ControlMap

ISO/IEC 27001:2022

ISO/IEC 27001:2022 is the international standard for information security management systems (ISMS). It specifies requirements for establishing, implementing, maintaining, and continually improving an ISMS, with Annex A controls covering organizational, people, physical, and technological security measures.

100%
Coverage
49
Controls Covered
0
Gaps
49
Total Controls

Covered Controls

Controls that have explicit mappings to ISO 27001 requirements.

Govern (6 controls)

Gp Governance Policy
A.5.1, A.5.2
 Rm Risk Management
A.5.3, A.8.2
 Sc Supply Chain Risk
A.5.19, A.5.21
 Rr Roles & Responsibilities
A.5.2, A.5.4
 Cm Compliance
A.5.31, A.5.36
 Vr Vendor Risk Mgmt
A.5.19, A.5.20, A.5.21, A.5.22

Identify (6 controls)

Am Asset Management
A.5.9, A.8.1
 Ra Risk Assessment
A.8.2, A.8.3
 Be Business Environment
A.5.1
 Da Data Classification
A.5.10, A.5.12, A.5.13
 Vn Vulnerability Mgmt
A.8.8
 Ti Threat Intelligence
A.5.7

Protect (21 controls)

Aw Awareness & Training
A.6.3, A.7.2
 Ac Access Control
A.5.15, A.8.2, A.8.3
 Mf Multi-Factor Auth
A.8.5
 En Encryption
A.8.24, A.5.14
 Dp Data Protection
A.5.14, A.8.10, A.8.12
 Bk Backup & Recovery
A.8.13
 Pa Privileged Access
A.8.2, A.8.18
 Fw Firewall / Net Seg
A.8.20, A.8.21, A.8.22
 Ep Endpoint Protection
A.8.1, A.8.7
 Pm Patch Management
A.8.8, A.8.19
 Cf Secure Config
A.8.9
 Sd Secure Development
A.8.25, A.8.26, A.8.28
 Ml Email Security
A.8.7, A.8.23
 Ws Web Security
A.8.23, A.8.26
 Zt Zero Trust
A.8.20, A.5.15
 Mb Mobile Security
A.8.1
 Cl Cloud Security
A.5.23, A.8.1
 Ds DNS Security
A.8.20
 Wf WAF
A.8.23
 Dl DLP
A.8.10, A.8.12
 Ap API Security
A.8.23, A.8.26, A.8.28

Detect (6 controls)

Sm Cont. Monitoring
A.8.15, A.8.16
 Lg Logging & Audit
A.8.15, A.8.17
 Id Intrusion Detection
A.8.16
 An Anomaly Detection
A.8.16
 Sg SIEM / SOC
A.8.15, A.8.16
 It Insider Threat
A.5.7, A.6.1, A.8.15

Respond (5 controls)

Ir Incident Response
A.5.24, A.5.25, A.5.26
 Fn Forensics
A.5.28
 Co Communication
A.5.5, A.5.6, A.5.26
 Mt Mitigation
A.5.26, A.8.7
 Rp Reporting
A.5.5, A.5.24, A.6.8

Recover (5 controls)

Rc Recovery Planning
A.5.29, A.5.30
 Bc Business Continuity
A.5.29, A.5.30
 Ll Lessons Learned
A.5.27
 Cr Comms & Restore
A.5.5, A.5.30
 Dr Disaster Recovery
A.5.29, A.5.30

ISO 27001 vs Other Frameworks

ISO 27001 provides 100% coverage of the 49 cybersecurity controls tracked by ControlMap. NIST CSF 2.0 covers 100%, CIS v8 covers 90%, SOC 2 covers 100%, PCI DSS covers 100%, CMMC covers 94%, 800-53 covers 100%, HIPAA covers 94%, GDPR covers 96%. For maximum coverage, organizations often combine ISO 27001 with complementary frameworks to address gaps in areas like niche domains.

Other Frameworks

NIST CSF 2.0 CIS v8 SOC 2 PCI DSS CMMC 800-53 HIPAA GDPR
View ISO 27001 in Interactive Dashboard