Compliance Checklist
ISO 27001 Compliance Status
ISO 27001:2022 Annex A control mapping (future)
ISO 27001:2022 — Annex A Mapping
This section is planned for future implementation. ISO 27001 Annex A controls will be mapped through CyFun Basic controls as the backbone pivot.
Current Coverage via CyFun Basic
The following ISO 27001 Annex A controls are already addressed through our CyFun Basic implementation:
| ISO 27001 Control | Description | CyFun Mapping |
|---|---|---|
| A.5.1 | Policies for information security | ID.GV-1, ID.GV-4 |
| A.5.9 | Inventory of information assets | ID.AM-1, ID.AM-2, ID.AM-3, ID.AM-4 |
| A.5.12 | Classification of information | ID.AM-5, ID.RA-5 |
| A.5.15 | Access control | PR.AC-4 |
| A.5.16 | Identity management | PR.AC-1 |
| A.5.17 | Authentication information | PR.AC-1 |
| A.5.18 | Access rights | PR.AC-4 |
| A.5.26 | Response to incidents | RS.RP-1, RS.CO-3 |
| A.5.27 | Learning from incidents | RS.IM-1 |
| A.5.29 | ICT readiness for business continuity | RC.RP-1 |
| A.5.31 | Legal requirements | ID.GV-3 |
| A.6.1 | Screening | PR.IP-11 |
| A.6.3 | Awareness and training | PR.AT-1 |
| A.7.1 | Physical security perimeters | PR.AC-2 |
| A.8.7 | Protection against malware | DE.CM-4 |
| A.8.9 | Configuration management | PR.MA-1 |
| A.8.13 | Information backup | PR.IP-4 |
| A.8.15 | Logging | PR.PT-1, DE.AE-3 |
| A.8.16 | Monitoring activities | DE.CM-1, DE.CM-3 |
| A.8.20 | Networks security | PR.AC-3 |
| A.8.22 | Segregation of networks | PR.AC-5 |
| A.8.23 | Web filtering | PR.PT-4 |
| A.8.24 | Use of cryptography | PR.DS-1, PR.DS-2 |
| A.8.31 | Separation of environments | PR.DS-7 |