ISO 27001 Control Mapping
How SiperOne supports ISO 27001:2022 certification with direct control mappings.
Overview
ISO 27001:2022 defines 93 controls in Annex A grouped into organisational, people, physical and technological categories. SiperOne directly supports several technological controls through its authentication, segmentation, logging and access-management capabilities. This mapping helps your ISMS team document SiperOne's contribution to each applicable control.
A.8.5 — Secure Authentication
AnchorNAC enforces 802.1X EAP-TLS with mutual certificate authentication for corporate devices and EAP-TEAP for certificate-plus-password scenarios. AnchorSpot provides multi-factor guest authentication via SMS OTP. All authentication events are logged with identity, timestamp and outcome. Failed-authentication thresholds trigger automatic lockout policies.
A.8.22 — Network Segmentation
AnchorNAC's YAML policy engine assigns devices to VLANs and pushes downloadable ACLs based on identity, role, device posture and time of day. This enforces micro-segmentation without manual switch configuration. Policies are version-controlled and auditable. Segmentation changes are logged and can be reviewed during internal audits.
A.8.15 — Logging & Monitoring
AnchorLog collects, parses and stores logs from network devices, AnchorNAC and AnchorSpot with tamper-evident hash chaining and RFC 3161 timestamps. Full-text search and filtered views support incident investigation. Retention policies are configurable and enforced automatically. Log integrity can be independently verified at any time.
A.8.8 — Vulnerability Management
AnchorNAC's posture module checks endpoint disk encryption (BitLocker, LUKS, FileVault) and OS patch level at authentication time. Non-compliant devices are placed in a quarantine VLAN with access only to remediation resources. Posture re-evaluation occurs at configurable intervals during the session. Results are logged for compliance reporting.
A.5.15 — Access Control Policy
AnchorNAC policies are defined declaratively in YAML with explicit role-to-resource mappings. Policies follow the principle of least privilege — devices receive only the network access required for their role. Policy changes require console authentication and are recorded in the audit trail. TACACS+ extends the same policy model to network-device administration.
A.8.10 — Data Deletion
AnchorLog and AnchorSpot enforce retention-period-based automatic deletion with cryptographic key destruction. Deletion events are recorded in the audit trail and protected by the hash chain. Manual deletion is available for data-subject requests. The process satisfies the ISO 27001 requirement for secure disposal of information assets when they are no longer needed.
Ready to get started?
Deploy AnchorSpot, AnchorNAC or AnchorLog in minutes with a free trial — no credit card required.