ISO 27001:2022 Annex A Mapping
Information Security Management · ISO/IEC 27001:2022
ISO 27001 is the international standard for information security management systems. This mapping shows how Flowtriq addresses Annex A controls relevant to network monitoring, DDoS incident management, and evidence collection.
8
Annex A Controls
6
Full Coverage
2
Partial Coverage
Control Mapping
| Control | Title | How Flowtriq Addresses It | Coverage |
|---|---|---|---|
| A.8.16 | Monitoring activities | Continuous per-packet network monitoring on every protected server. Per-second PPS and BPS metrics with adaptive baseline calculation. Real-time dashboard with historical trends. Agent heartbeat monitoring with offline detection. | Full |
| A.8.20 | Network security | Automated DDoS detection and mitigation. Layered defense: iptables/nftables, XDP/eBPF kernel filtering, BGP FlowSpec, RTBH. Service port rules differentiate legitimate from attack traffic. IP allowlisting prevents blocking trusted sources. | Full |
| A.8.22 | Segregation of networks | Per-server monitoring with independent detection baselines. Service port definitions per node. Mirror/SPAN mode supports per-subnet monitoring. Hypervisor mode provides per-VM traffic differentiation for virtual hosting environments. | Partial |
| A.5.24 | Information security incident management planning | Automated attack detection with classification across 8+ attack families. Pre-configured alert routing to 12+ channels. Automated mitigation triggers with configurable rules. Post-incident reporting with forensic evidence. | Full |
| A.5.25 | Assessment and decision on information security events | Severity scoring with confidence percentages for each detected attack. Attack family classification (volumetric, protocol, application-layer). IOC pattern matching against known attack signatures. Service port awareness for context-aware decision making. | Full |
| A.5.26 | Response to information security incidents | Automated first-response mitigation (firewall, XDP, FlowSpec). Escalation procedures via PagerDuty, OpsGenie, and on-call integrations. Manual override and custom rule deployment via dashboard. Configurable block cooldown and auto-unblock. | Full |
| A.5.28 | Collection of evidence | Automatic PCAP capture during incidents with pre-attack buffer. Full attack metadata (timestamps, PPS/BPS, source IPs, protocol breakdown). PCAP files retained with configurable retention policies. REST API for evidence export to external forensic tools. | Full |
| A.8.15 | Logging | Full event logging for attack detection, classification, and mitigation actions. Configurable log levels (DEBUG through ERROR). Log file rotation. API access for log aggregation into SIEM platforms. Dashboard audit trail for configuration changes. | Partial |
Scope note: This mapping covers ISO 27001:2022 Annex A controls related to network security monitoring and DDoS incident management. Controls related to human resource security, physical security, access management, and other domains are important for a complete ISMS but are outside the scope of a DDoS detection platform.
Strengthen your ISMS with DDoS visibility
Address 8 ISO 27001 Annex A controls for network monitoring and incident response with Flowtriq.
Start Free Trial