AI Agent Compliance Report
ISO/IEC 27001:2022 · Acme Corp (Sample)
Overall compliance score: 77%. 21 of 30 controls passed, 5 failed, 4 partial. 5 findings recorded (0 critical, 2 high).
Key risks: Information Security for Use of Cloud Services · Configuration Management · Monitoring Activities
| Finding ID | Severity | Title | Category | Description |
|---|---|---|---|---|
| IR-NOTIFY-001 | Medium | No notification channels configured | incident | Panguard has no notification channels (Telegram/Slack/Email) configured. Incident alerts cannot be delivered. |
| MON-LOG-002 | Medium | System logging may be impaired | logging | Could not verify macOS unified log status. |
| PATCH-001 | Medium | 2 pending system updates | vulnerability | There are 2 pending macOS software updates. Security patches should be applied promptly. |
| FW-001 | High | Firewall disabled | firewall | macOS Application Firewall is disabled. System is exposed to inbound connections. |
| NET-PORT-001 | High | Risky services exposed | network | The following services are listening on network interfaces: Redis (6379), Redis (6379), PostgreSQL (5432), PostgreSQL (5432). These should be firewalled or disabled. |
| Control ID | Control | Status | # | Evidence |
|---|---|---|---|---|
| A.5.1 | Policies for Information Security | Pass | 0 | Automated scan of policy, governance controls completed. No issues detected for A.5.1 (Policies for Information Security).; 自動掃描 policy、governance 控制項完成。A.5.1(資訊安全政策)未偵測到問題。 |
| A.5.2 | Information Security Roles and Responsibilities | Pass | 0 | Automated scan of governance, personnel controls completed. No issues detected for A.5.2 (Information Security Roles and Responsibilities).; 自動掃描 governance、personnel 控制項完成。A.5.2(資訊安全角色與責任)未偵測到問題。 |
| A.5.10 | Acceptable Use of Information and Other Assets | Pass | 0 | Automated scan of policy, asset controls completed. No issues detected for A.5.10 (Acceptable Use of Information and Other Assets).; 自動掃描 policy、asset 控制項完成。A.5.10(資訊及其他資產的可接受使用)未偵測到問題。 |
| A.5.15 | Access Control | Pass | 0 | Automated scan of access, authentication, password controls completed. No issues detected for A.5.15 (Access Control).; 自動掃描 access、authentication、password 控制項完成。A.5.15(存取控制)未偵測到問題。 |
| A.5.17 | Authentication Information | Pass | 0 | Automated scan of authentication, password, credential controls completed. No issues detected for A.5.17 (Authentication Information).; 自動掃描 authentication、password、credential 控制項完成。A.5.17(驗證資訊)未偵測到問題。 |
| A.5.23 | Information Security for Use of Cloud Services | Fail | 1 | 1 finding(s) detected related to A.5.23 (Information Security for Use of Cloud Services):; 偵測到 1 個與 A.5.23(雲端服務的資訊安全)相關的發現:; [HIGH] Risky services exposed: The following services are listening on network interfaces: Redis (6379), Redis (6379), PostgreSQL (5432), PostgreSQL (5432). These should be firewalled or disabled. |
| A.5.24 | Information Security Incident Management Planning | Partial | 1 | 1 finding(s) detected related to A.5.24 (Information Security Incident Management Planning):; 偵測到 1 個與 A.5.24(資訊安全事件管理規劃)相關的發現:; [MEDIUM] No notification channels configured: Panguard has no notification channels (Telegram/Slack/Email) configured. Incident alerts cannot be delivered. |
| A.5.28 | Collection of Evidence | Partial | 1 | 1 finding(s) detected related to A.5.28 (Collection of Evidence):; 偵測到 1 個與 A.5.28(證據收集)相關的發現:; [MEDIUM] System logging may be impaired: Could not verify macOS unified log status. |
| A.5.29 | Information Security During Disruption | Pass | 0 | Automated scan of continuity, backup, recovery controls completed. No issues detected for A.5.29 (Information Security During Disruption).; 自動掃描 continuity、backup、recovery 控制項完成。A.5.29(中斷期間的資訊安全)未偵測到問題。 |
| A.5.30 | ICT Readiness for Business Continuity | Pass | 0 | Automated scan of continuity, backup, system controls completed. No issues detected for A.5.30 (ICT Readiness for Business Continuity).; 自動掃描 continuity、backup、system 控制項完成。A.5.30(ICT 業務持續性準備)未偵測到問題。 |
| A.5.36 | Compliance with Policies and Standards | Pass | 0 | Automated scan of governance, audit, compliance controls completed. No issues detected for A.5.36 (Compliance with Policies and Standards).; 自動掃描 governance、audit、compliance 控制項完成。A.5.36(政策和標準的合規性)未偵測到問題。 |
| A.6.1 | Screening | Pass | 0 | Automated scan of personnel, access controls completed. No issues detected for A.6.1 (Screening).; 自動掃描 personnel、access 控制項完成。A.6.1(人員審查)未偵測到問題。 |
| A.6.3 | Information Security Awareness, Education and Training | Pass | 0 | Automated scan of personnel, training controls completed. No issues detected for A.6.3 (Information Security Awareness, Education and Training).; 自動掃描 personnel、training 控制項完成。A.6.3(資訊安全意識、教育和訓練)未偵測到問題。 |
| A.7.1 | Physical Security Perimeters | Pass | 0 | Automated scan of physical, access controls completed. No issues detected for A.7.1 (Physical Security Perimeters).; 自動掃描 physical、access 控制項完成。A.7.1(實體安全邊界)未偵測到問題。 |
| A.7.4 | Physical Security Monitoring | Pass | 0 | Automated scan of physical, monitoring controls completed. No issues detected for A.7.4 (Physical Security Monitoring).; 自動掃描 physical、monitoring 控制項完成。A.7.4(實體安全監控)未偵測到問題。 |
| A.8.1 | User Endpoint Devices | Pass | 0 | Automated scan of system, endpoint, device controls completed. No issues detected for A.8.1 (User Endpoint Devices).; 自動掃描 system、endpoint、device 控制項完成。A.8.1(使用者端點裝置)未偵測到問題。 |
| A.8.2 | Privileged Access Rights | Pass | 0 | Automated scan of access, authentication, privilege controls completed. No issues detected for A.8.2 (Privileged Access Rights).; 自動掃描 access、authentication、privilege 控制項完成。A.8.2(特權存取權限)未偵測到問題。 |
| A.8.3 | Information Access Restriction | Pass | 0 | Automated scan of access, policy controls completed. No issues detected for A.8.3 (Information Access Restriction).; 自動掃描 access、policy 控制項完成。A.8.3(資訊存取限制)未偵測到問題。 |
| A.8.5 | Secure Authentication | Pass | 0 | Automated scan of authentication, password, access controls completed. No issues detected for A.8.5 (Secure Authentication).; 自動掃描 authentication、password、access 控制項完成。A.8.5(安全驗證)未偵測到問題。 |
| A.8.7 | Protection Against Malware | Pass | 0 | Automated scan of malware, endpoint, system controls completed. No issues detected for A.8.7 (Protection Against Malware).; 自動掃描 malware、endpoint、system 控制項完成。A.8.7(惡意軟體防護)未偵測到問題。 |
| A.8.8 | Management of Technical Vulnerabilities | Partial | 1 | 1 finding(s) detected related to A.8.8 (Management of Technical Vulnerabilities):; 偵測到 1 個與 A.8.8(技術弱點管理)相關的發現:; [MEDIUM] 2 pending system updates: There are 2 pending macOS software updates. Security patches should be applied promptly. |
| A.8.9 | Configuration Management | Fail | 1 | 1 finding(s) detected related to A.8.9 (Configuration Management):; 偵測到 1 個與 A.8.9(組態管理)相關的發現:; [HIGH] Risky services exposed: The following services are listening on network interfaces: Redis (6379), Redis (6379), PostgreSQL (5432), PostgreSQL (5432). These should be firewalled or disabled. |
| A.8.12 | Data Leakage Prevention | Pass | 0 | Automated scan of data, encryption, system controls completed. No issues detected for A.8.12 (Data Leakage Prevention).; 自動掃描 data、encryption、system 控制項完成。A.8.12(資料外洩防護)未偵測到問題。 |
| A.8.13 | Information Backup | Pass | 0 | Automated scan of backup, continuity, recovery controls completed. No issues detected for A.8.13 (Information Backup).; 自動掃描 backup、continuity、recovery 控制項完成。A.8.13(資訊備份)未偵測到問題。 |
| A.8.15 | Logging | Partial | 1 | 1 finding(s) detected related to A.8.15 (Logging):; 偵測到 1 個與 A.8.15(日誌記錄)相關的發現:; [MEDIUM] System logging may be impaired: Could not verify macOS unified log status. |
| A.8.16 | Monitoring Activities | Fail | 1 | 1 finding(s) detected related to A.8.16 (Monitoring Activities):; 偵測到 1 個與 A.8.16(監控活動)相關的發現:; [HIGH] Risky services exposed: The following services are listening on network interfaces: Redis (6379), Redis (6379), PostgreSQL (5432), PostgreSQL (5432). These should be firewalled or disabled. |
| A.8.20 | Network Security | Fail | 2 | 2 finding(s) detected related to A.8.20 (Network Security):; 偵測到 2 個與 A.8.20(網路安全)相關的發現:; [HIGH] Firewall disabled: macOS Application Firewall is disabled. System is exposed to inbound connections.; [HIGH] Risky services exposed: The following services are listening on network interfaces: Redis (6379), Redis (6379), PostgreSQL (5432), PostgreSQL (5432). These should be firewalled or disabled. |
| A.8.21 | Security of Network Services | Fail | 2 | 2 finding(s) detected related to A.8.21 (Security of Network Services):; 偵測到 2 個與 A.8.21(網路服務安全)相關的發現:; [HIGH] Firewall disabled: macOS Application Firewall is disabled. System is exposed to inbound connections.; [HIGH] Risky services exposed: The following services are listening on network interfaces: Redis (6379), Redis (6379), PostgreSQL (5432), PostgreSQL (5432). These should be firewalled or disabled. |
| A.8.24 | Use of Cryptography | Pass | 0 | Automated scan of encryption, certificate, tls controls completed. No issues detected for A.8.24 (Use of Cryptography).; 自動掃描 encryption、certificate、tls 控制項完成。A.8.24(密碼學使用)未偵測到問題。 |
| A.8.25 | Secure Development Life Cycle | Pass | 0 | Automated scan of development, system, configuration controls completed. No issues detected for A.8.25 (Secure Development Life Cycle).; 自動掃描 development、system、configuration 控制項完成。A.8.25(安全開發生命週期)未偵測到問題。 |