LAS VEGAS, NV — May 24, 2026 — Nsasoft US LLC today shipped NSAuditor AI Enterprise Edition v0.12.0 to npm — the Track 3 fifth-framework cycle. ISO/IEC 27001:2022 (ISO + IEC, October 2022; 2013 edition retired October 31, 2025) is introduced as the fifth supported compliance framework alongside SOC 2 (AICPA TSC 2017), HIPAA Security Rule §164.312, NIST Cybersecurity Framework 2.0, and PCI DSS v4.0.1. The release pairs with nsauditor-ai@0.1.74 (Community Edition) and nsauditor-ai-agent-skill@0.1.41 in the company’s thirty-first consecutive trio-publish.
Coverage at the auditor-canonical per-Annex-A-control level. Matrix: 17 covered + 14 partial + 62 OOS = 93 across the complete Annex A universe organized into four themes (A.5 Organizational 37 · A.6 People 8 · A.7 Physical 14 · A.8 Technological 34).
Statement of Applicability discipline at the schema layer
ISO/IEC 27001:2022 Clause 6.1.3.d requires every certified organization to produce a Statement of Applicability for each Annex A control. The SoA is the most-tested artifact in the audit; marking a control “Not Applicable” without a defensible risk-treatment justification is a textbook Major Nonconformity. EE 0.12.0 enforces SoA discipline at the schema layer — every control entry carries a soaApplicability field with three values: always-applicable, risk-based-applicable, and excludable-with-justification.
ISMS Management-System Clauses 4-10 are out of scope by design
ISO/IEC 27001:2022 is not just Annex A. Clauses 4-10 describe the management system itself, and without an ISMS there is no certification. EE 0.12.0 frames Clauses 4-10 as OOS-by-design upfront. The report cover page enumerates the seven Major Nonconformity classes — governance, policy, risk management, IR program, awareness and training, management review, internal audit — and recommends per-Clause operator-side platform pairings.
11 NEW 2022 controls surfaced explicitly
The 2022 edition added 11 NEW controls. Each carries distinct cloud-evidenceability: A.5.7 Threat intel (OOS) · A.5.23 Cloud services (COVERED) · A.5.30 ICT readiness for BC (OOS) · A.7.4 Physical security monitoring (OOS) · A.8.9 Configuration management (COVERED) · A.8.10 Information deletion (PARTIAL) · A.8.11 Data masking (OOS) · A.8.12 DLP (PARTIAL) · A.8.16 Monitoring activities (COVERED) · A.8.23 Web filtering (OOS) · A.8.28 Secure coding (OOS).
5-attribute taxonomy
The 2022 edition introduced a new 5-attribute taxonomy. Key gotcha: cybersecurityConcepts has FIVE categories — Identify, Protect, Detect, Respond, Recover — not six like NIST CSF 2.0 (which added govern). The schema rejects the look-alike.
2013-to-2022 transition fully traceable
Every Annex A entry carries an iso2013Source field: 35 unchanged, 23 renamed, 57 merged into 24, 11 NEW = 93. The schema rejects 2013-edition control identifiers as stale.
Cloud-Provider Certificate Inheritance Matrix
EE 0.12.0 renders a Cloud-Provider Certificate Inheritance Matrix on every ISO 27001 report — for the 16 in-scope ISO controls, the matrix names AWS / Azure / GCP ISO 27001:2022 Certificates with annual currency-revisit cadence.
Penta-framework one-scan workflow
--compliance soc2,hipaa,nist-csf,pci-dss,iso-27001 produces five complete auditor-ready evidence packs from a single scan. Cross-framework citation isolation enforced in all ten pair-directions.
Trust posture
Zero data exfiltration. Information assets, ePHI, Cardholder Data, and cloud credentials never leave the customer’s infrastructure. Zero BAA required. Air-gapped deployment supported for federal-contractor + DFARS + CMMC + payment-processing CDE-isolation threat models.
Install
npm install -g nsauditor-ai@0.1.74 @nsasoft/nsauditor-ai-ee@0.12.0
npm install nsauditor-ai-agent-skill@0.1.41More: NSAuditor AI Enterprise Edition · ISO/IEC 27001:2022 coverage matrix
About Nsasoft US LLC — Nsasoft builds AI-powered network security and data recovery tools. NSAuditor AI is an open-source, zero-data-exfiltration scanner with 51 plugins (27 Community + 24 Enterprise) and air-gapped licensing that runs entirely on your infrastructure.
