ISO 27001:2022 A.8.16

Monitoring activities

UnveilScan findings mapped to this control

The scanner emits 2 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.csp_no_reporting ⏱ 1h

WEB — Csp no reporting

Risk if ignored: No telemetry on CSP violations — the team only hears about XSS attempts through user complaints or after-the-fact breach reports.

operational

Also maps to 1 other control

ANSSI Reco-WebSec §4.3 — Endpoint de remontée CSP configuré

web.csp_reporting_unreachable ⏱ 30 min

WEB — Csp reporting unreachable

Risk if ignored: Real CSP violations (XSS attempts, prod regressions) go unnoticed. You lose your early-warning signal.

operational security

Also maps to 1 other control

SOC 2 CC7.2 — System monitoring