How does EchelonGraph detect ISO 27001 A.6.7 violations?

EchelonGraph automatically detects ISO 27001 A.6.7 violations using scanner rule ISO27001-A67. The scanner checks cloud infrastructure configurations in real-time and flags non-compliant resources.

What audit questions are asked for ISO 27001 A.6.7?

What is the remote-work security policy? Are VPN + MDM enforced? Is full-disk encryption verified on laptops? What home-router baseline is required?

📋ISO 27001 A.6.7Rule: ISO27001-A67medium

Remote Working

Description

Security measures shall be implemented when personnel are working remotely to protect information accessed, processed, or stored outside the organisation's premises.

⚠️ Risk Impact

Remote work expanded the attack surface dramatically. Home networks, personal devices, and unsecured Wi-Fi all create entry points. The post-2020 normal demands different controls than the pre-2020 office.

🔍 How EchelonGraph Detects This

ISO27001-A67Automated scanner rule

EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.

🔧 Remediation

Enforce VPN + MDM for remote access. Require company-managed laptops with full-disk encryption + MDM enforcement. Require home-router security baseline (WPA3, no default password). Document remote-work policy.

💀 Real-World Attack Scenario

A remote engineer's home Wi-Fi router used default credentials. An attacker who lived in the same apartment building (low-skill, neighbourhood-scale) compromised the router, performed ARP spoofing, and captured the engineer's work-laptop traffic for 6 weeks. Captured credentials enabled corporate VPN access.

💰 Cost of Non-Compliance

Remote-work-related breaches: 22% of 2024 enterprise incidents (Mandiant M-Trends). Average cost: $4.1M.

📋 Audit Questions

1.What is the remote-work security policy?
2.Are VPN + MDM enforced?
3.Is full-disk encryption verified on laptops?
4.What home-router baseline is required?

🎯 MITRE ATT&CK Mapping

T1557 — Adversary-in-the-MiddleT1133 — External Remote Services

⚡ Common Pitfalls

⛔VPN required but split-tunnelled (most traffic bypasses VPN)
⛔MDM deployed but not enforcing encryption + screen lock
⛔No guidance on home-network security

📈 Business Value

Strong remote-work controls extend the security perimeter to where staff actually work — the 2024 reality of hybrid/remote organisations.

⏱️ Effort Estimate

Manual

20-40 hours for policy + MDM rollout

With EchelonGraph

EchelonGraph integrates with MDM/EDR for posture compliance

🔗 Cross-Framework References

SOC2-CC6.4NIST-AC-17

Automate ISO 27001 A.6.7 compliance

EchelonGraph continuously monitors this control across all your cloud accounts.

Start Free →