ISO/IEC 27011:2024
ISO/IEC 27011 provides guidelines supporting the implementation of information security controls in telecommunications organizations based on ISO/IEC 27002. It addresses sector-specific security requirements for telecommunications operators including network security, service availability, customer data protection, and lawful interception compliance.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (10)
Clause 1-4: Introduction and Framework
| Code | Title |
|---|---|
| 27011-1 | Scope |
| 27011-2 | Normative references |
| 27011-3 | Terms and definitions |
| 27011-4 | Structure of this document |
| 27400-1 | Scope |
| 27400-3 | Terms and definitions |
| 27400-4 | IoT overview and concepts |
Clause 5: Organizational Controls for Telecommunications
| Code | Title |
|---|---|
| 27011-5.1 | Policies for Information Security in Telecoms |
| 27011-5.2 | Information Security Roles in Telecoms |
| 27011-5.3 | Segregation of duties |
| 27011-5.4 | Threat intelligence for telecom |
| 27011-5.5 | Information security in project management |
| 27011-5.6 | Supplier relationships and telecom supply chain |
Clause 6: People Controls for Telecommunications
| Code | Title |
|---|---|
| 27011-6.1 | Screening of Telecoms Personnel |
| 27011-6.2 | Terms and conditions of employment |
| 27011-6.3 | Awareness and Training |
| 27011-6.4 | Remote working |
Clause 7: Physical Controls for Telecommunications
| Code | Title |
|---|---|
| 27011-7.1 | Physical security perimeters |
| 27011-7.2 | Physical entry and securing offices |
| 27011-7.3 | Equipment protection |
| 27011-7.4 | Physical Security of Network Sites |
Clause 8: Technological Controls for Telecommunications
| Code | Title |
|---|---|
| 27011-8.1 | User Endpoint Devices |
| 27011-8.2 | Network security and segregation |
| 27011-8.3 | Cryptography and key management |
| 27011-8.4 | Logging and monitoring |
| 27011-8.5 | Vulnerability and malware management |
| 27011-8.6 | Data protection and backup |
Network and Service Security
User plane, control plane, and SBA security
Organisational
| Code | Title |
|---|---|
| 27011-5.1 | Policies for Information Security in Telecoms |
| 27011-5.10 | Acceptable Use of Customer Data |
| 27011-5.15 | Access Control for Network Elements |
| 27011-5.2 | Information Security Roles in Telecoms |
| 27011-5.22 | Monitoring of Supplier Services |
| 27011-5.23 | Cloud and Hosted Telecoms Services |
| 27011-5.30 | ICT Readiness for Continuity |
| 27011-5.7 | Threat Intelligence for Telecoms |
People
| Code | Title |
|---|---|
| 27011-6.1 | Screening of Telecoms Personnel |
| 27011-6.3 | Awareness and Training |
Physical
| Code | Title |
|---|---|
| 27011-7.10 | Storage Media Handling in Telecoms |
| 27011-7.4 | Physical Security of Network Sites |
Technological
| Code | Title |
|---|---|
| 27011-8.1 | User Endpoint Devices |
| 27011-8.12 | Data Leakage Prevention for Telecoms |
| 27011-8.15 | Logging of Network and Service Events |
| 27011-8.16 | Monitoring Activities |
| 27011-8.20 | Network Security for Telecoms Core |
| 27011-8.21 | Security of Network Services |
| 27011-8.22 | Segregation of Networks |
| 27011-8.24 | Use of Cryptography |
| 27011-8.27 | Secure System Architecture |
| 27011-8.32 | Change Management for Network |
| 27011-8.7 | Protection Against Malware |
Your Compliance Coverage
If you comply with ISO/IEC 27011:2024, you already cover:
ISO 27002:2022
41%
18 controls mapped
Compare →AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
32%
14 controls mapped
Compare →NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security
30%
13 controls mapped
Compare →+ 313 more: NIST SP 800-53 Rev 5 (30%), ISO/IEC 27400:2022 (30%)
See all 316 mapped frameworks ↓Maps to 316 other frameworks
Frequently Asked Questions
What is ISO/IEC 27011:2024?
ISO/IEC 27011:2024 is a compliance framework from International with 10 domains and 50 controls. ISO/IEC 27011 provides guidelines supporting the implementation of information security controls in telecommunications organizations based on ISO/IEC 27002. It addresses sector-specific security requirements for telecommunications operators including network security, service availability, customer data protection, and lawful interception compliance. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO/IEC 27011:2024 have?
ISO/IEC 27011:2024 has 50 controls organised across 10 domains. The largest domains are Technological (11 controls), Organisational (8 controls), Clause 1-4: Introduction and Framework (7 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO/IEC 27011:2024 map to?
ISO/IEC 27011:2024 maps to 316 other compliance frameworks. The top mapping partners are ISO 27002:2022 (41% coverage), AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association) (32% coverage), NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security (30% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO/IEC 27011:2024 compliance?
Start your ISO/IEC 27011:2024 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 27011:2024 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 50 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required