Home/Compliance
iso-27001-2022

ISO 27001:2022. Security Controls

93 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
Audit answer: every control + the techniques it defends + what you can detect (exportable)
▤ Generate threat-informed coverage report
⇄ Self-assessment: pick what you have, see your coverage

Controls

80 shown of 93
A.5.1
Policies for information security
medium
family Organizational framework iso-27001-2022
A.5.10
Acceptable use of information and other associated assets
medium
family Organizational framework iso-27001-2022
A.5.11
Return of assets
medium
family Organizational framework iso-27001-2022
A.5.12
Classification of information
medium
family Organizational framework iso-27001-2022
A.5.13
Labelling of information
medium
family Organizational framework iso-27001-2022
A.5.14
Information transfer
medium
family Organizational framework iso-27001-2022
A.5.15
Access control
medium
family Organizational framework iso-27001-2022
A.5.16
Identity management
medium
family Organizational framework iso-27001-2022
A.5.17
Authentication information
medium
family Organizational framework iso-27001-2022
A.5.18
Access rights
medium
family Organizational framework iso-27001-2022
A.5.19
Information security in supplier relationships
medium
family Organizational framework iso-27001-2022
A.5.2
Information security roles and responsibilities
medium
family Organizational framework iso-27001-2022
A.5.20
Addressing information security within supplier agreements
medium
family Organizational framework iso-27001-2022
A.5.21
Managing information security in the ICT supply chain
medium
family Organizational framework iso-27001-2022
A.5.22
Monitoring, review and change management of supplier services
medium
family Organizational framework iso-27001-2022
A.5.23
Information security for use of cloud services
medium
family Organizational framework iso-27001-2022
A.5.24
Information security incident management planning and preparation
medium
family Organizational framework iso-27001-2022
A.5.25
Assessment and decision on information security events
medium
family Organizational framework iso-27001-2022
A.5.26
Response to information security incidents
medium
family Organizational framework iso-27001-2022
A.5.27
Learning from information security incidents
medium
family Organizational framework iso-27001-2022
A.5.28
Collection of evidence
medium
family Organizational framework iso-27001-2022
A.5.29
Information security during disruption
medium
family Organizational framework iso-27001-2022
A.5.3
Segregation of duties
medium
family Organizational framework iso-27001-2022
A.5.30
ICT readiness for business continuity
medium
family Organizational framework iso-27001-2022
A.5.31
Legal, statutory, regulatory and contractual requirements
medium
family Organizational framework iso-27001-2022
A.5.32
Intellectual property rights
medium
family Organizational framework iso-27001-2022
A.5.33
Protection of records
medium
family Organizational framework iso-27001-2022
A.5.34
Privacy and protection of PII
medium
family Organizational framework iso-27001-2022
A.5.35
Independent review of information security
medium
family Organizational framework iso-27001-2022
A.5.36
Compliance with policies, rules and standards for information security
medium
family Organizational framework iso-27001-2022
A.5.37
Documented operating procedures
medium
family Organizational framework iso-27001-2022
A.5.4
Management responsibilities
medium
family Organizational framework iso-27001-2022
A.5.5
Contact with authorities
medium
family Organizational framework iso-27001-2022
A.5.6
Contact with special interest groups
medium
family Organizational framework iso-27001-2022
A.5.7
Threat intelligence
medium
family Organizational framework iso-27001-2022
A.5.8
Information security in project management
medium
family Organizational framework iso-27001-2022
A.5.9
Inventory of information and other associated assets
medium
family Organizational framework iso-27001-2022
A.6.1
Screening
medium
family People framework iso-27001-2022
A.6.2
Terms and conditions of employment
medium
family People framework iso-27001-2022
A.6.3
Information security awareness, education and training
medium
family People framework iso-27001-2022
A.6.4
Disciplinary process
medium
family People framework iso-27001-2022
A.6.5
Responsibilities after termination or change of employment
medium
family People framework iso-27001-2022
A.6.6
Confidentiality or non-disclosure agreements
medium
family People framework iso-27001-2022
A.6.7
Remote working
medium
family People framework iso-27001-2022
A.6.8
Information security event reporting
medium
family People framework iso-27001-2022
A.7.1
Physical security perimeters
medium
family Physical framework iso-27001-2022
A.7.10
Storage media
medium
family Physical framework iso-27001-2022
A.7.11
Supporting utilities
medium
family Physical framework iso-27001-2022
A.7.12
Cabling security
medium
family Physical framework iso-27001-2022
A.7.13
Equipment maintenance
medium
family Physical framework iso-27001-2022
A.7.14
Secure disposal or re-use of equipment
medium
family Physical framework iso-27001-2022
A.7.2
Physical entry
medium
family Physical framework iso-27001-2022
A.7.3
Securing offices, rooms and facilities
medium
family Physical framework iso-27001-2022
A.7.4
Physical security monitoring
medium
family Physical framework iso-27001-2022
A.7.5
Protecting against physical and environmental threats
medium
family Physical framework iso-27001-2022
A.7.6
Working in secure areas
medium
family Physical framework iso-27001-2022
A.7.7
Clear desk and clear screen
medium
family Physical framework iso-27001-2022
A.7.8
Equipment siting and protection
medium
family Physical framework iso-27001-2022
A.7.9
Security of assets off-premises
medium
family Physical framework iso-27001-2022
A.8.1
User endpoint devices
medium
family Technological framework iso-27001-2022
A.8.10
Information deletion
medium
family Technological framework iso-27001-2022
A.8.11
Data masking
medium
family Technological framework iso-27001-2022
A.8.12
Data leakage prevention
medium
family Technological framework iso-27001-2022
A.8.13
Information backup
medium
family Technological framework iso-27001-2022
A.8.14
Redundancy of information processing facilities
medium
family Technological framework iso-27001-2022
A.8.15
Logging
medium
family Technological framework iso-27001-2022
A.8.16
Monitoring activities
medium
family Technological framework iso-27001-2022
A.8.17
Clock synchronisation
medium
family Technological framework iso-27001-2022
A.8.18
Use of privileged utility programs
medium
family Technological framework iso-27001-2022
A.8.19
Installation of software on operational systems
medium
family Technological framework iso-27001-2022
A.8.2
Privileged access rights
medium
family Technological framework iso-27001-2022
A.8.20
Networks security
medium
family Technological framework iso-27001-2022
A.8.21
Security of network services
medium
family Technological framework iso-27001-2022
A.8.22
Segregation of networks
medium
family Technological framework iso-27001-2022
A.8.23
Web filtering
medium
family Technological framework iso-27001-2022
A.8.24
Use of cryptography
medium
family Technological framework iso-27001-2022
A.8.25
Secure development life cycle
medium
family Technological framework iso-27001-2022
A.8.26
Application security requirements
medium
family Technological framework iso-27001-2022
A.8.27
Secure system architecture and engineering principles
medium
family Technological framework iso-27001-2022
A.8.28
Secure coding
medium
family Technological framework iso-27001-2022
Showing 1-80 of 93
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin