TheArtOfService
Back to Frameworks

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

Self-Assess
United Kingdom (BSI/CPNI)
v2015 (superseded by ISO 19650-5)
15 domains
26 controls

PAS 1192-5:2015 (now superseded by ISO 19650-5:2020 but still widely referenced) specifies a security-minded approach to Building Information Modelling (BIM), digitally built environments, and smart asset management. Developed by BSI in partnership with the UK Centre for the Protection of National Infrastructure (CPNI). Addresses the security risks of sharing sensitive building data digitally - particularly for critical national infrastructure and government buildings. Covers security triage, information classification, and breach management.

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (15)

Assurance

1 controls
Controls in the Assurance domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-17Audit and Assurance of the Security Minded Approach

CDE Security

1 controls
Controls in the CDE Security domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-7Common Data Environment Security Configuration

Incident Response

1 controls
Controls in the Incident Response domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-14Security Incident Management

Information Requirements

1 controls
Controls in the Information Requirements domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-6Built Asset Security Information Requirements

Information Security

2 controls
Controls in the Information Security domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments2 controls
CodeTitle
PAS1192-5-18Sensitive Asset Information Sharing with External Parties
PAS1192-5-8Information Aggregation Risk Management

Lifecycle Management

2 controls
Controls in the Lifecycle Management domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments2 controls
CodeTitle
PAS1192-5-15Security in Handover and Operational Phase
PAS1192-5-16Security in Decommissioning and Disposal

Personnel Security

2 controls
Controls in the Personnel Security domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments2 controls
CodeTitle
PAS1192-5-20Awareness and Training
PAS1192-5-9Personnel Security and Vetting

Physical Security

1 controls
Controls in the Physical Security domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-10Physical Security of Project and Asset Sites

Roles and Responsibilities

1 controls
Controls in the Roles and Responsibilities domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-3Appointment of Built Asset Security Manager

Security Controls

3 controls
Controls in the Security Controls domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments3 controls
CodeTitle
PAS1192-5-SC-01Technical Controls
PAS1192-5-SC-02Personnel Security
PAS1192-5-SC-03Breach Management

Security Triage

2 controls
Controls in the Security Triage domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments5 controls
CodeTitle
PAS1192-5-1Security Triage Process
PAS1192-5-2Sensitivity Classification of Assets
PAS1192-5-ST-01Security Triage Process
PAS1192-5-ST-02Information Classification
PAS1192-5-ST-03Threat Assessment

Security Triage

3 controls

Information sensitivity assessment

Controls in the Security Triage domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments5 controls
CodeTitle
PAS1192-5-1Security Triage Process
PAS1192-5-2Sensitivity Classification of Assets
PAS1192-5-ST-01Security Triage Process
PAS1192-5-ST-02Information Classification
PAS1192-5-ST-03Threat Assessment

Strategy and Policy

2 controls
Controls in the Strategy and Policy domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments2 controls
CodeTitle
PAS1192-5-4Built Asset Security Strategy
PAS1192-5-5Built Asset Security Management Plan

Supply Chain

1 controls
Controls in the Supply Chain domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments1 controls
CodeTitle
PAS1192-5-12Supply Chain Security

Technical Security

3 controls
Controls in the Technical Security domain of PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments3 controls
CodeTitle
PAS1192-5-11Technical Security Measures and Encryption
PAS1192-5-13Mobile and Remote Working Security
PAS1192-5-19BIM Tool and Software Security

Your Compliance Coverage

If you comply with PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments, you already cover:

NIST SP 1800-32

19%

5 controls mapped

Compare →

API 1164

19%

5 controls mapped

Compare →

Protective Security Policy Framework (PSPF) Release 2024

19%

5 controls mapped

Compare →

+ 229 more: IEC 62443 (19%), ISO 27019 (19%)

See all 232 mapped frameworks ↓

Maps to 232 other frameworks

26 total controls
NIST SP 1800-32
5 source controls mapped|10 target controls covered
19%
API 1164
5 source controls mapped|10 target controls covered
19%
Protective Security Policy Framework (PSPF) Release 2024
5 source controls mapped|13 target controls covered
19%
IEC 62443
5 source controls mapped|10 target controls covered
19%
ISO 27019
5 source controls mapped|10 target controls covered
19%
NIST SP 800-53 Rev 5
5 source controls mapped|23 target controls covered
19%
ISO 27001:2022
5 source controls mapped|14 target controls covered
19%
TISAX - Trusted Information Security Assessment Exchange
5 source controls mapped|15 target controls covered
19%
Telecommunications Sector Security Reforms (TSSR)
5 source controls mapped|8 target controls covered
19%
ISO/IEC 27010:2015
5 source controls mapped|7 target controls covered
19%
Singapore Government Instruction Manual on ICT&SS Management (IM8)
5 source controls mapped|6 target controls covered
19%
Spain ENS
4 source controls mapped|12 target controls covered
15%
ISO 27043
4 source controls mapped|11 target controls covered
15%
Azure Security Benchmark
4 source controls mapped|9 target controls covered
15%
AWS Well-Architected Security Pillar
4 source controls mapped|8 target controls covered
15%
OWASP MASVS
4 source controls mapped|9 target controls covered
15%
ISO 27017
4 source controls mapped|9 target controls covered
15%
BSI IT-Grundschutz
4 source controls mapped|12 target controls covered
15%
NIST SP 800-190
4 source controls mapped|8 target controls covered
15%
ISO 27018
4 source controls mapped|8 target controls covered
15%
OpenSSF Scorecard
4 source controls mapped|12 target controls covered
15%
OWASP ASVS
4 source controls mapped|10 target controls covered
15%
ISO/SAE 21434
4 source controls mapped|11 target controls covered
15%
Saudi NCA ECC
4 source controls mapped|12 target controls covered
15%
UK PSTI Act
4 source controls mapped|10 target controls covered
15%
UNECE WP.29 R155
4 source controls mapped|9 target controls covered
15%
SIG (Shared Assessments)
4 source controls mapped|10 target controls covered
15%
PTES
4 source controls mapped|10 target controls covered
15%
OWASP SAMM
4 source controls mapped|9 target controls covered
15%
UNECE WP.29 R156
4 source controls mapped|10 target controls covered
15%
SSDF (NIST)
4 source controls mapped|10 target controls covered
15%
SLSA
4 source controls mapped|10 target controls covered
15%
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|3 target controls covered
12%
ASD Strategies to Mitigate Cyber Security Incidents
3 source controls mapped|6 target controls covered
12%
OWASP Top 10:2025
3 source controls mapped|7 target controls covered
12%
NIST Cybersecurity Framework 2.0
3 source controls mapped|8 target controls covered
12%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
3 source controls mapped|18 target controls covered
12%
UK ONR Cyber Security and Information Assurance (CSIA) for Nuclear Facilities
3 source controls mapped|7 target controls covered
12%
FFIEC Cybersecurity Assessment Tool (CAT)
3 source controls mapped|6 target controls covered
12%
RBI Cybersecurity Framework for Banks
3 source controls mapped|5 target controls covered
12%
NIST AI Risk Management Framework (AI RMF 1.0)
3 source controls mapped|4 target controls covered
12%
South Korea ISMS-P
3 source controls mapped|8 target controls covered
12%
OWASP DevSecOps Maturity Model (DSOMM)
3 source controls mapped|10 target controls covered
12%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
3 source controls mapped|14 target controls covered
12%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
3 source controls mapped|10 target controls covered
12%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
3 source controls mapped|10 target controls covered
12%
ISO/IEC 27011:2024
3 source controls mapped|7 target controls covered
12%
Annex 11 to EU GMP - Computerised Systems
3 source controls mapped|4 target controls covered
12%
NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices
3 source controls mapped|6 target controls covered
12%
Regulation (EU) 2019/1239 on the Maritime Single Window (MSW)
3 source controls mapped|3 target controls covered
12%
ISO 28001:2007 Supply Chain Security Management
3 source controls mapped|5 target controls covered
12%
Secure by Design: A Guide for Manufacturers (CISA)
3 source controls mapped|7 target controls covered
12%
UK Telecommunications (Security) Act 2021
3 source controls mapped|4 target controls covered
12%
TSA Pipeline Security
3 source controls mapped|10 target controls covered
12%
US Executive Order 14028 - Improving the Nation's Cybersecurity
3 source controls mapped|5 target controls covered
12%
UK Gambling Commission - Cyber Resilience Requirements
3 source controls mapped|9 target controls covered
12%
21 CFR Part 211 - Current Good Manufacturing Practice
3 source controls mapped|4 target controls covered
12%
SASB Standards (ISSB Integrated)
3 source controls mapped|2 target controls covered
12%
SASB Standards
3 source controls mapped|2 target controls covered
12%
NSA Guidance for Transition to Quantum-Resistant Cryptography
3 source controls mapped|4 target controls covered
12%
South Korea PIPA
2 source controls mapped|3 target controls covered
8%
NIST Privacy Framework
2 source controls mapped|2 target controls covered
8%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
2 source controls mapped|4 target controls covered
8%
TEFCA - Trusted Exchange Framework and Common Agreement
2 source controls mapped|4 target controls covered
8%
OSFI B-13
2 source controls mapped|4 target controls covered
8%
FFIEC IT Examination Handbook
2 source controls mapped|4 target controls covered
8%
South Korea Cloud Security Assurance Program (CSAP)
2 source controls mapped|3 target controls covered
8%
ITIL 4
2 source controls mapped|2 target controls covered
8%
US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements
2 source controls mapped|4 target controls covered
8%
Switzerland FADP
2 source controls mapped|4 target controls covered
8%
Privacy Act 2020
2 source controls mapped|4 target controls covered
8%
Open Banking Security
2 source controls mapped|4 target controls covered
8%
Personal Data Act (personopplysningsloven)
2 source controls mapped|4 target controls covered
8%
ISO 20000-1
2 source controls mapped|3 target controls covered
8%
Bahrain PDPL
2 source controls mapped|4 target controls covered
8%
Serbia Law on Personal Data Protection (2018)
2 source controls mapped|2 target controls covered
8%
Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)
2 source controls mapped|3 target controls covered
8%
UK Open Banking Standard
2 source controls mapped|5 target controls covered
8%
Privacy Act 1988 (Australia)
2 source controls mapped|4 target controls covered
8%
Turkey KVKK
2 source controls mapped|4 target controls covered
8%
Turkey Personal Data Protection Law (KVKK - Law No. 6698)
2 source controls mapped|4 target controls covered
8%
Oregon Consumer Privacy Act
2 source controls mapped|4 target controls covered
8%
Pakistan Personal Data Protection Bill 2023
2 source controls mapped|2 target controls covered
8%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
2 source controls mapped|4 target controls covered
8%
APRA CPS 234
2 source controls mapped|4 target controls covered
8%
NIST SP 800-171
2 source controls mapped|2 target controls covered
8%
APRA CPS 230 Operational Risk Management
2 source controls mapped|4 target controls covered
8%
APPI
2 source controls mapped|4 target controls covered
8%
ISO/IEC 27400:2022
2 source controls mapped|3 target controls covered
8%
Canada ITSG-33 - IT Security Risk Management
2 source controls mapped|2 target controls covered
8%
UK Data Protection Act 2018
2 source controls mapped|4 target controls covered
8%
PSD2 SCA
2 source controls mapped|4 target controls covered
8%
Utah Consumer Privacy Act
2 source controls mapped|4 target controls covered
8%
PCI P2PE
2 source controls mapped|4 target controls covered
8%
Saudi Arabia PDPL
2 source controls mapped|4 target controls covered
8%
SOC 2
2 source controls mapped|3 target controls covered
8%
PCI PIN Security
2 source controls mapped|4 target controls covered
8%
Security of Critical Infrastructure Act 2018 (SOCI)
2 source controls mapped|6 target controls covered
8%
Taiwan PDPA
2 source controls mapped|4 target controls covered
8%
PCI SSF
2 source controls mapped|4 target controls covered
8%
Qatar DPL
2 source controls mapped|4 target controls covered
8%
Responsible Minerals Initiative (RMI) - Responsible Minerals Assurance Process
2 source controls mapped|4 target controls covered
8%
Uruguay DPL
2 source controls mapped|4 target controls covered
8%
Peru DPL
2 source controls mapped|4 target controls covered
8%
SWIFT CSP
2 source controls mapped|4 target controls covered
8%
Tennessee IPA
2 source controls mapped|4 target controls covered
8%
POPIA
2 source controls mapped|4 target controls covered
8%
US NRC 10 CFR 73.54 - Cyber Security for Nuclear Power Plants
2 source controls mapped|3 target controls covered
8%
RFC 2350 - Expectations for Computer Security Incident Response (BCP 21)
2 source controls mapped|5 target controls covered
8%
Philippines Data Privacy Act (RA 10173)
2 source controls mapped|5 target controls covered
8%
Rwanda DPL
2 source controls mapped|4 target controls covered
8%
UK FCA/PRA Operational Resilience Framework
2 source controls mapped|2 target controls covered
8%
TSA Pipeline Cybersecurity Directives
2 source controls mapped|5 target controls covered
8%
Texas Data Privacy Act
2 source controls mapped|4 target controls covered
8%
SSAE 18 - Attestation Standards (SOC Reporting)
2 source controls mapped|3 target controls covered
8%
SWIFT CSCF
2 source controls mapped|5 target controls covered
8%
Vietnam PDPD
2 source controls mapped|4 target controls covered
8%
PDPA Singapore
2 source controls mapped|4 target controls covered
8%
SOC for Cybersecurity - Cybersecurity Risk Management Examination
2 source controls mapped|3 target controls covered
8%
Philippines DPA
2 source controls mapped|4 target controls covered
8%
PDPA Thailand
2 source controls mapped|4 target controls covered
8%
SA8000:2014 - Social Accountability Standard
2 source controls mapped|2 target controls covered
8%
Virginia CDPA
2 source controls mapped|4 target controls covered
8%
Zimbabwe Data Protection Act (2021)
2 source controls mapped|2 target controls covered
8%
IATA Operational Safety Audit (IOSA) Standards Manual
2 source controls mapped|1 target controls covered
8%
FBI CJIS Security Policy
2 source controls mapped|6 target controls covered
8%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
2 source controls mapped|6 target controls covered
8%
OWASP Top 10 for LLM Applications 2025
2 source controls mapped|3 target controls covered
8%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
2 source controls mapped|3 target controls covered
8%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
2 source controls mapped|2 target controls covered
8%
ISO 27799
2 source controls mapped|9 target controls covered
8%
ISO 13485
2 source controls mapped|10 target controls covered
8%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
2 source controls mapped|3 target controls covered
8%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
2 source controls mapped|7 target controls covered
8%
PIC/S Guide to Good Manufacturing Practice for Medicinal Products
2 source controls mapped|2 target controls covered
8%
UK Security and Emergency Measures Direction (SEMD) - Water Industry
2 source controls mapped|4 target controls covered
8%
Sigstore - Software Artifact Signing and Verification
2 source controls mapped|8 target controls covered
8%
FDA Quality Management System Regulation (QMSR)
2 source controls mapped|1 target controls covered
8%
ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)
2 source controls mapped|1 target controls covered
8%
IEC 60601-1 - Medical Electrical Equipment Safety
2 source controls mapped|1 target controls covered
8%
UK AI Regulation Framework
2 source controls mapped|1 target controls covered
8%
Singapore AI Governance Framework
2 source controls mapped|1 target controls covered
8%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|1 target controls covered
4%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
4%
Singapore Cybersecurity Act 2018
1 source controls mapped|2 target controls covered
4%
NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management
1 source controls mapped|1 target controls covered
4%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
1 source controls mapped|1 target controls covered
4%
ISO 22320:2018
1 source controls mapped|3 target controls covered
4%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
4%
ISO/IEC 29134:2023
1 source controls mapped|1 target controls covered
4%
Voluntary Principles on Security and Human Rights (VPs)
1 source controls mapped|1 target controls covered
4%
ISO/IEC 30111:2019
1 source controls mapped|4 target controls covered
4%
ISO/IEC 29147:2018
1 source controls mapped|4 target controls covered
4%
Rwanda Law No. 058/2021 Relating to the Protection of Personal Data
1 source controls mapped|1 target controls covered
4%
EASA Part-IS - Information Security in Aviation
1 source controls mapped|3 target controls covered
4%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
1 source controls mapped|3 target controls covered
4%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|1 target controls covered
4%
UN Guiding Principles on Business and Human Rights (UNGPs)
1 source controls mapped|1 target controls covered
4%
Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023)
1 source controls mapped|1 target controls covered
4%
Sri Lanka Personal Data Protection Act (No. 9 of 2022)
1 source controls mapped|1 target controls covered
4%
Singapore Payment Services Act (PSA) - Digital Payment Token Regulation
1 source controls mapped|2 target controls covered
4%
Zambia Data Protection Act (2021)
1 source controls mapped|1 target controls covered
4%
AICPA Privacy Management Framework (PMF)
1 source controls mapped|2 target controls covered
4%
SANS Incident Handler's Handbook and PICERL Methodology
1 source controls mapped|3 target controls covered
4%
UK Building Safety Act 2022
1 source controls mapped|1 target controls covered
4%
SEC Cybersecurity Disclosure Rules
1 source controls mapped|1 target controls covered
4%
US OFAC Sanctions Compliance Framework
1 source controls mapped|1 target controls covered
4%
Tanzania Personal Data Protection Act (Draft)
1 source controls mapped|1 target controls covered
4%
Trinidad and Tobago Data Protection Act 2011
1 source controls mapped|1 target controls covered
4%
UK GDPR (UK General Data Protection Regulation)
1 source controls mapped|1 target controls covered
4%
ICH Q10 - Pharmaceutical Quality System
1 source controls mapped|1 target controls covered
4%
French Sapin II Law (Law No. 2016-1691)
1 source controls mapped|1 target controls covered
4%
ISO 41001:2018 - Facility Management Systems
1 source controls mapped|2 target controls covered
4%
ISO 39001:2012 - Road Traffic Safety Management
1 source controls mapped|2 target controls covered
4%
ISO 50001:2018 - Energy Management Systems
1 source controls mapped|2 target controls covered
4%
ISO 22313:2020 - Guidance on Business Continuity Management Systems
1 source controls mapped|2 target controls covered
4%
Space ISAC (Information Sharing and Analysis Center) - Threat Framework
1 source controls mapped|2 target controls covered
4%
ISO/IEC 27006:2024
1 source controls mapped|1 target controls covered
4%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
1 source controls mapped|1 target controls covered
4%
Tunisia Organic Law on Personal Data Protection (Law No. 2004-63)
1 source controls mapped|1 target controls covered
4%
Portugal Law No. 58/2019 - Data Protection Implementation Act
1 source controls mapped|1 target controls covered
4%
AS9100D - Aerospace Quality Management System
1 source controls mapped|3 target controls covered
4%
ISO/IEC 27003:2017
1 source controls mapped|3 target controls covered
4%
ISO 26000:2010
1 source controls mapped|1 target controls covered
4%
WCO Authorised Economic Operator (AEO) Framework
1 source controls mapped|3 target controls covered
4%
Authorised Economic Operator (AEO) Programmes - Global Standards
1 source controls mapped|4 target controls covered
4%
Automotive SPICE (ASPICE) v4.0 - Process Assessment Model
1 source controls mapped|1 target controls covered
4%
ISO 20400:2017 - Sustainable Procurement
1 source controls mapped|3 target controls covered
4%
ISO 22318
1 source controls mapped|1 target controls covered
4%
ISO 22317
1 source controls mapped|1 target controls covered
4%
SQF Code Edition 9 - Safe Quality Food
1 source controls mapped|1 target controls covered
4%
BRCGS Global Standard for Food Safety Issue 9
1 source controls mapped|1 target controls covered
4%
ISO 22316
1 source controls mapped|1 target controls covered
4%
BREEAM - Building Research Establishment Environmental Assessment Method
1 source controls mapped|1 target controls covered
4%
ISO/IEC 23894:2023
1 source controls mapped|1 target controls covered
4%
Aged Care Quality Standards (Australia)
1 source controls mapped|1 target controls covered
4%
Solvency II
1 source controls mapped|3 target controls covered
4%
Philippines Cybercrime Prevention Act (RA 10175)
1 source controls mapped|1 target controls covered
4%
NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)
1 source controls mapped|1 target controls covered
4%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|2 target controls covered
4%
ICAO Annex 17 - Aviation Security (AVSEC)
1 source controls mapped|1 target controls covered
4%
Florida Digital Bill of Rights (FDBR)
1 source controls mapped|2 target controls covered
4%
FIDO2 / WebAuthn
1 source controls mapped|1 target controls covered
4%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
1 source controls mapped|4 target controls covered
4%
ISO 19011
1 source controls mapped|4 target controls covered
4%
SWIFT CSCF v2024
1 source controls mapped|1 target controls covered
4%
ISO 27005
1 source controls mapped|1 target controls covered
4%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
1 source controls mapped|1 target controls covered
4%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
1 source controls mapped|4 target controls covered
4%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|3 target controls covered
4%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|1 target controls covered
4%
Regulation on the European Health Data Space (EHDS)
1 source controls mapped|1 target controls covered
4%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|2 target controls covered
4%
ISO 31000:2018
1 source controls mapped|2 target controls covered
4%
DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)
1 source controls mapped|3 target controls covered
4%
OWASP API Security Top 10 - 2023
1 source controls mapped|3 target controls covered
4%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|1 target controls covered
4%
US Consumer Product Safety Commission (CPSC) - Connected Product Safety
1 source controls mapped|1 target controls covered
4%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
4%
ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary
1 source controls mapped|1 target controls covered
4%
MARS-E - Minimum Acceptable Risk Standards for Exchanges
1 source controls mapped|2 target controls covered
4%
ISO/IEC 25012:2008 - Data Quality Model
1 source controls mapped|1 target controls covered
4%
Russia Federal Law on Personal Data (152-FZ)
1 source controls mapped|1 target controls covered
4%
Wisconsin Data Privacy Act (SB 670)
1 source controls mapped|3 target controls covered
4%
Tennessee Information Protection Act (TIPA)
1 source controls mapped|2 target controls covered
4%
3GPP 5G Security Architecture (TS 33.501)
1 source controls mapped|3 target controls covered
4%
PropTech Security Standards - Smart Building Cybersecurity
1 source controls mapped|4 target controls covered
4%
SWIFT Customer Security Programme (CSP)
1 source controls mapped|3 target controls covered
4%
US ITAR and EAR - Export Control and Data Security
1 source controls mapped|3 target controls covered
4%
W3C Verifiable Credentials (VC) Data Model 2.0
1 source controls mapped|3 target controls covered
4%
Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter
1 source controls mapped|1 target controls covered
4%
WCAG 2.2
1 source controls mapped|2 target controls covered
4%
Compare PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments with NIST SP 1800-32

Frequently Asked Questions

What is PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments?

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments is a compliance framework from United Kingdom (BSI/CPNI) with 15 domains and 26 controls. PAS 1192-5:2015 (now superseded by ISO 19650-5:2020 but still widely referenced) specifies a security-minded approach to Building Information Modelling (BIM), digitally built environments, and smart asset management. Developed by BSI in partnership with the UK Centre for the Protection of National Infrastructure (CPNI). Addresses the security risks of sharing sensitive building data digitally - particularly for critical national infrastructure and government buildings. Covers security triage, information classification, and breach management. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments have?

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments has 26 controls organised across 15 domains. The largest domains are Security Controls (3 controls), Security Triage (3 controls), Technical Security (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments map to?

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments maps to 232 other compliance frameworks. The top mapping partners are NIST SP 1800-32 (19% coverage), API 1164 (19% coverage), Protective Security Policy Framework (PSPF) Release 2024 (19% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments compliance?

Start your PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 26 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 701 frameworks.

Get Started Free →

Free forever — no credit card required