC TS 27008: Guidelines for Assessing Information Security Controls titled "Information security
The primary purpose of ISO 27008 is to provide guidelines for information security auditing, which enables organizations to: which enables organizations to: