The security controls and procedures found in the ISO/IEC 17799:2000 code of practice are closely related to the IT service management processes described in MOF.
This white paper maps the requirements of ISO/IEC 17799:2000, an international standard code of practice, to the corresponding processes in the Microsoft Operations Framework (MOF). Its purpose is not to be a prescriptive guide on how to implement MOF and the security requirements, but to provide a checklist of security issues to consider when implementing MOF. Using MOF as the foundation for implementing security controls helps ensure that security is an integral part of each service solution’s life cycle. Organizations preparing for certification of IT security can use this document for guidance on how to prioritize and select appropriate security controls.