Compliance Ops
Standards ยท Controls ยท Keyword mapping rules
Compliance Rules
110
Keywords that link feed items to ISO standards and controls. Higher weight = stronger signal during compliance mapping.
Keyword
Standard
Control
Weight
Active
breach
ISO27001
A.5.1
5
attack
ISO27001
A.5.1
3
malware
ISO27001
A.5.1
4
risk
ISO31000
RISK1
3
assessment
ISO31000
RISK1
2
business continuity
ISO22301
BC1
5
disaster recovery
ISO22301
BC1
4
resilience
ISO22301
BC1
3
insider threat
ISO27001
A.6.1
4
segregation of duties
ISO27001
A.6.1
3
security roles
ISO27001
A.6.1
2
asset inventory
ISO27001
A.8.1
3
asset classification
ISO27001
A.8.1
3
data ownership
ISO27001
A.8.1
2
access control
ISO27001
A.9.1
5
unauthorized access
ISO27001
A.9.1
5
privilege escalation
ISO27001
A.9.1
5
authentication
ISO27001
A.9.1
4
multi-factor authentication
ISO27001
A.9.1
4
password policy
ISO27001
A.9.1
3
encryption
ISO27001
A.10.1
5
cryptography
ISO27001
A.10.1
4
key management
ISO27001
A.10.1
4
data at rest
ISO27001
A.10.1
3
data in transit
ISO27001
A.10.1
3
vulnerability
ISO27001
A.12.1
5
patch management
ISO27001
A.12.1
4
antivirus
ISO27001
A.12.1
3
penetration test
ISO27001
A.12.1
4
exploit
ISO27001
A.12.1
5
firewall
ISO27001
A.13.1
4
network intrusion
ISO27001
A.13.1
5
DDoS
ISO27001
A.13.1
5
network segmentation
ISO27001
A.13.1
3
VPN
ISO27001
A.13.1
3
incident response
ISO27001
A.16.1
5
security incident
ISO27001
A.16.1
5
forensics
ISO27001
A.16.1
4
threat detection
ISO27001
A.16.1
4
audit
ISO27001
A.18.1
4
regulatory
ISO27001
A.18.1
3
non-compliance
ISO27001
A.18.1
5
threat analysis
ISO31000
RISK2
4
likelihood
ISO31000
RISK2
3
impact analysis
ISO31000
RISK2
4
risk score
ISO31000
RISK2
3
risk mitigation
ISO31000
RISK3
4
risk appetite
ISO31000
RISK3
3
risk transfer
ISO31000
RISK3
3
risk acceptance
ISO31000
RISK3
2
risk register
ISO31000
RISK4
4
key risk indicator
ISO31000
RISK4
3
residual risk
ISO31000
RISK4
3
business impact
ISO22301
BC2
5
critical function
ISO22301
BC2
4
downtime
ISO22301
BC2
4
recovery time
ISO22301
BC3
5
recovery point objective
ISO22301
BC3
4
failover
ISO22301
BC3
4
backup
ISO22301
BC3
3
crisis management
ISO22301
BC4
5
emergency notification
ISO22301
BC4
4
stakeholder communication
ISO22301
BC4
3
personal data
ISO27701
PII1
5
data processing
ISO27701
PII1
4
consent
ISO27701
PII1
4
privacy by design
ISO27701
PII2
4
data minimization
ISO27701
PII2
4
data subject
ISO27701
PII3
3
right to erasure
ISO27701
PII3
5
availability
SOC2
A1
4
system availability
SOC2
A1
4
uptime
SOC2
A1
3
logical access
SOC2
CC6
5
physical access
SOC2
CC6
4
anomaly detection
SOC2
CC7
4
system monitoring
SOC2
CC7
4
cyber threat
NIST
DE.CM
5
threat intelligence
NIST
DE.CM
4
continuous monitoring
NIST
DE.CM
4
identity management
NIST
PR.AC
4
least privilege
NIST
PR.AC
4
zero trust
NIST
PR.AC
5
incident containment
NIST
RS.RP
5
eradication
NIST
RS.RP
4
recovery plan
NIST
RC.RP
4
data breach
GDPR
ART33
5
breach notification
GDPR
ART33
5
data retention
GDPR
ART5
4
lawful basis
GDPR
ART5
4
right to be forgotten
GDPR
ART17
5
data deletion
GDPR
ART17
4
data protection
GDPR
ART32
5
pseudonymization
GDPR
ART32
4
protected health information
HIPAA
HP1
5
PHI
HIPAA
HP1
5
health data
HIPAA
HP1
4
patient records
HIPAA
HP2
5
healthcare provider
HIPAA
HP2
3
audit trail
HIPAA
HP3
4
access log
HIPAA
HP3
4
cardholder data
PCI-DSS
PCI3
5
credit card
PCI-DSS
PCI3
5
payment fraud
PCI-DSS
PCI3
5
tokenization
PCI-DSS
PCI3
4
secure development
PCI-DSS
PCI6
4
code review
PCI-DSS
PCI6
3
network monitoring
PCI-DSS
PCI10
4
log management
PCI-DSS
PCI10
4
intrusion detection
PCI-DSS
PCI10
5