ISO 27001:2022 A.8.24
Use of cryptography
UnveilScan findings mapped to this control
The scanner emits 20 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
dns.dnssec_ds_weak_algo
⏱ 15 min
DNS — Dnssec ds weak algo
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
dns.dnssec_small_rsa_key
⏱ 15 min
DNS — Dnssec small rsa key
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
dns.dnssec_weak_algo
⏱ 2h
DNS — Dnssec weak algo
Risk if ignored: Signatures produced with RSASHA1/RSAMD5 can be forged with feasible compute — DNSSEC protection is effectively void.
security
email.mx_no_starttls
⏱ 1h
EMAIL — Mx no starttls
Risk if ignored: Every message travels unencrypted to your MX — passive sniffing, SMTP MITM trivial.
security legal
tls.cert_expired
⏱ 30 min
TLS — Cert expired
Risk if ignored: Every visitor sees a browser error page. Traffic, trust and SEO collapse until the certificate is renewed.
operational reputational
tls.cert_self_signed
⏱ 15 min
TLS — Cert self signed
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
tls.legacy_protocol
⏱ 30 min
TLS — Legacy protocol
Risk if ignored: TLS 1.0/1.1 enable POODLE / BEAST / sweet32 attacks and fail every modern compliance audit (PCI-DSS 4.0, ANSSI).
security legal
tls.legacy_version_tls1.0
⏱ 45 min
TLS — Legacy version tls1.0
Risk if ignored: TLS 1.0 is blacklisted by PCI-DSS 4.0 since March 2025. Payment processors can revoke your merchant account for non-compliance.
security legal financial
Also maps to 2 other controls
tls.legacy_version_tls1.1
⏱ 45 min
TLS — Legacy version tls1.1
Risk if ignored: TLS 1.1 is deprecated by the IETF (RFC 8996). Auditors flag it on every PCI/ISO/SOC2 review.
security legal
Also maps to 2 other controls
tls.weak_cipher_suite
⏱ 15 min
TLS — Weak cipher suite
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
tls.weak_signature_alg
⏱ 15 min
TLS — Weak signature alg
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.cert_file_public_cert_pem
⏱ 15 min
WEB — Cert file public cert pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_fullchain_pem
⏱ 15 min
WEB — Cert file public fullchain pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_pki_cert_pem
⏱ 15 min
WEB — Cert file public pki cert pem
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_server_crt
⏱ 15 min
WEB — Cert file public server crt
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cert_file_public_tls_crt
⏱ 15 min
WEB — Cert file public tls crt
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.cookie_missing_secure
⏱ 15 min
WEB — Cookie missing secure
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.hsts_preload_not_eligible
⏱ 15 min
WEB — Hsts preload not eligible
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.hsts_preload_ready
⏱ 15 min
WEB — Hsts preload ready
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.secrets_in_html
⏱ 4h
WEB — Secrets in html
Risk if ignored: A cloud/SaaS token is visible on every page load. Attackers scrape homepages at scale for exactly this — rotation within hours is the bare minimum.
security financial legal