All posts
June 22, 20264 min read

MCP Gateways and ISO 27001 Compliance

Relying on point‑in‑time logs to prove ISO 27001 controls is a recipe for audit failure. Most teams that expose an MCP gateway to LLMs or other AI agents treat the gateway as a simple pass‑through. The identity system authenticates the request, the gateway forwards traffic, and the backend service returns a response. When auditors ask for evidence of who accessed what, when, and whether any sensitive data was exposed, the answer is often “we have some logs, but they are incomplete, they lack co

Free White Paper

ISO 27001: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Relying on point‑in‑time logs to prove ISO 27001 controls is a recipe for audit failure.

Most teams that expose an MCP gateway to LLMs or other AI agents treat the gateway as a simple pass‑through. The identity system authenticates the request, the gateway forwards traffic, and the backend service returns a response. When auditors ask for evidence of who accessed what, when, and whether any sensitive data was exposed, the answer is often “we have some logs, but they are incomplete, they lack command‑level detail, and they are stored on the same host that runs the service.” This creates a blind spot: the very point where policy should be enforced is the same place that can be altered or erased.

ISO 27001 requires evidence of access and control, and continuous, tamper‑evident logging helps satisfy that requirement. The standard’s Annex A.12.4 requires that “event logs be produced, kept and regularly reviewed.” In practice, organizations try to stitch together logs from the identity provider, the MCP gateway, and the target service. The stitching process is manual, error‑prone, and does not guarantee that every command or data element is captured.

One common pre‑condition is the deployment of an MCP gateway that authenticates via OIDC or SAML, then proxies requests to a database, an internal API, or a remote shell. This setup solves the identity problem but leaves the data path wide open. The request still reaches the target directly, with no central point that can enforce masking, block risky commands, or require an approval workflow. Without a gatekeeper that records every interaction, the organization cannot produce the granular evidence ISO 27001 expects.

Why iso 27001 evidence must be continuous

Continuous evidence means that every session, every command, and every response is captured at the moment it happens, not after the fact. For ISO 27001, this provides three critical benefits:

  • It satisfies the audit requirement for immutable logs that can be reviewed at any time.
  • It enables real‑time detection of policy violations, allowing the organization to stop a breach before data is exfiltrated.
  • It reduces the operational overhead of manual log aggregation, because the evidence is already centralized.

Achieving this level of assurance requires a component that sits in the data path, not merely at the authentication layer.

hoop.dev as the data‑path enforcement point

hoop.dev is built to occupy exactly that position. It is a Layer 7 gateway that proxies connections to databases, Kubernetes clusters, SSH hosts, RDP sessions, and internal HTTP services. When an identity token is presented, hoop.dev validates it and then becomes the sole conduit for traffic to the target. Because all traffic passes through hoop.dev, it can apply enforcement outcomes directly.

hoop.dev records each session, capturing every command issued and every response returned. It masks sensitive fields in real time, ensuring that even if a response contains credit‑card numbers or personal identifiers, those values are never stored in clear text. It can block dangerous commands before they reach the backend, and it can route high‑risk operations to a human approver for just‑in‑time (JIT) approval. All of these actions happen inside the data path, making the evidence generated by hoop.dev both complete and trustworthy.

Continue reading? Get the full guide.

ISO 27001: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Because hoop.dev runs an agent inside the customer’s network, the credential used to reach the backend never leaves the environment. The agent never sees the secret; hoop.dev holds it and presents it only when the policy permits. This design eliminates the risk of credential leakage while still providing the audit trail required by ISO 27001.

How continuous evidence supports ISO 27001 controls

ISO 27001 Annex A.12.4 calls for “event logging” that records user activities, exceptions, and information security events. hoop.dev fulfills this by:

  • Generating a per‑session log entry that includes the authenticated identity, the target resource, the timestamp, and the exact commands executed.
  • Storing logs in a location that is separate from the target service, satisfying the requirement for protected log storage.
  • Providing a searchable interface for auditors to retrieve logs by user, resource, or time window, reducing the effort needed for evidence collection.

Annex A.14.2.5 requires protection of data in transit. hoop.dev encrypts traffic between the client and the gateway, and between the gateway and the backend, ensuring that the data path is secured end‑to‑end.

Annex A.9.4.2 mandates “privileged access reviews.” With hoop.dev, privileged commands can be flagged for JIT approval, and every approval decision is recorded alongside the session log. This creates a verifiable trail of who authorized what, exactly when.

Getting started with hoop.dev for iso 27001 evidence

To adopt this approach, begin by deploying the hoop.dev gateway in the same network segment as the MCP gateway you already run. The official getting‑started guide walks you through a Docker Compose deployment, OIDC configuration, and agent installation. Once the gateway is live, register your MCP target as a connection in hoop.dev. The platform will automatically enforce session recording, masking, and JIT approval based on the policies you define.

All policy definitions are expressed in a declarative format that ties identity attributes (group membership, role, or service account) to specific actions on the MCP gateway. Because hoop.dev sits in the data path, those policies are enforced regardless of how the client initiates the request.

For a deeper dive into hoop.dev’s feature set, learn more about hoop.dev’s feature set and see how it can be tuned to meet your compliance program.

FAQ

Does hoop.dev replace the existing identity provider?

No. hoop.dev consumes OIDC or SAML tokens from your IdP. It does not act as an IdP or store user credentials.

Can I use hoop.dev with multiple MCP gateways?

Yes. Each gateway is registered as a separate connection, and a single hoop.dev instance can enforce policies across all of them.

How long are the audit logs retained?

Retention is a configuration choice made by the operator. hoop.dev stores logs in a location you control, allowing you to align retention with ISO 27001 requirements.

Explore the source code, contribute improvements, and see the full feature set on GitHub.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot