ComplianceISO 27001:2022

ISO 27001:2022

Pencheff maps findings to the Annex A controls introduced / revised in the 2022 edition (ISO/IEC 27001:2022).

Annex AThemeCoverage
A.5.15Access controlscan_authz, scan_auth
A.5.16Identity managementscan_auth, scan_oauth
A.5.17Authentication informationscan_mfa_bypass
A.5.18Access rightsscan_authz
A.5.19Supplier relationships — ICTSubdomain takeover + ASM
A.5.32Intellectual property rightsLicense compliance
A.8.2Privileged access rightsscan_authz
A.8.7Malwarescan_container_image, scan_host_vulns
A.8.8Technical vulnerabilitiesFull pencheff DAST + SCA + Network VA
A.8.9Configuration managementIaC scanners
A.8.15 / A.8.16Logging + monitoringPassive scanner, CC7 overlap
A.8.19Installation of softwareSBOM + dep scan
A.8.22Segregation of networksCORS, SSRF, subdomain takeover
A.8.23Web filteringscan_cloud
A.8.24Cryptographyscan_infrastructure
A.8.28Secure codingscan_injection, scan_client_side, scan_advanced

Report

Use the compliance-full profile; the DOCX includes an ISO 27001 Annex A coverage matrix.