| ID | Domain | Description |
|---|---|---|
| D1 | GOVERNANCE AND RISK MANAGEMENT | D1 covers the security objectives related to governance and management of network and information security risks |
| D2 | HUMAN RESOURCES SECURITY | D2 covers the security objectives related to personnel |
| D3 | SECURITY OF SYSTEMS AND FACILITIES | D3 covers the physical and logical security of network and information systems and facilities |
| D4 | OPERATIONS MANAGEMENT | D4 covers operational procedures, change management and asset management |
| D5 | INCIDENT MANAGEMENT | D5 covers detection of, response to, incident reporting, and communication about incidents. Art.2 (42) of EECC defines ‘Security Incident’ as an event having an actual adverse effect on the security of electronic communications networks or services. |
| D6 | BUSINESS CONTINUITY MANAGEMENT | D6 covers continuity strategies and contingency plans to mitigate major failures and natural or man-made disasters |
| D7 | MONITORING, AUDITING AND TESTING | D7 covers monitoring, testing and auditing of network and information systems and facilities |
| D8 | THREAT AWARENESS | D8 covers security objectives related to threat intelligence and to outreach to end-users for the purpose of sharing the information about major threats to the security of networks and services |
Domains