{ "schema_version": "2.0", "obligation_to_control": { "AIACT-OBL-001": [ "TOM.GOV.01", "TOM.GOV.02" ], "AIACT-OBL-002": [ "TOM.GOV.03", "TOM.GOV.04" ], "AIACT-OBL-003": [ "TOM.DATA.01", "TOM.DATA.02", "TOM.DATA.03" ], "AIACT-OBL-004": [ "TOM.GOV.05", "TOM.SDLC.01" ], "AIACT-OBL-005": [ "TOM.LOG.01", "TOM.LOG.02", "TOM.LOG.03" ], "AIACT-OBL-006": [ "TOM.GOV.06", "TOM.OPS.01" ], "AIACT-OBL-007": [ "TOM.GOV.07", "TOM.HR.01", "TOM.OPS.02" ], "AIACT-OBL-008": [ "TOM.SDLC.02", "TOM.NET.01", "TOM.CRYPTO.01" ], "AIACT-OBL-009": [ "TOM.OPS.03", "TOM.OPS.04", "TOM.LOG.04" ], "AIACT-OBL-010": [ "TOM.GOV.08", "TOM.GOV.09" ], "AIACT-OBL-011": [ "TOM.GOV.10", "TOM.OPS.05" ], "AIACT-OBL-012": [ "TOM.GOV.11", "TOM.DATA.04" ], "AIACT-OBL-013": [ "TOM.GOV.12", "TOM.NET.02", "TOM.SDLC.03" ], "AIACT-OBL-014": [ "TOM.GOV.13" ], "AIACT-OBL-015": [ "TOM.HR.02", "TOM.HR.03" ], "AIACT-OBL-016": [ "TOM.GOV.01", "TOM.GOV.03" ], "AIACT-OBL-017": [ "TOM.GOV.01" ], "AIACT-OBL-018": [ "TOM.GOV.04", "TOM.GOV.05" ], "AIACT-OBL-019": [ "TOM.GOV.01", "TOM.GOV.05", "TOM.GOV.14" ], "AIACT-OBL-020": [ "TOM.GOV.14", "TOM.GOV.15", "TOM.SDLC.04" ], "AIACT-OBL-021": [ "TOM.DATA.05", "TOM.DATA.06" ], "AIACT-OBL-022": [ "TOM.GOV.04", "TOM.GOV.14" ], "AIACT-OBL-023": [ "TOM.LOG.01", "TOM.LOG.05", "TOM.LOG.06" ], "AIACT-OBL-024": [ "TOM.OPS.06", "TOM.BCP.01" ], "AIACT-OBL-025": [ "TOM.GOV.06", "TOM.GOV.13" ], "AIACT-OBL-026": [ "TOM.GOV.01", "TOM.VENDOR.01" ], "AIACT-OBL-027": [ "TOM.VENDOR.02", "TOM.VENDOR.03" ], "AIACT-OBL-028": [ "TOM.DATA.07", "TOM.DATA.08" ], "AIACT-OBL-029": [ "TOM.LOG.04", "TOM.LOG.07", "TOM.OPS.07" ], "AIACT-OBL-030": [ "TOM.GOV.10", "TOM.OPS.05" ], "AIACT-OBL-031": [ "TOM.GOV.08", "TOM.GOV.09" ], "AIACT-OBL-032": [ "TOM.GOV.01", "TOM.GOV.03" ], "AIACT-OBL-033": [ "TOM.VENDOR.04", "TOM.VENDOR.05" ], "AIACT-OBL-034": [ "TOM.VENDOR.06", "TOM.VENDOR.07" ], "AIACT-OBL-035": [ "TOM.GOV.14", "TOM.GOV.15" ], "AIACT-OBL-036": [ "TOM.GOV.05", "TOM.GOV.14" ], "AIACT-OBL-037": [ "TOM.GOV.05" ], "AIACT-OBL-038": [ "TOM.GOV.13" ], "AIACT-OBL-039": [ "TOM.GOV.10", "TOM.OPS.05" ], "AIACT-OBL-040": [ "TOM.SDLC.05", "TOM.OPS.08" ], "AIACT-OBL-041": [ "TOM.SDLC.05", "TOM.SDLC.06" ], "AIACT-OBL-042": [ "TOM.GOV.11", "TOM.SDLC.07" ], "AIACT-OBL-043": [ "TOM.GOV.11", "TOM.DATA.09" ], "AIACT-OBL-044": [ "TOM.DATA.04", "TOM.DATA.10" ], "AIACT-OBL-045": [ "TOM.SDLC.08", "TOM.SDLC.09" ], "AIACT-OBL-046": [ "TOM.GOV.03", "TOM.GOV.12" ], "AIACT-OBL-047": [ "TOM.NET.02", "TOM.NET.03", "TOM.CRYPTO.02" ], "AIACT-OBL-048": [ "TOM.BCP.02", "TOM.BCP.03" ], "AIACT-OBL-049": [ "TOM.GOV.01" ], "AIACT-OBL-050": [ "TOM.OPS.09", "TOM.OPS.10" ], "AIACT-OBL-051": [ "TOM.BCP.01", "TOM.BCP.02", "TOM.BCP.04" ], "AIACT-OBL-052": [ "TOM.AC.01", "TOM.IAM.01", "TOM.CRYPTO.03" ], "AIACT-OBL-053": [ "TOM.GOV.01", "TOM.GOV.02" ], "AIACT-OBL-054": [ "TOM.GOV.04", "TOM.GOV.14" ], "AIACT-OBL-055": [ "TOM.GOV.08", "TOM.DATA.11", "TOM.IAM.02" ], "AIACT-OBL-056": [ "TOM.BCP.05", "TOM.BCP.06", "TOM.NET.04" ], "AIACT-OBL-057": [ "TOM.GOV.08", "TOM.DATA.12", "TOM.HR.04" ], "AIACT-OBL-058": [ "TOM.GOV.08", "TOM.HR.05", "TOM.DATA.13" ], "AIACT-OBL-059": [ "TOM.GOV.08", "TOM.GOV.09", "TOM.AC.02" ], "AIACT-OBL-060": [ "TOM.GOV.07", "TOM.GOV.08", "TOM.GOV.10" ], "BDSG-OBL-001": [ "TOM.PHY.01", "TOM.GOV.03" ], "BDSG-OBL-002": [ "TOM.PHY.01" ], "BDSG-OBL-003": [ "TOM.PHY.01", "TOM.DEL.01" ], "BDSG-OBL-004": [ "TOM.AC.01", "TOM.CRY.01", "TOM.GOV.04" ], "BDSG-OBL-005": [ "TOM.CRY.01", "TOM.CRY.02", "TOM.AC.01" ], "BDSG-OBL-006": [ "TOM.HR.01", "TOM.GOV.01" ], "BDSG-OBL-007": [ "TOM.HR.01", "TOM.HR.02" ], "BDSG-OBL-008": [ "TOM.HR.01", "TOM.GOV.01" ], "BDSG-OBL-009": [ "TOM.HR.01", "TOM.DEL.01" ], "BDSG-OBL-010": [ "TOM.GOV.02" ], "BDSG-OBL-011": [ "TOM.GOV.02", "TOM.GOV.03" ], "BDSG-OBL-012": [ "TOM.DEL.01" ], "BDSG-OBL-013": [ "TOM.DEL.01", "TOM.AC.02" ], "BDSG-OBL-014": [ "TOM.GOV.01", "TOM.GOV.05" ], "BDSG-OBL-015": [ "TOM.GOV.05" ], "BDSG-OBL-016": [ "TOM.GOV.05" ], "BDSG-OBL-017": [ "TOM.GOV.01" ], "BDSG-OBL-018": [ "TOM.GOV.01", "TOM.GOV.02" ], "BDSG-OBL-019": [ "TOM.CRY.02", "TOM.GOV.04" ], "BDSG-OBL-020": [ "TOM.CRY.02" ], "BDSG-OBL-021": [ "TOM.GOV.01", "TOM.AC.01" ], "BDSG-OBL-022": [ "TOM.LOG.01", "TOM.AC.01" ], "BDSG-OBL-023": [ "TOM.GOV.02" ], "BDSG-OBL-024": [ "TOM.GOV.03", "TOM.CRY.01" ], "BDSG-OBL-025": [ "TOM.GOV.03" ], "BDSG-OBL-026": [ "TOM.AC.01", "TOM.GOV.01" ], "BDSG-OBL-027": [ "TOM.GOV.01" ], "BDSG-OBL-028": [ "TOM.GOV.01" ], "BDSG-OBL-029": [ "TOM.HR.02", "TOM.GOV.05" ], "BDSG-OBL-030": [ "TOM.GOV.03", "TOM.VEN.01" ], "DATAACT-OBL-001": [ "TOM.OPS.01" ], "DATAACT-OBL-002": [ "TOM.GOV.01" ], "DATAACT-OBL-003": [ "TOM.OPS.01", "TOM.OPS.02" ], "DATAACT-OBL-004": [ "TOM.GOV.01" ], "DATAACT-OBL-005": [ "TOM.OPS.01", "TOM.OPS.02" ], "DATAACT-OBL-006": [ "TOM.GOV.01" ], "DATAACT-OBL-007": [ "TOM.GOV.01" ], "DATAACT-OBL-008": [ "TOM.GOV.01" ], "DATAACT-OBL-009": [ "TOM.GOV.01" ], "DATAACT-OBL-010": [ "TOM.GOV.01" ], "DATAACT-OBL-011": [ "TOM.GOV.01", "TOM.OPS.01" ], "DATAACT-OBL-012": [ "TOM.OPS.01", "TOM.OPS.02" ], "DATAACT-OBL-013": [ "TOM.GOV.01" ], "DATAACT-OBL-014": [ "TOM.OPS.01" ], "DATAACT-OBL-015": [ "TOM.OPS.01" ], "DATAACT-OBL-016": [ "TOM.GOV.01", "TOM.OPS.01" ], "DATAACT-OBL-017": [ "TOM.GOV.01" ], "DATAACT-OBL-018": [ "TOM.GOV.01" ], "DATAACT-OBL-019": [ "TOM.OPS.01", "TOM.GOV.01" ], "DATAACT-OBL-020": [ "TOM.GOV.01" ], "DATAACT-OBL-021": [ "TOM.GOV.01" ], "DATAACT-OBL-022": [ "TOM.GOV.01", "TOM.GOV.02" ], "DATAACT-OBL-023": [ "TOM.OPS.01" ], "DATAACT-OBL-024": [ "TOM.GOV.01" ], "DATAACT-OBL-025": [ "TOM.GOV.01" ], "DORA-OBL-005": [ "TOM.CRY.01", "TOM.ACC.01" ], "DSA-OBL-001": [ "TOM.GOV.01" ], "DSA-OBL-002": [ "TOM.GOV.01" ], "DSA-OBL-003": [ "TOM.GOV.01", "TOM.OPS.01" ], "DSA-OBL-004": [ "TOM.GOV.01" ], "DSA-OBL-005": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSA-OBL-006": [ "TOM.GOV.01" ], "DSA-OBL-007": [ "TOM.GOV.01" ], "DSA-OBL-008": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSA-OBL-009": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSA-OBL-010": [ "TOM.OPS.01", "TOM.OPS.02" ], "DSA-OBL-011": [ "TOM.OPS.01" ], "DSA-OBL-012": [ "TOM.OPS.01", "TOM.GOV.01" ], "DSA-OBL-013": [ "TOM.OPS.01", "TOM.OPS.02" ], "DSA-OBL-014": [ "TOM.OPS.01" ], "DSA-OBL-015": [ "TOM.OPS.01" ], "DSA-OBL-016": [ "TOM.OPS.01", "TOM.OPS.02" ], "DSA-OBL-017": [ "TOM.GOV.01" ], "DSA-OBL-018": [ "TOM.GOV.01", "TOM.OPS.01" ], "DSA-OBL-019": [ "TOM.OPS.01" ], "DSA-OBL-020": [ "TOM.OPS.01" ], "DSA-OBL-021": [ "TOM.OPS.01", "TOM.GOV.01" ], "DSA-OBL-022": [ "TOM.OPS.01", "TOM.GOV.01" ], "DSA-OBL-023": [ "TOM.OPS.01", "TOM.GOV.03" ], "DSA-OBL-024": [ "TOM.OPS.01" ], "DSA-OBL-025": [ "TOM.OPS.01", "TOM.GOV.03" ], "DSA-OBL-026": [ "TOM.GOV.01", "TOM.GOV.02", "TOM.GOV.03" ], "DSA-OBL-027": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSA-OBL-028": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSA-OBL-029": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSA-OBL-030": [ "TOM.GOV.01", "TOM.OPS.01" ], "DSA-OBL-031": [ "TOM.OPS.01", "TOM.GOV.03" ], "DSA-OBL-032": [ "TOM.GOV.01" ], "DSA-OBL-033": [ "TOM.GOV.01", "TOM.OPS.01" ], "DSA-OBL-034": [ "TOM.GOV.01" ], "DSA-OBL-035": [ "TOM.GOV.01" ], "DSGVO-OBL-001": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSGVO-OBL-002": [ "TOM.CRYPTO.01", "TOM.CRYPTO.02", "TOM.IAM.01", "TOM.AC.01", "TOM.NET.01" ], "DSGVO-OBL-003": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSGVO-OBL-004": [ "TOM.GOV.01" ], "DSGVO-OBL-005": [ "TOM.VENDOR.01", "TOM.VENDOR.02" ], "DSGVO-OBL-006": [ "TOM.GOV.02" ], "DSGVO-OBL-007": [ "TOM.DATA.01", "TOM.GOV.02" ], "DSGVO-OBL-008": [ "TOM.GOV.02", "TOM.DATA.01" ], "DSGVO-OBL-009": [ "TOM.DATA.01", "TOM.DATA.02" ], "DSGVO-OBL-010": [ "TOM.VENDOR.01", "TOM.VENDOR.03" ], "DSGVO-OBL-011": [ "TOM.OPS.01", "TOM.OPS.02", "TOM.LOG.01" ], "DSGVO-OBL-012": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSGVO-OBL-013": [ "TOM.GOV.01" ], "DSGVO-OBL-014": [ "TOM.DATA.01" ], "DSGVO-OBL-015": [ "TOM.DATA.01" ], "DSGVO-OBL-016": [ "TOM.GOV.01", "TOM.GOV.02", "TOM.LOG.01" ], "DSGVO-OBL-017": [ "TOM.GOV.01" ], "DSGVO-OBL-018": [ "TOM.GOV.01" ], "DSGVO-OBL-019": [ "TOM.GOV.01", "TOM.CRYPTO.01", "TOM.AC.01" ], "DSGVO-OBL-020": [ "TOM.CRYPTO.01", "TOM.CRYPTO.02", "TOM.AC.01", "TOM.LOG.01" ], "DSGVO-OBL-021": [ "TOM.GOV.01", "TOM.AC.01" ], "DSGVO-OBL-022": [ "TOM.GOV.02" ], "DSGVO-OBL-023": [ "TOM.GOV.02" ], "DSGVO-OBL-024": [ "TOM.DATA.01", "TOM.GOV.02" ], "DSGVO-OBL-025": [ "TOM.DATA.01" ], "DSGVO-OBL-026": [ "TOM.DATA.01", "TOM.DATA.02" ], "DSGVO-OBL-027": [ "TOM.DATA.01", "TOM.AC.01" ], "DSGVO-OBL-028": [ "TOM.DATA.01", "TOM.VENDOR.01" ], "DSGVO-OBL-029": [ "TOM.DATA.01" ], "DSGVO-OBL-030": [ "TOM.DATA.01", "TOM.GOV.02" ], "DSGVO-OBL-031": [ "TOM.GOV.01", "TOM.GOV.03", "TOM.LOG.01" ], "DSGVO-OBL-032": [ "TOM.GOV.01", "TOM.GOV.02", "TOM.GOV.03" ], "DSGVO-OBL-033": [ "TOM.SDLC.01", "TOM.SDLC.02" ], "DSGVO-OBL-034": [ "TOM.SDLC.01" ], "DSGVO-OBL-035": [ "TOM.VENDOR.01" ], "DSGVO-OBL-036": [ "TOM.GOV.01" ], "DSGVO-OBL-037": [ "TOM.VENDOR.01", "TOM.VENDOR.02" ], "DSGVO-OBL-038": [ "TOM.VENDOR.01", "TOM.VENDOR.02" ], "DSGVO-OBL-039": [ "TOM.VENDOR.01" ], "DSGVO-OBL-040": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSGVO-OBL-041": [ "TOM.GOV.01" ], "DSGVO-OBL-042": [ "TOM.CRYPTO.01", "TOM.CRYPTO.02", "TOM.CRYPTO.03" ], "DSGVO-OBL-043": [ "TOM.NET.01", "TOM.NET.02", "TOM.BCP.01" ], "DSGVO-OBL-044": [ "TOM.BCP.01", "TOM.BCP.02", "TOM.BCP.03" ], "DSGVO-OBL-045": [ "TOM.GOV.03", "TOM.OPS.03" ], "DSGVO-OBL-046": [ "TOM.OPS.01", "TOM.OPS.02" ], "DSGVO-OBL-047": [ "TOM.OPS.01" ], "DSGVO-OBL-048": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSGVO-OBL-049": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSGVO-OBL-050": [ "TOM.GOV.01" ], "DSGVO-OBL-051": [ "TOM.GOV.01" ], "DSGVO-OBL-052": [ "TOM.GOV.01" ], "DSGVO-OBL-053": [ "TOM.GOV.01" ], "DSGVO-OBL-054": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSGVO-OBL-055": [ "TOM.VENDOR.01", "TOM.VENDOR.03" ], "DSGVO-OBL-056": [ "TOM.VENDOR.01", "TOM.VENDOR.03" ], "DSGVO-OBL-057": [ "TOM.GOV.01", "TOM.VENDOR.03" ], "DSGVO-OBL-058": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSGVO-OBL-059": [ "TOM.HR.01", "TOM.HR.02", "TOM.AC.01" ], "DSGVO-OBL-060": [ "TOM.HR.01", "TOM.HR.02" ], "DSGVO-OBL-061": [ "TOM.HR.01" ], "DSGVO-OBL-062": [ "TOM.GOV.02", "TOM.DATA.01" ], "DSGVO-OBL-063": [ "TOM.GOV.01", "TOM.GOV.02" ], "DSGVO-OBL-064": [ "TOM.GOV.02" ], "DSGVO-OBL-065": [ "TOM.GOV.01", "TOM.GOV.02", "TOM.AC.01" ], "DSGVO-OBL-066": [ "TOM.CRYPTO.01", "TOM.CRYPTO.02", "TOM.AC.01", "TOM.LOG.01" ], "DSGVO-OBL-067": [ "TOM.CRYPTO.01", "TOM.AC.01", "TOM.LOG.01" ], "DSGVO-OBL-068": [ "TOM.DATA.01", "TOM.DATA.02" ], "DSGVO-OBL-069": [ "TOM.OPS.01", "TOM.OPS.02", "TOM.LOG.01" ], "DSGVO-OBL-070": [ "TOM.LOG.01", "TOM.LOG.02" ], "DSGVO-OBL-071": [ "TOM.GOV.01", "TOM.GOV.03" ], "DSGVO-OBL-072": [ "TOM.GOV.01" ], "DSGVO-OBL-073": [ "TOM.GOV.02" ], "DSGVO-OBL-074": [ "TOM.GOV.01" ], "DSGVO-OBL-075": [ "TOM.GOV.03", "TOM.OPS.03" ], "DSGVO-OBL-076": [ "TOM.BCP.01", "TOM.BCP.02" ], "DSGVO-OBL-077": [ "TOM.NET.01", "TOM.NET.02", "TOM.NET.03" ], "DSGVO-OBL-078": [ "TOM.AC.01", "TOM.AC.02" ], "DSGVO-OBL-079": [ "TOM.GOV.02", "TOM.DATA.01" ], "DSGVO-OBL-080": [ "TOM.AC.01", "TOM.LOG.01", "TOM.DATA.02" ], "NIS2-OBL-001": [ "TOM.GOV.01", "TOM.GOV.02" ], "NIS2-OBL-002": [ "TOM.GOV.01", "TOM.GOV.02", "TOM.GOV.03", "TOM.OPS.01" ], "NIS2-OBL-003": [ "TOM.GOV.01", "TOM.GOV.04", "TOM.GOV.05" ], "NIS2-OBL-004": [ "TOM.HR.01", "TOM.HR.02", "TOM.GOV.06" ], "NIS2-OBL-005": [ "TOM.OPS.08", "TOM.OPS.09", "TOM.OPS.10", "TOM.LOG.01" ], "NIS2-OBL-006": [ "TOM.BCP.01", "TOM.BCP.02", "TOM.BCP.03", "TOM.BCP.04" ], "NIS2-OBL-007": [ "TOM.VENDOR.01", "TOM.VENDOR.02", "TOM.VENDOR.03", "TOM.VENDOR.04" ], "NIS2-OBL-008": [ "TOM.OPS.04", "TOM.OPS.05", "TOM.SDLC.01", "TOM.SDLC.02" ], "NIS2-OBL-009": [ "TOM.IAM.01", "TOM.IAM.02", "TOM.IAM.03", "TOM.AC.01", "TOM.AC.02" ], "NIS2-OBL-010": [ "TOM.CRYPTO.01", "TOM.CRYPTO.02", "TOM.CRYPTO.03" ], "NIS2-OBL-011": [ "TOM.HR.01", "TOM.HR.02", "TOM.HR.03", "TOM.HR.04" ], "NIS2-OBL-012": [ "TOM.GOV.07", "TOM.GOV.08" ], "NIS2-OBL-013": [ "TOM.NET.01", "TOM.NET.02", "TOM.NET.03", "TOM.NET.04" ], "NIS2-OBL-014": [ "TOM.LOG.01", "TOM.LOG.02", "TOM.LOG.03", "TOM.LOG.04" ], "NIS2-OBL-015": [ "TOM.GOV.09", "TOM.GOV.10", "TOM.OPS.06" ], "NIS2-OBL-016": [ "TOM.GOV.03", "TOM.GOV.11" ], "NIS2-OBL-017": [ "TOM.GOV.12" ], "NIS2-OBL-018": [ "TOM.OPS.09", "TOM.OPS.10" ], "NIS2-OBL-019": [ "TOM.GOV.13", "TOM.VENDOR.05" ], "NIS2-OBL-020": [ "TOM.OPS.04", "TOM.OPS.05", "TOM.SDLC.03" ], "NIS2-OBL-021": [ "TOM.OPS.11", "TOM.GOV.14" ], "NIS2-OBL-022": [ "TOM.OPS.04", "TOM.OPS.05" ], "NIS2-OBL-023": [ "TOM.OPS.09" ], "NIS2-OBL-024": [ "TOM.GOV.07", "TOM.GOV.08" ], "NIS2-OBL-025": [ "TOM.GOV.07", "TOM.GOV.08" ], "NIS2-OBL-026": [ "TOM.GOV.01", "TOM.GOV.15" ], "NIS2-OBL-027": [ "TOM.GOV.01", "TOM.GOV.15" ], "NIS2-OBL-028": [ "TOM.GOV.01" ], "NIS2-OBL-029": [ "TOM.GOV.03", "TOM.GOV.11" ], "NIS2-OBL-030": [ "TOM.GOV.01", "TOM.GOV.02", "TOM.GOV.03", "TOM.OPS.01", "TOM.BCP.01", "TOM.VENDOR.01", "TOM.SDLC.01", "TOM.HR.01", "TOM.CRYPTO.01", "TOM.IAM.01" ], "NIS2-OBL-031": [ "TOM.GOV.07", "TOM.GOV.08" ], "NIS2-OBL-032": [ "TOM.GOV.02" ], "NIS2-OBL-033": [ "TOM.GOV.01", "TOM.GOV.02" ], "NIS2-OBL-034": [ "TOM.GOV.04", "TOM.GOV.05" ], "NIS2-OBL-035": [ "TOM.GOV.04", "TOM.GOV.05", "TOM.GOV.06" ], "NIS2-OBL-036": [ "TOM.GOV.04", "TOM.GOV.05", "TOM.GOV.06", "TOM.HR.01" ], "NIS2-OBL-037": [ "TOM.GOV.07", "TOM.GOV.08", "TOM.GOV.09" ], "NIS2-OBL-038": [ "TOM.GOV.01", "TOM.GOV.15" ], "NIS2-OBL-039": [ "TOM.GOV.01", "TOM.GOV.15" ], "NIS2-OBL-040": [ "TOM.SDLC.01", "TOM.SDLC.02", "TOM.SDLC.03", "TOM.SDLC.04", "TOM.SDLC.05" ], "TTDSG-OBL-001": [ "TOM.CRY.01", "TOM.AC.01" ], "TTDSG-OBL-002": [ "TOM.CRY.01", "TOM.NET.01" ], "TTDSG-OBL-003": [ "TOM.GOV.01", "TOM.AC.01" ], "TTDSG-OBL-004": [ "TOM.GOV.02", "TOM.LOG.01" ], "TTDSG-OBL-005": [ "TOM.DEL.01", "TOM.GOV.01" ], "TTDSG-OBL-006": [ "TOM.GOV.02" ], "TTDSG-OBL-007": [ "TOM.CRY.02" ], "TTDSG-OBL-008": [ "TOM.GOV.01" ], "TTDSG-OBL-009": [ "TOM.GOV.01", "TOM.DEL.01" ], "TTDSG-OBL-010": [ "TOM.CRY.01", "TOM.NET.01" ], "TTDSG-OBL-011": [ "TOM.NET.01" ], "TTDSG-OBL-012": [ "TOM.GOV.02", "TOM.WEB.01" ], "TTDSG-OBL-013": [ "TOM.WEB.01" ], "TTDSG-OBL-014": [ "TOM.WEB.01", "TOM.GOV.02" ], "TTDSG-OBL-015": [ "TOM.GOV.02" ], "TTDSG-OBL-016": [ "TOM.GOV.02" ], "TTDSG-OBL-017": [ "TOM.GOV.02" ], "TTDSG-OBL-018": [ "TOM.GOV.01" ], "TTDSG-OBL-019": [ "TOM.HR.02", "TOM.AC.01" ], "TTDSG-OBL-020": [ "TOM.GOV.02" ] }, "control_to_obligation": { "TOM.AC.01": [ "DSGVO-OBL-002", "DSGVO-OBL-019", "DSGVO-OBL-020", "DSGVO-OBL-021", "DSGVO-OBL-027", "DSGVO-OBL-059", "DSGVO-OBL-065", "DSGVO-OBL-066", "DSGVO-OBL-067", "DSGVO-OBL-078", "DSGVO-OBL-080", "AIACT-OBL-052", "NIS2-OBL-009", "BDSG-OBL-004", "BDSG-OBL-005", "BDSG-OBL-021", "BDSG-OBL-022", "BDSG-OBL-026", "TTDSG-OBL-001", "TTDSG-OBL-003", "TTDSG-OBL-019" ], "TOM.AC.02": [ "DSGVO-OBL-078", "AIACT-OBL-059", "NIS2-OBL-009", "BDSG-OBL-013" ], "TOM.ACC.01": [ "DORA-OBL-005" ], "TOM.BCP.01": [ "DSGVO-OBL-043", "DSGVO-OBL-044", "DSGVO-OBL-076", "AIACT-OBL-024", "AIACT-OBL-051", "NIS2-OBL-006", "NIS2-OBL-030" ], "TOM.BCP.02": [ "DSGVO-OBL-044", "DSGVO-OBL-076", "AIACT-OBL-048", "AIACT-OBL-051", "NIS2-OBL-006" ], "TOM.BCP.03": [ "DSGVO-OBL-044", "AIACT-OBL-048", "NIS2-OBL-006" ], "TOM.BCP.04": [ "AIACT-OBL-051", "NIS2-OBL-006" ], "TOM.BCP.05": [ "AIACT-OBL-056" ], "TOM.BCP.06": [ "AIACT-OBL-056" ], "TOM.CRY.01": [ "BDSG-OBL-004", "BDSG-OBL-005", "BDSG-OBL-024", "TTDSG-OBL-001", "TTDSG-OBL-002", "TTDSG-OBL-010", "DORA-OBL-005" ], "TOM.CRY.02": [ "BDSG-OBL-005", "BDSG-OBL-019", "BDSG-OBL-020", "TTDSG-OBL-007" ], "TOM.CRYPTO.01": [ "DSGVO-OBL-002", "DSGVO-OBL-019", "DSGVO-OBL-020", "DSGVO-OBL-042", "DSGVO-OBL-066", "DSGVO-OBL-067", "AIACT-OBL-008", "NIS2-OBL-010", "NIS2-OBL-030" ], "TOM.CRYPTO.02": [ "DSGVO-OBL-002", "DSGVO-OBL-020", "DSGVO-OBL-042", "DSGVO-OBL-066", "AIACT-OBL-047", "NIS2-OBL-010" ], "TOM.CRYPTO.03": [ "DSGVO-OBL-042", "AIACT-OBL-052", "NIS2-OBL-010" ], "TOM.DATA.01": [ "DSGVO-OBL-007", "DSGVO-OBL-008", "DSGVO-OBL-009", "DSGVO-OBL-014", "DSGVO-OBL-015", "DSGVO-OBL-024", "DSGVO-OBL-025", "DSGVO-OBL-026", "DSGVO-OBL-027", "DSGVO-OBL-028", "DSGVO-OBL-029", "DSGVO-OBL-030", "DSGVO-OBL-062", "DSGVO-OBL-068", "DSGVO-OBL-079", "AIACT-OBL-003" ], "TOM.DATA.02": [ "DSGVO-OBL-009", "DSGVO-OBL-026", "DSGVO-OBL-068", "DSGVO-OBL-080", "AIACT-OBL-003" ], "TOM.DATA.03": [ "AIACT-OBL-003" ], "TOM.DATA.04": [ "AIACT-OBL-012", "AIACT-OBL-044" ], "TOM.DATA.05": [ "AIACT-OBL-021" ], "TOM.DATA.06": [ "AIACT-OBL-021" ], "TOM.DATA.07": [ "AIACT-OBL-028" ], "TOM.DATA.08": [ "AIACT-OBL-028" ], "TOM.DATA.09": [ "AIACT-OBL-043" ], "TOM.DATA.10": [ "AIACT-OBL-044" ], "TOM.DATA.11": [ "AIACT-OBL-055" ], "TOM.DATA.12": [ "AIACT-OBL-057" ], "TOM.DATA.13": [ "AIACT-OBL-058" ], "TOM.DEL.01": [ "BDSG-OBL-003", "BDSG-OBL-009", "BDSG-OBL-012", "BDSG-OBL-013", "TTDSG-OBL-005", "TTDSG-OBL-009" ], "TOM.GOV.01": [ "DSGVO-OBL-001", "DSGVO-OBL-003", "DSGVO-OBL-004", "DSGVO-OBL-012", "DSGVO-OBL-013", "DSGVO-OBL-016", "DSGVO-OBL-017", "DSGVO-OBL-018", "DSGVO-OBL-019", "DSGVO-OBL-021", "DSGVO-OBL-031", "DSGVO-OBL-032", "DSGVO-OBL-036", "DSGVO-OBL-040", "DSGVO-OBL-041", "DSGVO-OBL-048", "DSGVO-OBL-049", "DSGVO-OBL-050", "DSGVO-OBL-051", "DSGVO-OBL-052", "DSGVO-OBL-053", "DSGVO-OBL-054", "DSGVO-OBL-057", "DSGVO-OBL-058", "DSGVO-OBL-063", "DSGVO-OBL-065", "DSGVO-OBL-071", "DSGVO-OBL-072", "DSGVO-OBL-074", "AIACT-OBL-001", "AIACT-OBL-016", "AIACT-OBL-017", "AIACT-OBL-019", "AIACT-OBL-026", "AIACT-OBL-032", "AIACT-OBL-049", "AIACT-OBL-053", "NIS2-OBL-001", "NIS2-OBL-002", "NIS2-OBL-003", "NIS2-OBL-026", "NIS2-OBL-027", "NIS2-OBL-028", "NIS2-OBL-030", "NIS2-OBL-033", "NIS2-OBL-038", "NIS2-OBL-039", "BDSG-OBL-006", "BDSG-OBL-008", "BDSG-OBL-014", "BDSG-OBL-017", "BDSG-OBL-018", "BDSG-OBL-021", "BDSG-OBL-026", "BDSG-OBL-027", "BDSG-OBL-028", "TTDSG-OBL-003", "TTDSG-OBL-005", "TTDSG-OBL-008", "TTDSG-OBL-009", "TTDSG-OBL-018", "DSA-OBL-001", "DSA-OBL-002", "DSA-OBL-003", "DSA-OBL-004", "DSA-OBL-005", "DSA-OBL-006", "DSA-OBL-007", "DSA-OBL-008", "DSA-OBL-009", "DSA-OBL-012", "DSA-OBL-017", "DSA-OBL-018", "DSA-OBL-021", "DSA-OBL-022", "DSA-OBL-026", "DSA-OBL-027", "DSA-OBL-028", "DSA-OBL-029", "DSA-OBL-030", "DSA-OBL-032", "DSA-OBL-033", "DSA-OBL-034", "DSA-OBL-035", "DATAACT-OBL-002", "DATAACT-OBL-004", "DATAACT-OBL-006", "DATAACT-OBL-007", "DATAACT-OBL-008", "DATAACT-OBL-009", "DATAACT-OBL-010", "DATAACT-OBL-011", "DATAACT-OBL-013", "DATAACT-OBL-016", "DATAACT-OBL-017", "DATAACT-OBL-018", "DATAACT-OBL-019", "DATAACT-OBL-020", "DATAACT-OBL-021", "DATAACT-OBL-022", "DATAACT-OBL-024", "DATAACT-OBL-025" ], "TOM.GOV.02": [ "DSGVO-OBL-001", "DSGVO-OBL-006", "DSGVO-OBL-007", "DSGVO-OBL-008", "DSGVO-OBL-012", "DSGVO-OBL-016", "DSGVO-OBL-022", "DSGVO-OBL-023", "DSGVO-OBL-024", "DSGVO-OBL-030", "DSGVO-OBL-032", "DSGVO-OBL-040", "DSGVO-OBL-062", "DSGVO-OBL-063", "DSGVO-OBL-064", "DSGVO-OBL-065", "DSGVO-OBL-073", "DSGVO-OBL-079", "AIACT-OBL-001", "AIACT-OBL-053", "NIS2-OBL-001", "NIS2-OBL-002", "NIS2-OBL-030", "NIS2-OBL-032", "NIS2-OBL-033", "BDSG-OBL-010", "BDSG-OBL-011", "BDSG-OBL-018", "BDSG-OBL-023", "TTDSG-OBL-004", "TTDSG-OBL-006", "TTDSG-OBL-012", "TTDSG-OBL-014", "TTDSG-OBL-015", "TTDSG-OBL-016", "TTDSG-OBL-017", "TTDSG-OBL-020", "DSA-OBL-005", "DSA-OBL-026", "DSA-OBL-027", "DSA-OBL-029", "DATAACT-OBL-022" ], "TOM.GOV.03": [ "DSGVO-OBL-003", "DSGVO-OBL-031", "DSGVO-OBL-032", "DSGVO-OBL-045", "DSGVO-OBL-048", "DSGVO-OBL-049", "DSGVO-OBL-054", "DSGVO-OBL-058", "DSGVO-OBL-071", "DSGVO-OBL-075", "AIACT-OBL-002", "AIACT-OBL-016", "AIACT-OBL-032", "AIACT-OBL-046", "NIS2-OBL-002", "NIS2-OBL-016", "NIS2-OBL-029", "NIS2-OBL-030", "BDSG-OBL-001", "BDSG-OBL-011", "BDSG-OBL-024", "BDSG-OBL-025", "BDSG-OBL-030", "DSA-OBL-008", "DSA-OBL-009", "DSA-OBL-023", "DSA-OBL-025", "DSA-OBL-026", "DSA-OBL-028", "DSA-OBL-031" ], "TOM.GOV.04": [ "AIACT-OBL-002", "AIACT-OBL-018", "AIACT-OBL-022", "AIACT-OBL-054", "NIS2-OBL-003", "NIS2-OBL-034", "NIS2-OBL-035", "NIS2-OBL-036", "BDSG-OBL-004", "BDSG-OBL-019" ], "TOM.GOV.05": [ "AIACT-OBL-004", "AIACT-OBL-018", "AIACT-OBL-019", "AIACT-OBL-036", "AIACT-OBL-037", "NIS2-OBL-003", "NIS2-OBL-034", "NIS2-OBL-035", "NIS2-OBL-036", "BDSG-OBL-014", "BDSG-OBL-015", "BDSG-OBL-016", "BDSG-OBL-029" ], "TOM.GOV.06": [ "AIACT-OBL-006", "AIACT-OBL-025", "NIS2-OBL-004", "NIS2-OBL-035", "NIS2-OBL-036" ], "TOM.GOV.07": [ "AIACT-OBL-007", "AIACT-OBL-060", "NIS2-OBL-012", "NIS2-OBL-024", "NIS2-OBL-025", "NIS2-OBL-031", "NIS2-OBL-037" ], "TOM.GOV.08": [ "AIACT-OBL-010", "AIACT-OBL-031", "AIACT-OBL-055", "AIACT-OBL-057", "AIACT-OBL-058", "AIACT-OBL-059", "AIACT-OBL-060", "NIS2-OBL-012", "NIS2-OBL-024", "NIS2-OBL-025", "NIS2-OBL-031", "NIS2-OBL-037" ], "TOM.GOV.09": [ "AIACT-OBL-010", "AIACT-OBL-031", "AIACT-OBL-059", "NIS2-OBL-015", "NIS2-OBL-037" ], "TOM.GOV.10": [ "AIACT-OBL-011", "AIACT-OBL-030", "AIACT-OBL-039", "AIACT-OBL-060", "NIS2-OBL-015" ], "TOM.GOV.11": [ "AIACT-OBL-012", "AIACT-OBL-042", "AIACT-OBL-043", "NIS2-OBL-016", "NIS2-OBL-029" ], "TOM.GOV.12": [ "AIACT-OBL-013", "AIACT-OBL-046", "NIS2-OBL-017" ], "TOM.GOV.13": [ "AIACT-OBL-014", "AIACT-OBL-025", "AIACT-OBL-038", "NIS2-OBL-019" ], "TOM.GOV.14": [ "AIACT-OBL-019", "AIACT-OBL-020", "AIACT-OBL-022", "AIACT-OBL-035", "AIACT-OBL-036", "AIACT-OBL-054", "NIS2-OBL-021" ], "TOM.GOV.15": [ "AIACT-OBL-020", "AIACT-OBL-035", "NIS2-OBL-026", "NIS2-OBL-027", "NIS2-OBL-038", "NIS2-OBL-039" ], "TOM.HR.01": [ "DSGVO-OBL-059", "DSGVO-OBL-060", "DSGVO-OBL-061", "AIACT-OBL-007", "NIS2-OBL-004", "NIS2-OBL-011", "NIS2-OBL-030", "NIS2-OBL-036", "BDSG-OBL-006", "BDSG-OBL-007", "BDSG-OBL-008", "BDSG-OBL-009" ], "TOM.HR.02": [ "DSGVO-OBL-059", "DSGVO-OBL-060", "AIACT-OBL-015", "NIS2-OBL-004", "NIS2-OBL-011", "BDSG-OBL-007", "BDSG-OBL-029", "TTDSG-OBL-019" ], "TOM.HR.03": [ "AIACT-OBL-015", "NIS2-OBL-011" ], "TOM.HR.04": [ "AIACT-OBL-057", "NIS2-OBL-011" ], "TOM.HR.05": [ "AIACT-OBL-058" ], "TOM.IAM.01": [ "DSGVO-OBL-002", "AIACT-OBL-052", "NIS2-OBL-009", "NIS2-OBL-030" ], "TOM.IAM.02": [ "AIACT-OBL-055", "NIS2-OBL-009" ], "TOM.IAM.03": [ "NIS2-OBL-009" ], "TOM.LOG.01": [ "DSGVO-OBL-011", "DSGVO-OBL-016", "DSGVO-OBL-020", "DSGVO-OBL-031", "DSGVO-OBL-066", "DSGVO-OBL-067", "DSGVO-OBL-069", "DSGVO-OBL-070", "DSGVO-OBL-080", "AIACT-OBL-005", "AIACT-OBL-023", "NIS2-OBL-005", "NIS2-OBL-014", "BDSG-OBL-022", "TTDSG-OBL-004" ], "TOM.LOG.02": [ "DSGVO-OBL-070", "AIACT-OBL-005", "NIS2-OBL-014" ], "TOM.LOG.03": [ "AIACT-OBL-005", "NIS2-OBL-014" ], "TOM.LOG.04": [ "AIACT-OBL-009", "AIACT-OBL-029", "NIS2-OBL-014" ], "TOM.LOG.05": [ "AIACT-OBL-023" ], "TOM.LOG.06": [ "AIACT-OBL-023" ], "TOM.LOG.07": [ "AIACT-OBL-029" ], "TOM.NET.01": [ "DSGVO-OBL-002", "DSGVO-OBL-043", "DSGVO-OBL-077", "AIACT-OBL-008", "NIS2-OBL-013", "TTDSG-OBL-002", "TTDSG-OBL-010", "TTDSG-OBL-011" ], "TOM.NET.02": [ "DSGVO-OBL-043", "DSGVO-OBL-077", "AIACT-OBL-013", "AIACT-OBL-047", "NIS2-OBL-013" ], "TOM.NET.03": [ "DSGVO-OBL-077", "AIACT-OBL-047", "NIS2-OBL-013" ], "TOM.NET.04": [ "AIACT-OBL-056", "NIS2-OBL-013" ], "TOM.OPS.01": [ "DSGVO-OBL-011", "DSGVO-OBL-046", "DSGVO-OBL-047", "DSGVO-OBL-069", "AIACT-OBL-006", "NIS2-OBL-002", "NIS2-OBL-030", "DSA-OBL-003", "DSA-OBL-010", "DSA-OBL-011", "DSA-OBL-012", "DSA-OBL-013", "DSA-OBL-014", "DSA-OBL-015", "DSA-OBL-016", "DSA-OBL-018", "DSA-OBL-019", "DSA-OBL-020", "DSA-OBL-021", "DSA-OBL-022", "DSA-OBL-023", "DSA-OBL-024", "DSA-OBL-025", "DSA-OBL-030", "DSA-OBL-031", "DSA-OBL-033", "DATAACT-OBL-001", "DATAACT-OBL-003", "DATAACT-OBL-005", "DATAACT-OBL-011", "DATAACT-OBL-012", "DATAACT-OBL-014", "DATAACT-OBL-015", "DATAACT-OBL-016", "DATAACT-OBL-019", "DATAACT-OBL-023" ], "TOM.OPS.02": [ "DSGVO-OBL-011", "DSGVO-OBL-046", "DSGVO-OBL-069", "AIACT-OBL-007", "DSA-OBL-010", "DSA-OBL-013", "DSA-OBL-016", "DATAACT-OBL-003", "DATAACT-OBL-005", "DATAACT-OBL-012" ], "TOM.OPS.03": [ "DSGVO-OBL-045", "DSGVO-OBL-075", "AIACT-OBL-009" ], "TOM.OPS.04": [ "AIACT-OBL-009", "NIS2-OBL-008", "NIS2-OBL-020", "NIS2-OBL-022" ], "TOM.OPS.05": [ "AIACT-OBL-011", "AIACT-OBL-030", "AIACT-OBL-039", "NIS2-OBL-008", "NIS2-OBL-020", "NIS2-OBL-022" ], "TOM.OPS.06": [ "AIACT-OBL-024", "NIS2-OBL-015" ], "TOM.OPS.07": [ "AIACT-OBL-029" ], "TOM.OPS.08": [ "AIACT-OBL-040", "NIS2-OBL-005" ], "TOM.OPS.09": [ "AIACT-OBL-050", "NIS2-OBL-005", "NIS2-OBL-018", "NIS2-OBL-023" ], "TOM.OPS.10": [ "AIACT-OBL-050", "NIS2-OBL-005", "NIS2-OBL-018" ], "TOM.OPS.11": [ "NIS2-OBL-021" ], "TOM.PHY.01": [ "BDSG-OBL-001", "BDSG-OBL-002", "BDSG-OBL-003" ], "TOM.SDLC.01": [ "DSGVO-OBL-033", "DSGVO-OBL-034", "AIACT-OBL-004", "NIS2-OBL-008", "NIS2-OBL-030", "NIS2-OBL-040" ], "TOM.SDLC.02": [ "DSGVO-OBL-033", "AIACT-OBL-008", "NIS2-OBL-008", "NIS2-OBL-040" ], "TOM.SDLC.03": [ "AIACT-OBL-013", "NIS2-OBL-020", "NIS2-OBL-040" ], "TOM.SDLC.04": [ "AIACT-OBL-020", "NIS2-OBL-040" ], "TOM.SDLC.05": [ "AIACT-OBL-040", "AIACT-OBL-041", "NIS2-OBL-040" ], "TOM.SDLC.06": [ "AIACT-OBL-041" ], "TOM.SDLC.07": [ "AIACT-OBL-042" ], "TOM.SDLC.08": [ "AIACT-OBL-045" ], "TOM.SDLC.09": [ "AIACT-OBL-045" ], "TOM.VEN.01": [ "BDSG-OBL-030" ], "TOM.VENDOR.01": [ "DSGVO-OBL-005", "DSGVO-OBL-010", "DSGVO-OBL-028", "DSGVO-OBL-035", "DSGVO-OBL-037", "DSGVO-OBL-038", "DSGVO-OBL-039", "DSGVO-OBL-055", "DSGVO-OBL-056", "AIACT-OBL-026", "NIS2-OBL-007", "NIS2-OBL-030" ], "TOM.VENDOR.02": [ "DSGVO-OBL-005", "DSGVO-OBL-037", "DSGVO-OBL-038", "AIACT-OBL-027", "NIS2-OBL-007" ], "TOM.VENDOR.03": [ "DSGVO-OBL-010", "DSGVO-OBL-055", "DSGVO-OBL-056", "DSGVO-OBL-057", "AIACT-OBL-027", "NIS2-OBL-007" ], "TOM.VENDOR.04": [ "AIACT-OBL-033", "NIS2-OBL-007" ], "TOM.VENDOR.05": [ "AIACT-OBL-033", "NIS2-OBL-019" ], "TOM.VENDOR.06": [ "AIACT-OBL-034" ], "TOM.VENDOR.07": [ "AIACT-OBL-034" ], "TOM.WEB.01": [ "TTDSG-OBL-012", "TTDSG-OBL-013", "TTDSG-OBL-014" ] } }