Skip to main content
Standard

ISO/IEC 27001:2022

Information security management systems (ISMS) requirements. The anchor certification for enterprise information security.

Organization
ISO/IEC

Overview

Information security management systems (ISMS) requirements. The anchor certification for enterprise information security.

Why it matters for migrations & upgrades

Vibgrate maps a repository's detected purpose onto the standards that apply to it. ISO/IEC 27001:2022 is relevant to project types: any.

Source

  • Official source: https://www.iso.org/standard/27001
  • Version: 2022
  • Machine-readable: no (pdf format)
  • This standard is published under a proprietary license, so we link to the official source rather than hosting the full text.

Requirements

Structured clauses from the published standard.

  • 4Context of the organizationshall

    Determine internal/external issues, interested parties, and the ISMS scope.

  • 5Leadershipshall

    Top-management commitment, information security policy, roles and responsibilities.

  • 6Planningshall

    Risk assessment and treatment; Statement of Applicability; security objectives.

  • 7Supportshall

    Resources, competence, awareness, communication, documented information.

  • 8Operationshall

    Operational planning and control; risk assessment/treatment execution.

  • 9Performance evaluationshall

    Monitoring, measurement, internal audit, management review.

  • 10Improvementshall

    Nonconformity, corrective action, continual improvement.

  • A.5Annex A — Organizational controls (37)shall

    Policies, roles, supplier and incident management, compliance.

  • A.6Annex A — People controls (8)shall

    Screening, terms of employment, awareness, disciplinary process.

  • A.7Annex A — Physical controls (14)shall

    Physical security perimeters, equipment, secure disposal.

  • A.8Annex A — Technological controls (34)shall

    Access control, cryptography, logging, secure development, network security.

ISO/IEC standards are © ISO/IEC, all rights reserved. Vibgrate reproduces only the (factual) clause structure and provides an authored summary for reference — it does not reproduce the normative text. Obtain the official standard from ISO for authoritative wording.

Category

Compliance

Tags

ismsinformation securityiso 27001certification
08:53Z[DRIFT]Next.jsNext.js is 2 major versions behind (current: 14.2.35, latest: 16.1.6).
08:54Z[OWASP]A03:2021 – InjectionUnescaped user input rendered into HTML template (src/routes/admin.ts:42)
08:52Z[SCANNER]semgrepscan signature set is up to date
08:48Z[DRIFT]of dependencies are 2+ major versions behind in acme.39% of dependencies are 2+ major versions behind in acme.
08:50Z[OWASP]A02:2021 – Cryptographic FailuresJWT secret is hardcoded — use environment variables (src/auth/jwt.ts:18)
08:45Z[SCANNER]gitleaksscan signature set is up to date
08:43Z[DRIFT]@types/node@types/node is 3 major versions behind (spec: 22.15.29, latest: 25.2.3).
08:46Z[OWASP]A03:2021 – InjectionRegular expression built from user input — potential ReDoS (src/utils/search.ts:67)
08:38Z[SCANNER]trufflehogstatus: unavailable
08:38Z[DRIFT]electronelectron is 3 major versions behind (spec: ^37.6.0, latest: 40.4.1).
08:42Z[OWASP]A03:2021 – InjectiondangerouslySetInnerHTML used with potentially untrusted content (src/components/RichText.tsx:31)
08:33Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.17.52, latest: 25.2.3).
08:38Z[OWASP]A05:2021 – Security MisconfigurationCookie set without httpOnly or secure flags (src/middleware/session.ts:12)
08:28Z[DRIFT]@types/supertest@types/supertest is 4 major versions behind (spec: ^2.0.16, latest: 6.0.3).
08:34Z[OWASP]A03:2021 – Injectioneval() called with dynamic expression (src/utils/template-engine.ts:88)
08:23Z[DRIFT]VitestVitest is 4 major versions behind (current: 0.34.6, latest: 4.0.18).
08:30Z[OWASP]A01:2021 – Broken Access ControlRedirect URL comes from user-controlled parameter (src/pages/auth/callback.tsx:15)
08:18Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.8.0, latest: 25.2.3).
08:26Z[OWASP]A03:2021 – InjectionUnsanitised input passed to MongoDB query (src/services/users.ts:34)
08:13Z[DRIFT]vitestvitest is 4 major versions behind (spec: ^0.34.6, latest: 4.0.18).
08:22Z[OWASP]A03:2021 – InjectionChild process spawned with user-controlled arguments (src/utils/pdf-generator.ts:52)
08:08Z[DRIFT]of dependencies are 2+ major versions behind in @acme/api.31% of dependencies are 2+ major versions behind in @acme/api.
08:18Z[OWASP]A05:2021 – Security MisconfigurationExternal link opened without rel="noreferrer" (src/components/ExternalLink.tsx:8)
08:03Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.11.0, latest: 25.2.3).
08:14Z[OWASP]A02:2021 – Cryptographic FailuresMath.random() used for token generation — use crypto.randomBytes (src/utils/token.ts:6)
07:58Z[DRIFT]of dependencies are 2+ major versions behind in @acme/workflow-engine.52% of dependencies are 2+ major versions behind in @acme/workflow-engine.
08:10Z[OWASP]A05:2021 – Security MisconfigurationExpress app without Helmet security headers middleware (src/server.ts:1)
07:53Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.19.9, latest: 25.2.3).
07:48Z[DRIFT]@types/node@types/node is 3 major versions behind (spec: ^22.15.29, latest: 25.2.3).
08:53Z[DRIFT]Next.jsNext.js is 2 major versions behind (current: 14.2.35, latest: 16.1.6).
08:54Z[OWASP]A03:2021 – InjectionUnescaped user input rendered into HTML template (src/routes/admin.ts:42)
08:52Z[SCANNER]semgrepscan signature set is up to date
08:48Z[DRIFT]of dependencies are 2+ major versions behind in acme.39% of dependencies are 2+ major versions behind in acme.
08:50Z[OWASP]A02:2021 – Cryptographic FailuresJWT secret is hardcoded — use environment variables (src/auth/jwt.ts:18)
08:45Z[SCANNER]gitleaksscan signature set is up to date
08:43Z[DRIFT]@types/node@types/node is 3 major versions behind (spec: 22.15.29, latest: 25.2.3).
08:46Z[OWASP]A03:2021 – InjectionRegular expression built from user input — potential ReDoS (src/utils/search.ts:67)
08:38Z[SCANNER]trufflehogstatus: unavailable
08:38Z[DRIFT]electronelectron is 3 major versions behind (spec: ^37.6.0, latest: 40.4.1).
08:42Z[OWASP]A03:2021 – InjectiondangerouslySetInnerHTML used with potentially untrusted content (src/components/RichText.tsx:31)
08:33Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.17.52, latest: 25.2.3).
08:38Z[OWASP]A05:2021 – Security MisconfigurationCookie set without httpOnly or secure flags (src/middleware/session.ts:12)
08:28Z[DRIFT]@types/supertest@types/supertest is 4 major versions behind (spec: ^2.0.16, latest: 6.0.3).
08:34Z[OWASP]A03:2021 – Injectioneval() called with dynamic expression (src/utils/template-engine.ts:88)
08:23Z[DRIFT]VitestVitest is 4 major versions behind (current: 0.34.6, latest: 4.0.18).
08:30Z[OWASP]A01:2021 – Broken Access ControlRedirect URL comes from user-controlled parameter (src/pages/auth/callback.tsx:15)
08:18Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.8.0, latest: 25.2.3).
08:26Z[OWASP]A03:2021 – InjectionUnsanitised input passed to MongoDB query (src/services/users.ts:34)
08:13Z[DRIFT]vitestvitest is 4 major versions behind (spec: ^0.34.6, latest: 4.0.18).
08:22Z[OWASP]A03:2021 – InjectionChild process spawned with user-controlled arguments (src/utils/pdf-generator.ts:52)
08:08Z[DRIFT]of dependencies are 2+ major versions behind in @acme/api.31% of dependencies are 2+ major versions behind in @acme/api.
08:18Z[OWASP]A05:2021 – Security MisconfigurationExternal link opened without rel="noreferrer" (src/components/ExternalLink.tsx:8)
08:03Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.11.0, latest: 25.2.3).
08:14Z[OWASP]A02:2021 – Cryptographic FailuresMath.random() used for token generation — use crypto.randomBytes (src/utils/token.ts:6)
07:58Z[DRIFT]of dependencies are 2+ major versions behind in @acme/workflow-engine.52% of dependencies are 2+ major versions behind in @acme/workflow-engine.
08:10Z[OWASP]A05:2021 – Security MisconfigurationExpress app without Helmet security headers middleware (src/server.ts:1)
07:53Z[DRIFT]@types/node@types/node is 5 major versions behind (spec: ^20.19.9, latest: 25.2.3).
07:48Z[DRIFT]@types/node@types/node is 3 major versions behind (spec: ^22.15.29, latest: 25.2.3).