ISO27001A.8.21voice-validated
ISO27001 A.8.21: A.8.21
ISO/IEC 27001:2022 Information Security Management
AL
Founder at SQUR · last verified 2026-06-19
Regulation text
Security mechanisms, service levels and service requirements of network services shall be identified, implemented and monitored. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8.21.)
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1190 | Unidentified or unmonitored vulnerabilities in public-facing network services allow initial access. ISO/IEC 27002:2022 §8.21 mandates identifying and implementing security mechanisms for network services. | 90% |
| T1133 | Attackers gain initial access through misconfigured or unmonitored external remote services. The control requires identifying, implementing, and monitoring network service security. | 80% |
| T1078 | Compromised accounts used for network services enable persistence if not monitored. ISO/IEC 27002:2022 §8.21 requires monitoring network services to detect such misuse. | 80% |
| T1543.003 | Adversaries establish persistence by manipulating network-related services if configurations are not secured. The control mandates implementing security mechanisms and service requirements. | 70% |
| T1068 | Vulnerabilities in network services, if not identified and patched, lead to elevated privileges. ISO/IEC 27002:2022 §8.21 requires identifying and implementing security mechanisms. | 90% |
| T1027 | Attackers use obfuscation to bypass network security mechanisms and monitoring. The control requires robust security mechanisms and monitoring for network services. | 70% |
| T1070.004 | Attackers delete logs from network services to evade detection if monitoring is insufficient. ISO/IEC 27002:2022 §8.21 mandates monitoring network services. | 70% |
| T1003 | Compromised network services can be exploited to dump credentials from systems they interact with. Implementing security mechanisms for network services prevents this. | 80% |
| T1552.001 | Network services storing credentials insecurely allow attackers to access them. ISO/IEC 27002:2022 §8.21 requires identifying and implementing secure service requirements. | 80% |
| T1046 | Attackers discover available network services to map the environment and identify targets. Monitoring network services helps detect such discovery attempts. | 80% |
| T1018 | Attackers identify remote systems accessible through network services to plan lateral movement. Effective monitoring of network services detects this activity. | 80% |
| T1021.001 | Attackers use RDP via compromised network access to move laterally. Secure configuration and monitoring of network services, as per ISO/IEC 27002:2022 §8.21, prevent this. | 80% |
| T1021.002 | Attackers use SMB via compromised network access for lateral movement. Implementing security mechanisms and monitoring network services limits this risk. | 80% |
| T1071.001 | Attackers use common network protocols for command and control, bypassing basic monitoring. ISO/IEC 27002:2022 §8.21 requires comprehensive monitoring of network services. | 80% |
| T1041 | Data exfiltration occurs over established network channels if monitoring fails to detect anomalous traffic. The control mandates monitoring network services to prevent data loss. | 80% |
Defending mitigations · 7
| Mitigation | What it does | Confidence |
|---|---|---|
| M1035 | This mitigation directly addresses securing network services by restricting unauthorized access, aligning with 'security mechanisms' and 'service requirements' in ISO/IEC 27002:2022 §8.21. | 90% |
| M1038 | Network segmentation limits the scope of compromise if a network service is exploited, supporting 'security mechanisms' and 'service levels' as required by the control. | 80% |
| M1040 | Implementing network intrusion prevention systems monitors network traffic for malicious activity, directly supporting the 'monitored' aspect of network services in ISO/IEC 27002:2022 §8.21. | 90% |
| M1048 | Filtering network traffic based on identified service requirements and security mechanisms prevents unauthorized communication, fulfilling the control's mandate for network service security. | 90% |
| M1016 | Policies for network service accounts prevent misuse and unauthorized access, supporting 'security mechanisms' and 'service requirements' as per ISO/IEC 27002:2022 §8.21. | 80% |
| M1051 | Secure configuration of network services is fundamental to implementing 'security mechanisms' and meeting 'service requirements' outlined in ISO/IEC 27002:2022 §8.21. | 90% |
| M1047 | Auditing network service activity and configurations is crucial for the 'monitored' aspect of the control, ensuring compliance with ISO/IEC 27002:2022 §8.21. | 90% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-284 | Failure to identify and implement proper security mechanisms for network services leads to unauthorized access, directly violating ISO/IEC 27002:2022 §8.21. | 90% |
| CWE-287 | Weak or missing authentication for network services violates security requirements, as mandated by ISO/IEC 27002:2022 §8.21 for network service security. | 90% |
| CWE-20 | Network services vulnerable to improper input validation can be exploited, violating the 'security mechanisms' requirement of ISO/IEC 27002:2022 §8.21. | 80% |
| CWE-732 | Network services with overly permissive access to critical resources violate security requirements, as per ISO/IEC 27002:2022 §8.21. | 80% |
| CWE-200 | Unmonitored or unsecured network services can inadvertently expose sensitive data, directly conflicting with the monitoring and security mechanisms required by ISO/IEC 27002:2022 §8.21. | 80% |
| CWE-798 | Hard-coded credentials in network services undermine security mechanisms and increase risk, failing to meet the security requirements of ISO/IEC 27002:2022 §8.21. | 70% |
| CWE-668 | Network services exposed to an inappropriate network segment or external access violate security requirements, as ISO/IEC 27002:2022 §8.21 mandates proper identification and implementation of security. | 70% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0194 compute · voice-rubric self-validated