Teleport Launches Beams — Trusted Agent Runtimes For Infrastructure
Learn More
Background image

COMPLIANCE

Accelerate ISO 27001:2022 Compliance with Teleport

Teleport helps organizations earn and retain ISO 27001:2022 certification by establishing a unified identity layer across humans, machines, workloads, and AI agents. Cryptographic identities, Zero Trust access, and centralized audit logging map directly to Annex A controls across the Organizational, People, and Technological domains - so you can pass audits with flying colors and reduce the audit burden.

ISO 27001:2022 Controls Mapped to Teleport Capabilities

5. Organizational Controls

Control Name

ID

Teleport Capability

Policies for Information Security

5.1

✔ Enforces who can access what, when, and how, with audit trails to support policy enforcement across environments.

Information Security Roles and Responsibilities

5.2

✔ Maps access policies to roles using SSO and RBAC and enforces least privilege.

Segregation of Duties

5.3

✔ Uses fine-grained RBAC to restrict conflicting access and support separation of duties.

Management Responsibilities

5.4

✔ Logs all access by identity and session, supporting review and accountability.

Threat Intelligence

5.7

✔ Sends detailed session telemetry to SIEMs for real-time and historical threat detection and correlation. Provides identity chain observability and real-time anomaly detection.

Information Security in Project Management

5.8

✔ Provides role- and context-aware access through each stage of the project lifecycle.

Inventory of Information and Other Associated Assets

5.9

✔ Logs resource access to support asset inventory efforts and track interactions.

Acceptable Use of Information and Other Associated Assets

5.10

✔ Uses session logs and RBAC to help enforce acceptable use policies.

Classification of Information

5.12

✔ Maps system access to roles based on data sensitivity or classification.

Labelling of Information

5.13

✔ Restricts access to labeled resources using role-based access controls.

Information Transfer

5.14

✔ Secures communication with mTLS and short-lived certificates.

Access Control

5.15

✔ Implements Zero Trust principles with RBAC, identity-bound access, and full logging.

Identity Management

5.16

✔ Issues and unifies strong identities for humans, machines, and AI. Short-lived, cryptographically signed certificates authenticate human and machine identities.

Authentication Information

5.17

✔ Enforces FIDO2, biometrics, and hardware MFA and eliminates static secrets.

Access Rights

5.18

✔ Dynamically grants and revokes access with full audit trails.

Managing Information Security in the ICT Supply Chain

5.21

✔ Authenticates and audits all third-party infrastructure access.

Information Security for Use of Cloud Services

5.23

✔ Enforces access controls across AWS, GCP, Azure, Kubernetes with full logging.

Information Security Incident Management Planning and Preparation

5.24

✔ Provides full session replay and command logs to support incident investigation readiness.

Assessment and Decision on Information Security Events

5.25

✔ Supports incident scoping using session telemetry and keystroke data.

Response to Information Security Incidents

5.26

✔ Supports live session termination and generates tamper-evident session evidence.

Learning From Information Security Incidents

5.27

✔ Offers audit trails and session replays to support root cause analysis and policy updates.

Collection of Evidence

5.28

✔ Captures timestamped logs and session video to support reliable forensic investigations.

Information Security During Disruption

5.29

✔ Maintains secure remote access to systems during outages or operational disruptions.

ICT Readiness for Business Continuity

5.30

✔ Supports continued identity-aware access during disaster recovery and continuity operations.

Control Name

Policies for Information Security

ID

5.1

Teleport Capability

✔ Enforces who can access what, when, and how, with audit trails to support policy enforcement across environments.

Control Name

Information Security Roles and Responsibilities

ID

5.2

Teleport Capability

✔ Maps access policies to roles using SSO and RBAC and enforces least privilege.

Control Name

Segregation of Duties

ID

5.3

Teleport Capability

✔ Uses fine-grained RBAC to restrict conflicting access and support separation of duties.

Control Name

Management Responsibilities

ID

5.4

Teleport Capability

✔ Logs all access by identity and session, supporting review and accountability.

Control Name

Threat Intelligence

ID

5.7

Teleport Capability

✔ Sends detailed session telemetry to SIEMs for real-time and historical threat detection and correlation. Provides identity chain observability and real-time anomaly detection.

Control Name

Information Security in Project Management

ID

5.8

Teleport Capability

✔ Provides role- and context-aware access through each stage of the project lifecycle.

Control Name

Inventory of Information and Other Associated Assets

ID

5.9

Teleport Capability

✔ Logs resource access to support asset inventory efforts and track interactions.

Control Name

Acceptable Use of Information and Other Associated Assets

ID

5.10

Teleport Capability

✔ Uses session logs and RBAC to help enforce acceptable use policies.

Control Name

Classification of Information

ID

5.12

Teleport Capability

✔ Maps system access to roles based on data sensitivity or classification.

Control Name

Labelling of Information

ID

5.13

Teleport Capability

✔ Restricts access to labeled resources using role-based access controls.

Control Name

Information Transfer

ID

5.14

Teleport Capability

✔ Secures communication with mTLS and short-lived certificates.

Control Name

Access Control

ID

5.15

Teleport Capability

✔ Implements Zero Trust principles with RBAC, identity-bound access, and full logging.

Control Name

Identity Management

ID

5.16

Teleport Capability

✔ Issues and unifies strong identities for humans, machines, and AI. Short-lived, cryptographically signed certificates authenticate human and machine identities.

Control Name

Authentication Information

ID

5.17

Teleport Capability

✔ Enforces FIDO2, biometrics, and hardware MFA and eliminates static secrets.

Control Name

Access Rights

ID

5.18

Teleport Capability

✔ Dynamically grants and revokes access with full audit trails.

Control Name

Managing Information Security in the ICT Supply Chain

ID

5.21

Teleport Capability

✔ Authenticates and audits all third-party infrastructure access.

Control Name

Information Security for Use of Cloud Services

ID

5.23

Teleport Capability

✔ Enforces access controls across AWS, GCP, Azure, Kubernetes with full logging.

Control Name

Information Security Incident Management Planning and Preparation

ID

5.24

Teleport Capability

✔ Provides full session replay and command logs to support incident investigation readiness.

Control Name

Assessment and Decision on Information Security Events

ID

5.25

Teleport Capability

✔ Supports incident scoping using session telemetry and keystroke data.

Control Name

Response to Information Security Incidents

ID

5.26

Teleport Capability

✔ Supports live session termination and generates tamper-evident session evidence.

Control Name

Learning From Information Security Incidents

ID

5.27

Teleport Capability

✔ Offers audit trails and session replays to support root cause analysis and policy updates.

Control Name

Collection of Evidence

ID

5.28

Teleport Capability

✔ Captures timestamped logs and session video to support reliable forensic investigations.

Control Name

Information Security During Disruption

ID

5.29

Teleport Capability

✔ Maintains secure remote access to systems during outages or operational disruptions.

Control Name

ICT Readiness for Business Continuity

ID

5.30

Teleport Capability

✔ Supports continued identity-aware access during disaster recovery and continuity operations.

6. People Controls

Control Name

ID

Teleport Capability

Disciplinary Process

6.4

✔ Provides session-level logs to support security investigations and disciplinary processes.

Remote Working

6.7

✔ Enforces secure remote access using device trust policies and encrypted connections.

Control Name

Disciplinary Process

ID

6.4

Teleport Capability

✔ Provides session-level logs to support security investigations and disciplinary processes.

Control Name

Remote Working

ID

6.7

Teleport Capability

✔ Enforces secure remote access using device trust policies and encrypted connections.

8. Technological Controls

Control Name

ID

Teleport Capability

User Endpoint Devices

8.1

✔ Evaluates device posture before permitting infrastructure access based on policy-defined criteria.

Privileged Access Rights

8.2

✔ Enforces JIT access, session recording, and optional multi-party approvals for sensitive actions.

Information Access Restriction

8.3

✔ Restricts access to permitted systems and data using RBAC and resource labels.

Access to Source Code

8.4

✔ Secures developer access to Git and CI/CD systems via proxy access, RBAC, and full session auditing.

Secure Authentication

8.5

✔ Supports modern authentication: FIDO2, biometrics, hardware keys, no passwords.

Configuration Management

8.9

✔ Logs and audits infrastructure-as-code actions (e.g., Terraform) with RBAC-based access enforcement.

Data Leakage Prevention

8.12

✔ Limits access windows and monitors session activity to detect unauthorized behaviors.

Logging

8.15

✔ Captures comprehensive logs with timestamps and identity context.

Monitoring Activities

8.16

✔ Enables live session viewing and immediate session termination.

Networks Security

8.20

✔ Secures infrastructure traffic using encrypted tunnels and identity-aware, policy-enforced connections.

Security of Network Services

8.21

✔ Ensures networked service access is authenticated, authorized, and logged.

Segregation of Networks

8.22

✔ Uses role-based access to enforce separation of environments (e.g., prod, dev).

Use of Cryptography

8.24

✔ Leverages modern cryptography (e.g., X.509, mTLS) to authenticate identities and secure access channels.

Secure Development Life Cycle

8.25

✔ Restricts and audits access across CI/CD pipelines and development environments.

Secure System Architecture and Engineering Principles

8.27

✔ Enforces least privilege, identity-based access, and encrypted communication aligned with secure-by-design principles.

Outsourced Development

8.30

✔ Issues scoped credentials and logs sessions for external development activities.

Separation of Development, Test and Production Environments

8.31

✔ Segregates access between development, test, and production environments using RBAC and resource labels.

Change Management

8.32

✔ Tracks access and configuration changes to support secure rollout and rollback.

Test Information

8.33

✔ Protects test environments and data using identity-based and role-scoped access controls.

Protection of Information Systems During Audit Testing

8.34

✔ Provides scoped, auditable access to systems under review during audit testing.

Control Name

User Endpoint Devices

ID

8.1

Teleport Capability

✔ Evaluates device posture before permitting infrastructure access based on policy-defined criteria.

Control Name

Privileged Access Rights

ID

8.2

Teleport Capability

✔ Enforces JIT access, session recording, and optional multi-party approvals for sensitive actions.

Control Name

Information Access Restriction

ID

8.3

Teleport Capability

✔ Restricts access to permitted systems and data using RBAC and resource labels.

Control Name

Access to Source Code

ID

8.4

Teleport Capability

✔ Secures developer access to Git and CI/CD systems via proxy access, RBAC, and full session auditing.

Control Name

Secure Authentication

ID

8.5

Teleport Capability

✔ Supports modern authentication: FIDO2, biometrics, hardware keys, no passwords.

Control Name

Configuration Management

ID

8.9

Teleport Capability

✔ Logs and audits infrastructure-as-code actions (e.g., Terraform) with RBAC-based access enforcement.

Control Name

Data Leakage Prevention

ID

8.12

Teleport Capability

✔ Limits access windows and monitors session activity to detect unauthorized behaviors.

Control Name

Logging

ID

8.15

Teleport Capability

✔ Captures comprehensive logs with timestamps and identity context.

Control Name

Monitoring Activities

ID

8.16

Teleport Capability

✔ Enables live session viewing and immediate session termination.

Control Name

Networks Security

ID

8.20

Teleport Capability

✔ Secures infrastructure traffic using encrypted tunnels and identity-aware, policy-enforced connections.

Control Name

Security of Network Services

ID

8.21

Teleport Capability

✔ Ensures networked service access is authenticated, authorized, and logged.

Control Name

Segregation of Networks

ID

8.22

Teleport Capability

✔ Uses role-based access to enforce separation of environments (e.g., prod, dev).

Control Name

Use of Cryptography

ID

8.24

Teleport Capability

✔ Leverages modern cryptography (e.g., X.509, mTLS) to authenticate identities and secure access channels.

Control Name

Secure Development Life Cycle

ID

8.25

Teleport Capability

✔ Restricts and audits access across CI/CD pipelines and development environments.

Control Name

Secure System Architecture and Engineering Principles

ID

8.27

Teleport Capability

✔ Enforces least privilege, identity-based access, and encrypted communication aligned with secure-by-design principles.

Control Name

Outsourced Development

ID

8.30

Teleport Capability

✔ Issues scoped credentials and logs sessions for external development activities.

Control Name

Separation of Development, Test and Production Environments

ID

8.31

Teleport Capability

✔ Segregates access between development, test, and production environments using RBAC and resource labels.

Control Name

Change Management

ID

8.32

Teleport Capability

✔ Tracks access and configuration changes to support secure rollout and rollback.

Control Name

Test Information

ID

8.33

Teleport Capability

✔ Protects test environments and data using identity-based and role-scoped access controls.

Control Name

Protection of Information Systems During Audit Testing

ID

8.34

Teleport Capability

✔ Provides scoped, auditable access to systems under review during audit testing.

Accelerate ISO/IEC 27001:2022 Compliance with Teleport

ISO/IEC 27001:2022 raises the bar for secure access, identity governance, and continuous audit readiness. This guide maps Teleport’s Infrastructure Identity Platform to updated ISO controls, showing how to simplify compliance across modern, cloud-native environments. Download now to reduce audit burden, eliminate standing access, and enforce identity-bound access at scale.
Hero section image

Additional Resources

Blog Post

ISO 27001:2022 Requirements Explained for 2025

 

Webinar

2024 Secure Infrastructure Access Report: Key Insights and Trends
 

Webinar

Hardening Infrastructure Security Against SSO Identity Provider Compromise