ISMS Compliance

Compliance Status

Control implementation status with cross-framework mapping for all 33 CyFun Basic controls

Scope: all NextSDS production and corporate systems and the team that operates them. This page tracks the implementation status of all 33 CyFun Basic controls, mapped to ISO 27001 and CIS v8.1.

CyFun Basic — Full Control Mapping

Status legend: Implemented | Partial | Planned | Not Started | N/A Maturity legend: L0 Non-existent | L1 Initial | L2 Repeatable | L3 Defined | L4 Managed | L5 Optimized

IDENTIFY (10 controls)

Asset Management (ID.AM)

CyFun ControlDescriptionStatusMaturityISO 27001CIS v8.1Evidence
ID.AM-1Physical device inventoryImplementedL2A.5.91.1Asset Inventory
ID.AM-2Software inventoryImplementedL2A.5.92.1Software Inventory
ID.AM-3Communication and data flowsImplementedL2A.5.912.4
ID.AM-4External information systemsImplementedL2A.5.92.1Software Inventory
ID.AM-5Resources prioritisedImplementedL2A.5.121.1Asset Inventory

Governance (ID.GV)

CyFun ControlDescriptionStatusMaturityISO 27001CIS v8.1Evidence
ID.GV-1Cybersecurity policyImplementedL2A.5.115.1Info Security Policy
ID.GV-3Legal requirementsImplementedL2A.5.3115.1
ID.GV-4Risk managementPartialL2A.5.115.1Risk Register

Risk Assessment (ID.RA)

CyFun ControlDescriptionStatusMaturityISO 27001CIS v8.1Evidence
ID.RA-1Vulnerabilities identifiedImplementedL2A.8.87.1Risk Register
ID.RA-5Risk determinationImplementedL2A.5.127.6Risk Register

PROTECT (15 controls)

Identity Management & Access Control (PR.AC)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
PR.AC-1Credential managementYesPartialL2A.5.16, A.5.175.2, 5.4Access Matrix
PR.AC-2Physical accessNoPartialL1A.7.1, A.7.26.1Asset Inventory
PR.AC-3Remote accessYesPartialL2A.8.206.4Access Matrix
PR.AC-4Access permissionsYesPartialL2A.5.15, A.5.18, A.8.26.8Access Matrix
PR.AC-5Network integrityYesImplementedL2A.8.2213.1Cloud Infrastructure

Awareness & Training (PR.AT)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
PR.AT-1Users trainedYesPlannedL1A.6.314.1Training Log

Data Security (PR.DS)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
PR.DS-1Data-at-rest protectedNoImplementedL2A.8.243.6Cloud Infrastructure
PR.DS-2Data-in-transit protectedNoImplementedL2A.8.243.10Cloud Infrastructure
PR.DS-3Asset disposalNoPartialL1A.7.143.4
PR.DS-7Dev/test separationNoImplementedL2A.8.3116.1

Information Protection (PR.IP)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
PR.IP-4BackupsYesImplementedL2A.8.1311.2Cloud Infrastructure
PR.IP-11HR practicesNoPlannedL1A.6.1, A.6.515.1

Maintenance (PR.MA)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
PR.MA-1PatchingYesPartialL2A.8.9, A.8.197.3, 7.4

Protective Technology (PR.PT)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
PR.PT-1Audit logsYesPartialL2A.8.158.2
PR.PT-4Communications protectionNoPartialL2A.8.239.2

DETECT (4 controls)

CyFun ControlDescriptionKeyStatusMaturityISO 27001CIS v8.1Evidence
DE.AE-3Event data collectedYesPartialL2A.8.15, A.8.168.2
DE.CM-1Network monitoredNoPartialL2A.8.1613.6Cloud Infrastructure
DE.CM-3Personnel monitoredNoPartialL1A.8.1613.6
DE.CM-4Malicious code detectedYesImplementedL2A.8.710.1

RESPOND (3 controls)

CyFun ControlDescriptionStatusMaturityISO 27001CIS v8.1Evidence
RS.RP-1Response planPartialL2A.5.2617.4Incident Response Plan
RS.CO-3Information sharedPartialL1A.5.2617.6
RS.IM-1Lessons learnedPartialL1A.5.2717.8Incident Log

RECOVER (1 control)

CyFun ControlDescriptionStatusMaturityISO 27001CIS v8.1Evidence
RC.RP-1Recovery planPartialL2A.5.29, A.5.3017.4DR/BCP Plan

Summary

MetricCount
Total controls33
Key measures10
Implemented15
Partially implemented16
Planned2
Self-assessment date2026-03-11
Attested byCEO
Next review2027-03-11

Maturity Distribution

LevelNameCount
L1Initial7
L2Repeatable26
Average1.8