(844) 442-9462(844) 442-9462Get a quoteGet a quoteSign InSign In
Cygna Labs
Products
Solutions
Resources
Company
Request Free Trial
Cloud | Data Center
Cloud | Data Center
<b>IPControl</b> Software

IPControl Software

caret-right<b>Sapphire</b> Appliances

Sapphire Appliances

caret-right
DDI as a Service
DDI as a Service
<b>DDI</b> Services

DDI Services

caret-right

SECURITY PRODUCTS

AUTOMATION PRODUCTS

Compliance

On Premises
On Premises
Entitlement and Security for <b>Active Directory</b>

Entitlement and Security for Active Directory

caret-right

DDI Solutions by Role

DDI Solutions by Initiative

Compliance Solutions by Industry

Blog
Blog

Get the latest tech news

Newsroom
Newsroom

Read the press releases

Webinars
Webinars

Join our monthly webinars

Events
Events

Get the announcements

About us
About us

Learn what makes us great

Leadership
Leadership

Meet our executive team

Careers
Careers

Take your career to the next level

Cygna Labs to Acquire NCC Group's DDI business

Learn more

Meet ISO 27001 Compliance Requirements

Schedule a DemoSchedule a Demo

International Standard for Information Security

Voluntary, Auditable and Certifiable

ISO/IEC 27001:2013 is an information security standard that was published in September 2013. Unlike many other regulatory frameworks, it is a voluntary standard. As ISO is an international body, any organization in the world can adopt 27001. Those that choose to implement it can be formally audited to prove compliance to the standard.

NIST-Developed Security Controls Underpin ISO 27001

ISO 27001 defines an Information Security Management System (ISMS) and how to design, deploy, and maintain such a system. It has over 100 controls over 14 security control sections. ISO 27001:2013 is an update of the original 2005 release that aligns better with management standards such as ISO 9000 and ISO/IEC 20000.

Examples of Addressed ISO 27001 Compliance Requirements

Most of the controls specified in ISO 27001 and applicable to Cygna Auditor are similar or identical to the controls specified in NIST Special Publication 800-53, the security control framework for the Federal Information Security Management Act of 2002 (FISMA) and a superset of the ISO 27001 controls. Appendix H of NIST 800-53 provides a mapping of ISO 27001 to NIST 800-53 controls; what follows is a sampling of controls that Cygna Auditor satisfies.

Organization of (internal) Information Security: 6.1.2, 6.1.5

Human Resource Security: 7.2.3, 7.3.1

Access Control: 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.1, 9.4.1, 9.4.2, 9.4.3

Operations Security: 12.1.2, 12.1.3, 12.4.1, 12.4.2, 12.4.3, 12.7.1

Communications Security: 13.1.1, 13.1.3, 13.2.1, 13.2.3

System acquisition, development and maintenance: 14.2.2, 14.2.3, 14.2.6, 14.2.9

Supplier Relationships: 15.2.1

Information security incident management: 16.1.2, 16.1.4, 16.1.5, 16.1.7

Information security aspects of business continuity management: 17.1.2, 17.1.3

Compliance: 18.1.3, 18.1.4, 18.2.2, 18.2.3

Monitor Activity on Secured Systems

Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.

Monitor Activity on Secured Systems

Real-Time Notification of Sensitive Changes

Cygna Auditor's built-in and custom alerting notifies you of critical changes such as membership changes to privileged groups.

Real-Time Notification of Sensitive Changes

Privileged Account Management

Cygna Auditor allows you to monitor all changes made by privileged accounts to ensure they adhere to regulatory and organizational policies for the protection and privacy of data as well as that they do not abuse their unrestricted access.

Privileged Account Management

Meet ISO 27001 Compliance Requirements

Schedule a Demo