Skip to main content

Monitoring Test Guidance

Your troubleshooting hub for all of Drata’s monitored tests

168 articles
Test: IRP Designates Responsible Team MembersDrata inspects your company Incident Response Plan to determine if it specifies roles for monitoring and responding to incidents.
Test: IRP Includes Lessons LearnedDrata inspects your company Incident Response Plan to ensure it includes a section about documenting “Lessons Learned” after incidents.
Test: Has Security PoliciesDrata inspects your company's security policies to determine if they account for securing the company's operations, services, and systems.
Test: Process for Responsible DisclosureDrata inspects your company security policies to determine if they detail a process for employees to disclose potential security violations.
Test: Policies for a Security TeamDrata inspects your company records to determine if management has identified the individuals on the security team.
Test: Backups Checked for IntegrityDrata inspects your backup restoration testing results to determine if the integrity and completeness of backup information is tested.
Test: High Vulnerabilities Addressed
Test: Policies are AcknowledgeDrata inspects your company security policy records to determine if all employees have acknowledge them.
Test: Employees Acknowledge the Data Protection PolicyDrata inspects your company records to determine if the Data Protection Policy has been been acknowledged by all employees.
Test: Termination Process and ChecklistDrata inspects your company System Access Control Policy to determine if there is a termination checklist being followed appropriately.
Test: Critical Vulnerabilities Addressed
October 2024 Release: AWS Drata testNew AWS tests in released in October 30, 2024.
February 2025 Release: AWS and Azure Drata TestsWe’re excited to announce the release of new tests in Drata. These AWS and Azure tests were released in February 5, 2025.
Test 1: Policies Cover Employee AccessDrata inspects your company policies to determine if they outline the proper requirements for allowing employees access to customer data.
Test 2: Policies Cover Employee ConfidentialityDrata inspects your company policies to determine if they require employees to keep customer data completely confidential.
Test 3: Least Privilege Policy for Customer Data AccessDrata inspects your company security policies to determine if employees are only allowed access to customer data when absolutely necessary.
Test 4: SSL/TLS on Admin Page of Infrastructure ConsoleDrata inspects an HTTPS request to your company infrastructure admin console to determine the presence and status of an SSL certificate.
Test 5: A Version Control System is being UsedDrata inspects your company version control system to determine if it is in fact being used.
Test 6: Only Authorized Employees Access Version ControlDrata uses OAuth to access your company's Identity Provider and version control system ensuring access is permitted correctly.
Test 7: Only Authorized Employees Change CodeDrata uses OAuth to access your company's Identity Provider (IdP) and version control system to ensure only authorized users change code.
Test 8: Formal Code Review ProcessDrata reads branch configurations for all in-scope repos in your version control system to ensure reviews are required before merging code .
Test 9: Production Code Changes RestrictedDrata pulls a list of all of the authorized users with access to merge code to the default branch of a code repository in version control.
Test 11: Contact Information Available to CustomersDrata inspects your company records to determine if a URL to customer-accessible support documentation has been provided.
Test 13: System Access Control PolicyDrata inspects your company records to determine if a System Access Control Policy is in place and is currently valid.
Test 16: Information Security PolicyDrata inspects your company records to determine if an Information Security Policy is in place and is currently valid.
Test 17: Maintains Organization ChartDrata inspects your company records to determine if an Organizational Chart has been uploaded within the last 12 months
Test 18: Risk Assessment PolicyDrata inspects your company records to determine if a Risk Assessment Policy is in place and is currently valid.
Test 21: Vulnerability ScanningDrata requests verification that there is an active connection to a vulnerability scanning system in Drata.
Test 26: Security Issues are PrioritizedDrata inspects your company task tracking system to determine if security issues are being tagged and prioritized accordingly.
Test 27: SLA for Security BugsDrata inspects your company records to determine if a Vulnerability Management Policy, that includes an SLA for P0 security bugs, is active.
Test 28: Disaster Recovery PlanDrata inspects your company records to determine if a Disaster Recovery Plan is in place and is currently active.
Test 30: Availability Zones UsedDrata inspects your company infrastructure configurations to determine if multiple availability zones (AZs) are utilized.
Test 32: Policies for Tracking Security ItemsDrata inspects your company Incident Response Plan to determine if it includes a section about tracking follow-ups after an incident.
Test 33: Incident Response Plan (IRP)Drata inspects your company records to determine if an Incident Response Plan is in place and is before the policy renewal date.
Test 36: Has a SDLC PolicyDrata inspects your company records to determine if a Software Development Life Cycle Policy is in place and is currently active.
Test 39: Security Policies are ReviewedDrata inspects your company records to determine if Management reviewed and approved its security policies before the renewal date.
Test 42: Policies for Security Awareness TrainingDrata inspects your company Information Security Policy to ensure the security team is responsible for training all employees on security.
Test 43: Security Awareness Training CompletedDrata inspects your company security awareness training certificates to determine if all employees have completed their training.
Test 44: Acceptable Use PolicyDrata inspects your company records to determine if an Acceptable Use Policy is in place and is before the renewal date.
Test 45: Employees Acknowledge the Acceptable Use PolicyDrata inspects your company records to determine if the Acceptable Use Policy has been acknowledged by all employees.
Test 46: Performance Evaluation ProcessDrata inspects your company records to determine if there is a formal process to evaluate employee performance.
Test 47: Employee Background ChecksDrata inspects your company records to determine if all new employees have completed background checks upon hire.
Test 48: Contractors Acknowledge the Code of ConductDrata inspects your company records to determine if the Code of Conduct has been acknowledged by all contractors.
Test 49: Contractors Acknowledge the Acceptable Use PolicyDrata inspects your company records to determine if the Acceptable Use Policy has been acknowledged by all contractors.
Test 50: Contractor Background ChecksDrata inspects your company records to determine if all new contractors have completed background checks upon hire.
Test 51: Independent Board of DirectorsDrata inspects your company records to determine if all of its Board of Directors' biographies were saved.
Test 54: Formal Code of ConductDrata inspects your company records to determine if a Code of Conduct is in place and has is before the policy renewal date.
Test 55: Employees Acknowledge the Code of ConductDrata inspects your company records to determine if the Code of Conduct has been been acknowledged by all employees.
Test 56: Data Protection PolicyDrata checks your company records to verify that a Data Protection Policy is in place and that it has not passed its renewal date.
Test 58: New Hire ContractsDrata inspects your company records to determine if there is a sample new hire contract.
Test 59: Job DescriptionsDrata inspects your company records to determine if a URL to its external jobs/careers website has been provided.
Test 60: Engineering Job DescriptionDrata inspects your company records to determine if there is a sample engineering job description.
Test 61: Screensaver Lock Required on Employee ComputersDrata inspects if employee computers have a required password 60 seconds or less after the machine has been idle for at least 15 minutes.
Test 62: Password Manager RequiredDrata inspected your companies' security policies to determine if employees are required to use a password manager for cloud services.
Test 63: Password Manager Records on Employee ComputersDrata inspects your company computers to determine if each is running a password manager.
Test 64: Malware Detection Software InstalledDrata inspects your company computers to determine if each is running an antivirus software.
Test 65: Security Patches Auto-AppliedDrata inspects your company computers to determine if each automatically applies operating system security patches.
Test 66: Hard-Disk Encryption Enabled on Employee ComputersDrata inspects your company computers to determine if each hard-disks is encrypted.
Test 67: Cryptography PolicyDrata inspects your company records to determine if an Encryption Policy is in place and is before the policy renewal date.
Test 68: Customer Data is Encrypted at RestDrata inspects your company configuration of the database(s) storing customer data to determine if the data is encrypted at rest.
Test 69: Customer Data in Cloud Storage is Encrypted at RestDrata inspects your company cloud storage configuration to ensure customer data is encrypted at rest when stored.
Test 70: SSL/TLS Enforced on Company WebsiteDrata makes a request to your company website to see if it's reachable exclusively over HTTPS.
Test 71: SSL/TLS Configuration has No Known IssuesDrata makes a request to your company website to inspect its SSL/TLS configurations and determine if there are any known issues
Test 72: SSL/TLS Certificate has Not ExpiredDrata makes a request to your company website to inspect its SSL/TLS configurations and determine if the SSL certificate is expired.
Test 83: MSAs Offered to CustomersDrata inspects your company records to determine if there is a sample Master Service Agreement (MSA) in place.
Test 84: Privacy Policy Publicly AvailableDrata inspects your company records to determine if a URL to its public Privacy Policy has been provided.
Test 85: Terms of Use Publicly AvailableDrata inspects your company records to determine if a URL to its public Terms of Service has been provided.
Test 86: MFA on Identity ProviderDrata uses its synchronized account delegation with your Identity Provider to request a list of all users and determine if MFA is enabled.
Test 87: MFA on Version Control SystemDrata connects to your companies' Version Control System and pulls all user accounts to determine if each has MFA enabled.
Test 88: MFA on Infrastructure ConsoleDrata connects to the company's infrastructure and pulls a list of IAM accounts' auth configurations to determine if MFA is required.
Test 89: Internal Password Policy for EmployeesDrata inspects your company records to determine if a Password Policy is in place and is before the policy renewal date.
Test 94: Version Control Accounts Removed ProperlyDrata inspects your company records to determine if terminated employee accounts are removed from version control within the specified SLA.
Test 95: Infrastructure Accounts Properly RemovedDrata inspects your company records to determine if terminated employee accounts are removed from the infrastructure provider.
Test 96: Employees have Unique Email AccountsDrata uses its synchronized account delegation with your Identity Provider to verify ownership and authenticity of listed accounts.
Test 97: Employees have Unique Version Control AccountsDrata accesses your company version control system to determine if each account matches to an identity from the company's IdP.
Test 98: Employees have Unique Infrastructure AccountsDrata accesses your company infrastructure provider to determine if each account matches to an identity from the company's IdP.
Test 102: Public SSH DeniedDrata inspects all virtual assets to determine if security groups allow SSH access to public (0.0.0.0/0)
Test 104: Cloud Data Storage ExposureDrata inspects the cloud data storage access configuration(s) to determine if read/write access is configured to restrict public access.
Test 105: Threat Detection in PlaceDrata inspects your company AWS configuration to determine if AWS GuardDuty is in place to detect unauthorized file additions.
Test 106: Has a Backup PolicyDrata inspects your company records to determine if a Backup Policy is in place and is before the policy renewal date.
Test 107: Daily Database BackupsDrata inspects your company backup configuration from its infrastructure provider to determine if the backup schedule is set to daily.
Test 108: Storage Data Versioned or RetainedDrata inspects all data stores to determine if the data versioning configuration is enabled.
Test 109: Logs are Centrally StoredDrata inspects your company system configuration for collecting and storing logs to ensure logs are deposited in a central location.
Test 110: Only Authorized Users can Access Log SinksDrata inspects the access policy for the infrastructure logging system to determine if only authorized users can access log sinks.
Test 111: Logs are Retained for 365 DaysDrata inspects the retention policy for the infrastructure logging system to determine if the logs are being archived in long-term storage.
Test 112: Database CPU MonitoredDrata inspects your company alerting and monitoring configuration to determine if server CPUs are monitored, with appropriate alerts.
Test 113: Database Free Storage Space MonitoredDrata inspects your company database monitoring configuration to determine if free storage space is monitored, with appropriate alerts.
Test 114: Database Read I/O MonitoredDrata inspects your company database monitoring configuration to determine if I/O is monitored, with appropriate alerts.
Test 115: Messaging Queue Message Age MonitoredDrata inspects your company messaging queue monitoring configuration to determine if message age is monitored, with appropriate alerts.
Test 116: NoSQL Cluster CPU Load MonitoredInspects NoSQL cluster monitor and alert configurations to determine if CPU load is monitored and alerts when defined thresholds are crossed
Test 117: NoSQL Cluster Storage Utilization MonitoredDrata inspects your company NoSQL cluster configuration to determine if storage utilization is monitored, with appropriate alerts.
Test 118: Infrastructure Instance CPU MonitoredDrata inspects your company server monitoring configuration to determine if server CPU use is monitored, with appropriate alerts.
Test 119: Firewall Default Disallows TrafficDrata inspects your company firewall configuration files to determine if they are configured to deny all traffic not explicitly allowed.
Test 121: Logs Monitored for Suspicious ActivityDrata inspects the company infrastructure logs to determine that it is configured to monitor web traffic and suspicious activity.
Test 122: Web Application Firewall in PlaceDrata inspects the WAF configurations to determine if WAF is appropriately deployed and configured to appropriately block malicious traffic.
Test 123: Cloud Infrastructure Linked to DrataDrata inspects your company cloud infrastructure to ensure it is successfully linked to Drata.
Test 124: Root Infrastructure Account UnusedDrata inspects your company infrastructure provider configurations to determine if the Root account is unused.
Test 127: Security Policies Cover EncryptionDrata inspects your company security policies to determine if they explain the procedures for encrypting sensitive data.
Test 128: Physical Security PolicyDrata inspects your company records to determine if a Physical Security Policy is in place and currently valid.
Test 129: Capacity and Usage MonitoringDrata inspects your companies' processing capacity and usage reports to determine if processing capacity and usage is monitored.
Test 130: Load Balancer UsedDrata inspects your company infrastructure to determine if Load Balancers are configured to balance between multiple availability zones.
Test 131: Autoscale Server InstancesDetermine if autoscaling was in place to provision new compute resources when predefined capacity thresholds are met.
Test 132: Daily backup job status monitoredDrata inspected company's database snapshot history and determined a successful snapshot is available for the previous day.
Test 133: Failed Backup Alerts Being SentInfrastructure configurations and confirmed that alerts are configured to be sent to personnel when the backup process fails.
Test 134: Failed Backups Addressed in Timely MannerDrata inspected infrastructure configuration and confirmed that failed backups were resolved in a timely manner.
Test 136: Data Retention PolicyDrata inspects your records to determine if a valid, approved Data Deletion Policy is in place with a data retention period specified.
Test 137: Data Classification PolicyDrata inspects your company records to determine if a Data Classification Policy is in place and currently valid.
Test 138: Deleting Customer Data Upon Terminated ContractDrata inspects your company records to determine if a valid, approved Data Deletion Policy is in place that specifies data deletion periods.
Test 141: Clean Desk PolicyDrata inspects your company records to determine if a Information Security Policy is in place and approved within the last 12 months.
Test 143: Sensitive Data Disposal PolicyDrata inspects your company records to determine if an Information Security Policy is in place and is before the policy renewal date.
Test 205: CloudTrail log file integrity validation enabledDrata validates that AWS CloudTrail log validation is enabled on all trails.
Test 206: SQL Freeable Memory MonitoredDetermine if freeable memory is monitored and alerts to personnel are sent when defined thresholds are crossed.
Test 208: Excessive Privileges Assigned
Test 209: External Exposure of Cloud Resources
Test 210: Encryption in Transit
Test 214: MFA for AWS Root AccountDrata validates that multi-factor authentication (MFA) is enabled for the root user account in AWS.
Test 215: AWS IAM Password Minimum LengthDrata validates that the AWS IAM password policy requires a minimum length of 14 characters or greater.
Test 216: AWS IAM Password ReuseDrata validates that AWS IAM password policy is configured to prevent reuse of any of the last 24 passwords.
Test 217: AWS IAM Group-Based Access ControlDrata validates that IAM users are granted permissions only through groups and no users with inline policy or direct policy attachments.
Test 218: AWS EBS Volume EncryptionValidates that default encryption for elastic block store (EBS) volume creation is enabled for every region where EC2 instances are detected
Test 219: AWS RDS Auto Minor Version UpgradeDrata validates that the automatic minor version upgrade feature is enabled for AWS RDS instances.
Test 220: AWS RDS Public Access RestrictedDrata validates that AWS RDS database instances do not allow unrestricted public access (0.0.0.0/0).
Test 221: AWS S3 Bucket Access LoggingDrata validates that AWS S3 bucket access logging is enabled on the AWS CloudTrail S3 bucket.
Test 222: AWS CloudTrail Logs EncryptedDrata validates that AWS CloudTrail logs are encrypted at rest using AWS KMS customer created master keys (CMKs).
Test 223: AWS CMK RotationDrata validates that key rotation is enabled for customer-created symmetric customer master keys (CMKs) in AWS Key Management Service (KMS).
Test 224: AWS VPC Flow LoggingDrata validates that VPC flow logging is enabled in all AWS VPCs.
Test 225: Hardware MFA for AWS Root AccountDrata validates that hardware MFA is enabled for the root user account in AWS.
Test 226: AWS S3 Object-Level Logging for Read & Write EventsDrata validates that object-level logging for read and write events is enabled for AWS S3 buckets.
Test 227: AWS Network ACLs Public Remote Server Administration Access Restricted
Test 228: AWS Security Groups Restrict Public RDP Access
Test 229: AWS IAM Unused CredentialsDrata validated that all credentials (e.g., passwords, access keys) for IAM users have been used within the last 45 days.
Test 230: AWS IAM Principle of Least PrivilegeDrata validates that AWS IAM policies that allow broad access patterns or wild-card permissions (e.g., '*') are not used.
Test 231: AWS EFS Encrypted at RestDrata validates that AWS Elastic File System (EFS) data is encrypted at rest using AWS KMS for all regions.
Test 232: AWS IAM Access Key RotationDrata validated that all AWS IAM access keys have a key age of less than 90 days.
Test 233: AWS VPC Default Security Groups Restrict All TrafficDrata validates that all AWS VPC default security groups are configured to restrict all traffic.
Test 234: AWS S3 HTTP Requests DeniedDrata validates that access policies for AWS S3 buckets are set to deny unencrypted, HTTP requests.
Test 243: Azure Log Alert for Create Policy AssignmentDrata validates that an activity log alert for the 'Create Policy Assignment' event exists in Azure.
Test 244: Azure Log Alert for Delete Public IP AddressDrata validates that an activity log alert for the 'Delete Public IP Address' event exists in Azure.
Test 245: Azure Log Alert for Delete Policy AssignmentDrata validates that an activity log alert for the 'Delete Policy Assignment' event exists in Azure.
Test 246: Azure Log Alert for Create or Update Network Security GroupDrata validates that an activity log alert for the 'Create or Update Network Security Group' event exists in Azure.
Test 247: Azure Log Alert for Delete Network Security GroupDrata validates that an activity log alert for the 'Delete Network Security Group' event exists in Azure.
Test 248: Azure Log Alert for Create or Update Security SolutionDrata validates that an activity log alert for the 'Create or Update Security Solution' event exists in Azure.
Test 249: Azure Log Alert for Delete Security SolutionDrata validates that an activity log alert for the 'Delete Security Solution' event exists in Azure.
Test 250: Azure Log Alert for Create or Update SQL Server Firewall RuleDrata validates that an activity log alert for the 'Create or Update SQL Server Firewall Rule' event exists in Azure.
Test 251: Azure Log Alert for Delete SQL Server Firewall RuleDrata validates that an activity log alert for the 'Delete SQL Server Firewall Rule' event exists in Azure.
Test 252: Azure Log Alert for Create or Update Public IP Address ruleDrata validates that an activity log alert for the 'Create or Update Public IP Address rule' event exists in Azure.
Test 253: Azure Storage Accounts Accessed Via Private EndpointsDrata validates that private endpoints are used to access Azure Storage Accounts.
Test 254: Azure Key Vaults Key ExpirationDrata validates that an expiration date is set for all enabled keys in Azure key vaults.
Test 256: Azure SQL Servers AuditingDrata validates that Azure SQL servers auditing is enabled for SQL servers.
Test 257: Azure PostgreSQL Database Server Log CheckpointsDrata validates that 'log_checkpoints' is enabled for all Azure PostgreSQL database servers.
Test 263: Azure Storage Accounts Secure TLS ConfigurationDrata validates that the 'Minimum TLS version' for Azure storage accounts is set to TLS version 1.2.
Test 268: Azure Network Security Group SSH Public Access RestrictedDrata validates that no network security groups in Azure have inbound rules that allow unrestricted access to SSH port (22).
Test 269: Azure App Service Web App Redirects HTTP Traffic to HTTPSDrata validates that Web Apps in Azure App Service redirect non-secure HTTP traffic to HTTPS.
Test 270: Azure SQL Data EncryptionDrata validates that data encryption is enabled on all Azure SQL server databases.
Test 290: AWS Database Writes I/O MonitoredDrata validates that AWS database clusters and database instances have a CloudWatch metric alarm for writes I/O for each cluster or instance
Test 291: AWS Security Groups HTTP Access RestrictedDrata validates that AWS Security Groups restrict inbound HTTP access (Port 80) to specific IP or IP ranges only.
Test 292: AWS EC2 Instances IMDSv1 DisabledDrata validates that active AWS EC2 instances have Instance MetaData Service Version 1 (IMDSv1) disabled.
Test 293: AWS Classic Load Balancer Latency MonitoredValidates that all AWS Classic Load Balancers have a CloudWatch metric alarm for latency and that the alarm is subscribed to an SNS topic.
Test 294: AWS Application Load Balancer Target Response Time MonitoredValidates AWS Application Load Balancers have CloudWatch metric alarm for target response time and each alarm is subscribed to an SNS topic.
Test 295: AWS Classic Load Balancer Server Errors MonitoredValidates that all AWS Classic Load Balancers have a CloudWatch metric alarm (subscribed to an SNS topic) for server errors.
Test 296: AWS Application Load Balancer Server Errors MonitoredDrata validates that all AWS Application Load Balancers have a CloudWatch metric alarm (subscribed to an SNS topic) for server errors.
Test 297: AWS Classic Load Balancer Unhealthy Hosts MonitoredDrata validates that all AWS Classic Load Balancers have a CloudWatch metric alarm (subscribed to an SNS topic) for unhealthy hosts count.
Test 298: AWS Application Load Balancer Unhealthy Hosts MonitoredValidates that all AWS Application Load Balancers have a CloudWatch metric alarm (subscribed to an SNS topic) for unhealthy hosts count.
Test 299: AWS Application Load Balancer Redirects HTTP to HTTPSDrata validates that for all AWS Application Load Balancer listeners, there is has a rule that redirects unencrypted HTTP traffic to HTTPS.
Test 300: AWS Lambda Error Rate MonitoredDrata validates that all AWS Lambda functions have a CloudWatch metric alarm for error rate.
Test 301: AWS DynamoDB Point-in-Time Recovery EnabledDrata validates that each DynamoDB table has point-in-time recovery status set to enabled.
Test 310: Audit Logs Enabled for EKS Clusters
Example Evidence Gitlab On-Prem