ISO/IEC 27001:2022 Annex A is the cross-sector certification reference. The Annex A
controls covered by nixfleet-compliance
fall in clauses A.5 (organisational) and A.8 (technological).
| Annex A | Title | Controls |
|---|---|---|
| A.5.9 | Inventory of assets | _asset-inventory |
| A.5.19, A.5.21 | Supplier relationships / supply chain | _supply-chain |
| A.5.24, A.5.26 | Incident management | _incident-response |
| A.5.29, A.5.30 | Continuity / ICT readiness | _disaster-recovery |
| A.8.2, A.8.3 | Privileged access / access restriction | _access-control |
| A.8.5 | Secure authentication | _authentication |
| A.8.8 | Management of technical vulnerabilities | _vulnerability-mgmt, _baseline-hardening |
| A.8.9 | Configuration management | _baseline-hardening |
| A.8.13 | Information backup | _backup-retention |
| A.8.15, A.8.16 | Logging / monitoring | _audit-logging |
| A.8.20, A.8.24 | Network security / cryptography | _encryption-in-transit |
| A.8.24 | Use of cryptography | _encryption-at-rest, _key-management |
| A.8.32 | Change management | _change-management |
Canonical control source: docs/iso27001-mapping.md in the compliance repo.