Description
Domain names reserved for organisational purposes cannot be released shortly after the domain name is no longer needed.
A list of domain names that can never be released needs to be kept.
Domain names not on this list need to remain reserved with a placeholder message that the domain is no longer in use by the organisation for 3 years before they can be released and used by other parties.
Specification
There is a list of all used domain names of the organisation. Every domain is managed by the organisation and follows the security policy of the organisation.
ISO 27001 & 27002:2022
A5.9,
A8.9,
A8.19,
A8.32
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
CO.01 Identificatie en onderhoud van configuratie-items