ISO 27001 / NIST Compliance Dashboard

System: OpenClaw

Generated: 2026-02-14T13:48:28.592362Z

Risk and Status Overview

Violations2

Partial2

Compliant2

Not Assessed0

High/Critical risk findings: 3

Medium risk findings: 3

Controls Map View

Check ID	Control	ISO 27001	NIST	Status	Risk
privilege_approval_required	Approval required before elevated access	A.5.15, A.5.18	PR.AA-01, PR.AA-05	violation	high
least_privilege_enforced	Least privilege execution mode	A.5.15, A.5.18	PR.AA-01, PR.PS-01	compliant	high
elevation_timeout_30m	Elevated session idle timeout	A.8.2, A.8.15	PR.AA-03, DE.CM-01	partial	medium
audit_logging_privileged_actions	Privileged action audit logging	A.8.15, A.8.16	DE.AE-03, DE.CM-01	partial	medium
open_ports_approved	Open ports baseline approval	A.8.20, A.8.21	PR.PS-02, DE.CM-01	violation	medium
insecure_ports_remediated	Insecure ports remediated	A.8.20, A.8.21	PR.PS-02, PR.DS-02	compliant	high

Violation View

Check ID	Status	Risk	Gap	Evidence
privilege_approval_required	violation	high	Runtime policy does not yet demonstrate universal approval enforcement for elevated actions.	openclaw.json and doctor outputs were evaluated for approval-first execution controls.
elevation_timeout_30m	partial	medium	Global mandatory enforcement for all elevated paths is not yet guaranteed by runtime policy.	Timeout guard script is installed with preflight drop logic.
audit_logging_privileged_actions	partial	medium	No single correlated privileged action audit timeline is guaranteed.	gateway status reports log paths; root_session_guard records transition metadata.
open_ports_approved	violation	medium	Baseline missing or incomplete when unapproved findings exist.	port_monitor.py live output evaluated against approved_ports baseline.

Mitigation View

Check ID	Mitigation	Owner	Due Date
privilege_approval_required	Route all privileged tasks through guarded_privileged_exec.py and enforce approval prompts for elevated execution.	Security Engineering	2026-03-15
least_privilege_enforced	Fix state dir ownership/permissions and enforce command allowlist/approval defaults.	Platform Security	2026-03-07
elevation_timeout_30m	Invoke guarded_privileged_exec.py for every elevated operation path.	Security Engineering	2026-03-15
audit_logging_privileged_actions	Create append-only correlated audit records linking approval, execution, and drop events.	SecOps	2026-03-22
open_ports_approved	Populate ~/.openclaw/security/approved_ports.json and remove unnecessary listeners.	Infrastructure	2026-02-28
insecure_ports_remediated	Enforce baseline checks to block insecure service ports.	Network Security	2026-04-01