ISO/IEC 27001:2022

What is ISO 27001?

ISO/IEC 27001:2022 is an globally recognized standard, published by the International Standardization Organization and the International Electrotechnical Commission, that provides requirements for establishing, implementing, maintaining and continually improving an information security management system. In the 2022 revision of the ISO 27001 standard, controls are organized into four categories - Organizational, People, Physical and Technical controls.

Who is the intended audience?

ISO/IEC 27001:2022 is intended for organizations of all sizes, and in any industry, seeking a framework for measuring and improving their information security program. Achieving a formal ISO/IEC 27001 certification is an industry recognized method of demonstrating your organization’s commitment to implementing information security best practices.

Where can I find more information?

More information on ISO/IEC 27001:2022 can be found on the ISO website.

How can runZero help me align with these controls?

runZero primarily aligns with the Organizational and Technical controls of ISO/IEC 27001:2002. The following provides details on how runZero aligns with relevant controls.

Organizational controls

No. Control runZero Capability
5.9 Inventory of information and other associated assets runZero inventories assets through a combination of active scanning, passive discovery and API integrations. This includes detailed fingerprinting for IT, OT and IoT devices across on-prem, cloud and remote environments. (Playbook)

Technical controls

No. Control runZero Capability
8.1 User endpoint devices Through active scanning, passive sampling and API integrations, runZero can discovery a variety of gaps in user endpoint device controls:
  • Devices running end of life operating systems
  • Devices missing endpoint protection software
  • Devices missing mobile device management software
  • Endpoints that are not configured with full disk encryption
  • Use of unauthorized software and services
    		•
    8.7 Protection against malware Through integrations with endpoint protection platforms, runZero can discover:
  • Devices missing endpoint protection software (Playbook)
  • Devices running out of date endpoint protection software
  • Devices that have been quarantined
  • The health status of endpoint protection software
    		•
    8.8 Management of technical vulnerabilities Through active scanning, passive sampling and API integrations, runZero supports technical vulnerability management, including:
  • Discovery of vulnerabilities in assets and services through active scanning and passive sampling
  • Integration with vulnerability management platforms, such as Qualys, Rapid7 and Tenable
  • Integration with external attack surface management platforms, such as Censys and Shodan
  • Discovery of gaps in vulnerability scanning strategy (Playbook)
  • The ability to set custom risk and criticality attributes on each asset
  • The ability to create custom of query based vulnerability records
  • Support for custom CVSS scoring in query based vulnerability records
  • Support of Common Platform Enumeration (CPE) standards for operating system identification
  • Support of Common Vulnerabilities and Weaknesses (CVE) standards for vulnerability identification
    		•
    8.9 Configuration management Using active scanning and passive sampling, runZero can monitor configuration baselines through a variety of methods, including discovery of the following:
  • Devices running end of life operating systems and firmware versions (Playbook)
  • Devices running unauthorized or out of date software
  • Use of insecure protocols, such as telnet, ftp, http, ssl, etc.
  • Use of insecure encryption ciphers, such as RC4, DES, 3DES, etc.
  • Network services running on non-standards ports
  • Network services that are not configured to use authentication and encryption
    		•
    8.20 Network security Using active scanning and passive sampling, runZero can discover and fingerprint both managed and unmanaged network devices. Through service probing, runZero’s can further identify weak security configurations and vulnerable firmware versions.
    8.21 Security of network services Using active scanning and passive sampling, runZero can discover network services and associated risks, including:
  • Unauthorized network services
  • Non-standard or insecure protocols
  • Weak or unauthorized encryption ciphers
  • Network services that don’t support authentication and encryption
  • Use of legacy SNMP protocols and default community strings (Playbook)
    		•
    8.22 Segregation of networks runZero’s active scanning can be leveraged to assess the effectiveness of network segmentation by placing an explorer outside of a given security zone and completing a scan to determine exposed assets and servcies. Additionally, runZero can disenumerate multi-homed assets and potential network bridges.
    8.24 Use of cryptography runZero supports cryptography and key management best practices through discovery of the following:
  • Network services that are not configured to use encryption
  • Supported versions for protocols, such as LDAP, SMB, SSL/TLS, etc.
  • Supported ciphers for protocols, such as LDAP, RDP, SMB, SSL/TLS, SSH, etc.
  • Use of shared SSH server host keys
  • Use of X.509 certificates that are expired to nearing expiration
    		•

    Additional runZero resources

    Updated
    Previous: Cybersecurity Maturity Model Certification (CMMC) Next: NERC Critical Infrastructure Protection