Get a Demo
Compliance
Simplify ISO/IEC 27001 Compliance and Certification
What is ISO/IEC 27001:2022?
ISO/IEC 27001:2022 is a globally recognized standard for managing information security. It defines requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS), with increased emphasis on risk-based controls, identity-centric access (for both human and machine identities), and continuous monitoring.
The 2022 revisions heightened expectations around ephemeral credentials, machine identity governance, and unified auditability, creating demand for solutions built for dynamic, cloud-native environments.
This mapping outlines where and how Teleport can help fulfill technical portions of ISO 27001:2022 controls, particularly those related to access, identity, and auditability. It is not a substitute for a full ISMS implementation.
ISO 27001:2022 Controls Mapped to Teleport Capabilities
5. Organizational Controls | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Policies for Information Security | 5.1 | ✔ Enforces who can access what, when, and how, with audit trails to support policy enforcement across environments. | ||||
Information Security Roles and Responsibilities | 5.2 | ✔ Maps access policies to roles using SSO and RBAC and enforces least privilege. | ||||
Segregation of Duties | 5.3 | ✔ Uses fine-grained RBAC to restrict conflicting access and support separation of duties. | ||||
Management Responsibilities | 5.4 | ✔ Logs all access by identity and session, supporting review and accountability. | ||||
Threat Intelligence | 5.7 | ✔ Sends detailed session telemetry to SIEMs for real-time and historical threat detection and correlation. Provides identity chain observability and real-time anomaly detection. | ||||
Information Security in Project Management | 5.8 | ✔ Provides role- and context-aware access through each stage of the project lifecycle. | ||||
Inventory of Information and Other Associated Assets | 5.9 | ✔ Logs resource access to support asset inventory efforts and track interactions. | ||||
Acceptable Use of Information and Other Associated Assets | 5.10 | ✔ Uses session logs and RBAC to help enforce acceptable use policies. | ||||
Classification of Information | 5.12 | ✔ Maps system access to roles based on data sensitivity or classification. | ||||
Labelling of Information | 5.13 | ✔ Restricts access to labeled resources using role-based access controls. | ||||
Information Transfer | 5.14 | ✔ Secures communication with mTLS and short-lived certificates. | ||||
Access Control | 5.15 | ✔ Implements Zero Trust principles with RBAC, identity-bound access, and full logging. | ||||
Identity Management | 5.16 | ✔ Issues and unifies strong identities for humans, machines, and AI. Short-lived, cryptographically signed certificates authenticate human and machine identities. | ||||
Authentication Information | 5.17 | ✔ Enforces FIDO2, biometrics, and hardware MFA and eliminates static secrets. | ||||
Access Rights | 5.18 | ✔ Dynamically grants and revokes access with full audit trails. | ||||
Managing Information Security in the ICT Supply Chain | 5.21 | ✔ Authenticates and audits all third-party infrastructure access. | ||||
Information Security for Use of Cloud Services | 5.23 | ✔ Enforces access controls across AWS, GCP, Azure, Kubernetes with full logging. | ||||
Information Security Incident Management Planning and Preparation | 5.24 | ✔ Provides full session replay and command logs to support incident investigation readiness. | ||||
Assessment and Decision on Information Security Events | 5.25 | ✔ Supports incident scoping using session telemetry and keystroke data. | ||||
Response to Information Security Incidents | 5.26 | ✔ Supports live session termination and generates tamper-evident session evidence. | ||||
Learning From Information Security Incidents | 5.27 | ✔ Offers audit trails and session replays to support root cause analysis and policy updates. | ||||
Collection of Evidence | 5.28 | ✔ Captures timestamped logs and session video to support reliable forensic investigations. | ||||
Information Security During Disruption | 5.29 | ✔ Maintains secure remote access to systems during outages or operational disruptions. | ||||
ICT Readiness for Business Continuity | 5.30 | ✔ Supports continued identity-aware access during disaster recovery and continuity operations. | ||||
6. People Controls | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Disciplinary Process | 6.4 | ✔ Provides session-level logs to support security investigations and disciplinary processes. | ||||
Remote Working | 6.7 | ✔ Enforces secure remote access using device trust policies and encrypted connections. | ||||
8. Technological Controls | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
User Endpoint Devices | 8.1 | ✔ Evaluates device posture before permitting infrastructure access based on policy-defined criteria. | ||||
Privileged Access Rights | 8.2 | ✔ Enforces JIT access, session recording, and optional multi-party approvals for sensitive actions. | ||||
Information Access Restriction | 8.3 | ✔ Restricts access to permitted systems and data using RBAC and resource labels. | ||||
Access to Source Code | 8.4 | ✔ Secures developer access to Git and CI/CD systems via proxy access, RBAC, and full session auditing. | ||||
Secure Authentication | 8.5 | ✔ Supports modern authentication: FIDO2, biometrics, hardware keys, no passwords. | ||||
Configuration Management | 8.9 | ✔ Logs and audits infrastructure-as-code actions (e.g., Terraform) with RBAC-based access enforcement. | ||||
Data Leakage Prevention | 8.12 | ✔ Limits access windows and monitors session activity to detect unauthorized behaviors. | ||||
Logging | 8.15 | ✔ Captures comprehensive logs with timestamps and identity context. | ||||
Monitoring Activities | 8.16 | ✔ Enables live session viewing and immediate session termination. | ||||
Networks Security | 8.20 | ✔ Secures infrastructure traffic using encrypted tunnels and identity-aware, policy-enforced connections. | ||||
Security of Network Services | 8.21 | ✔ Ensures networked service access is authenticated, authorized, and logged. | ||||
Segregation of Networks | 8.22 | ✔ Uses role-based access to enforce separation of environments (e.g., prod, dev). | ||||
Use of Cryptography | 8.24 | ✔ Leverages modern cryptography (e.g., X.509, mTLS) to authenticate identities and secure access channels. | ||||
Secure Development Life Cycle | 8.25 | ✔ Restricts and audits access across CI/CD pipelines and development environments. | ||||
Secure System Architecture and Engineering Principles | 8.27 | ✔ Enforces least privilege, identity-based access, and encrypted communication aligned with secure-by-design principles. | ||||
Outsourced Development | 8.30 | ✔ Issues scoped credentials and logs sessions for external development activities. | ||||
Separation of Development, Test and Production Environments | 8.31 | ✔ Segregates access between development, test, and production environments using RBAC and resource labels. | ||||
Change Management | 8.32 | ✔ Tracks access and configuration changes to support secure rollout and rollback. | ||||
Test Information | 8.33 | ✔ Protects test environments and data using identity-based and role-scoped access controls. | ||||
Protection of Information Systems During Audit Testing | 8.34 | ✔ Provides scoped, auditable access to systems under review during audit testing. | ||||
Accelerate ISO/IEC 27001:2022 Compliance with Teleport
Additional Resources
Blog Post
ISO 27001:2022 Requirements Explained for 2025
Webinar
2024 Secure Infrastructure Access Report: Key Insights and Trends
Webinar
Hardening Infrastructure Security Against SSO Identity Provider Compromise
Ready to get started?
Delight your engineers. Protect your infrastructure.