All Collections
Monitoring
Continuous, automated testing of your security controls
160 articles
Monitoring
Mapping Tests and Controls
Best practice security controls for logging
How to manually run a control test anytime
Exclusions
How to Disable a Test
Exclusions vs. Disabling a Test
Enable AI Summaries for Tests
Test: Logs Are Monitored For Suspicious Activity
Test: Termination Process and Checklist
Test: Sensitive Data Disposal Policy
Test: Clean Desk Policy
Test: Deleting Customer Data Upon Terminated Contract
Test: Data Retention Policy
Test: Backups Checked for Integrity
Test 134: Failed Backups Addressed in Timely Manner
Test 133: Failed Backup Alerts Being Sent
Test: Capacity and Usage Monitoring
Test: Security Policies Cover Encryption
Test: Cloud Infrastructure Linked to Drata
Test: NoSQL Cluster CPU Load Monitored
Test: Logs are Retained for 365 Days
Test: Only Authorized Users can Access Log Sinks
Test: Logs are Centrally Stored
Test: Storage Data Versioned or Retained
Test: Threat Detection
Test: Terms of Use Publicly Available
Test: Privacy Policy Publicly Available
Test: MSAs Offered to Customers
Test: Hard Disk Encryption Enabled
Test: Screensaver Lock Required on Employee Computers
Test: Engineering Job Description
Test: Job Descriptions
Test: New Hire Contracts
Test: Contractor Background Checks
Test: Employee Background Checks
Test: Performance Evaluation Process
Test: Security Awareness Training Completed
Test: Policies for Security Awareness Training
Test: Policies for a Security Team
Test: Only Authorized Employees Change Code
Test: Only Authorized Employees Access Version Control
Test: Root Infrastructure Account Unused
Test: Daily Database Backups
Test: Cloud Data Storage Exposure
Test: Employees have Unique Infrastructure Accounts
Test: Employees have Unique Version Control Accounts
Test: Infrastructure Accounts Properly Removed
Test: Version Control Accounts Removed Properly
Test: MFA on Infrastructure Console
Test: Password Manager Required
Test: Production Code Changes Restricted
Test: Data Classification Policy
Test: Load Balancer Used
Test: Physical Security Policy
Test: Web Application Firewall in Place
Test: Firewall Default Disallows Traffic
Test: Infrastructure Instance CPU Monitored
Test: NoSQL Cluster Storage Utilization Monitored
Test: Messaging Queue Message Age Monitored
Test: Database Read I/O Monitored
Test: Database Free Storage Space Monitored
Test: Database CPU Monitored
Test: Public SSH Denied
Test: Internal Password Policy for Employees
Test: Customer Data in Cloud Storage is Encrypted at Rest
Test: Customer Data is Encrypted at Rest
Test: Cryptography Policy
Test: Security Patches Auto-Applied
Test: Malware Detection Software Installed
Test: Employees Acknowledge the Data Protection Policy
Test: Data Protection Policy
Test: Employees Acknowledge the Code of Conduct
Test: Formal Code of Conduct
Test: Independent Board of Directors
Test: Contractors Acknowledge the Acceptable Use Policy
Test: Contractors Acknowledge the Code of Conduct
Test: Employees Acknowledge the Acceptable Use Policy
Test: Acceptable Use Policy
Test: Security Policies are Reviewed
Test: Policies are Acknowledge
Test: Has Security Policies
Test: Has a SDLC Policy
Test: IRP Includes Lessons Learned
Test: IRP Designates Responsible Team Members
Test: Incident Response Plan (IRP)
Test: Policies for Tracking Security Items
Test: Availability Zones Used
Test: Disaster Recovery Plan
Test: SLA for Security Bugs
Test: Security Issues are Prioritized
Test: Vulnerability Scanning
Test: Risk Assessment Policy
Test: Maintains Organization Chart
Test: Information Security Policy
Test: System Access Control Policy
Test: Process for Responsible Disclosure
Test: Contact Information Available to Customers
Test: Formal Code Review Process
Test: A Version Control System is being Used
Test: Least Privilege Policy for Customer Data Access
Test: SSL/TLS on Admin Page of Infrastructure Console
Test: Policies Cover Employee Confidentiality
Test: Policies Cover Employee Access
Test: Backup Policy
Test: Employees have Unique Email Accounts
Test: MFA on Version Control System
Test: MFA on Identity Provider
Test: SSL Certification has Not Expired
Test: SSL/TLS Configuration has No Known Issues
Test: SSL/TLS Enforced on Company Website
Test: Password Manager Records
Test: External Exposure for Cloud Resources
Test: Excessive Privileges Assigned
Test: Encryption in Transit
Test 229: AWS IAM Unused Credentials
Test 232: AWS IAM Access Key Rotation
Test 217: AWS IAM Group-Based Access Control
Test 230: AWS IAM Principle of Least Privilege
Test 214: MFA for AWS Root Account
Test 225: Hardware MFA for AWS Root Account
Test 215: AWS IAM Password Minimum Length
Test 216: AWS IAM Password Reuse
Test 221: AWS S3 Bucket Access Logging
Test 222: AWS CloudTrail Logs Encrypted
Test 223: AWS CMK Rotation
Test 224: AWS VPC Flow Logging
Test 227: AWS Network ACLs Public Remote Server Administration Access Restricted
Test 228: AWS Security Groups Restrict Public RDP Access
Test 233: AWS VPC Default Security Groups Restrict All Traffic
Test 234: AWS S3 HTTP Requests Denied
Test 218: AWS EBS Volume Encryption
Test 219: AWS RDS Auto Minor Version Upgrade
Test 220: AWS RDS Public Access Restricted
Test 231: AWS EFS Encrypted at Rest
Test 226: AWS S3 Object-Level Logging for Read & Write Events
Test 290: AWS Database Writes I/O Monitored
Test 291: AWS Security Groups HTTP Access Restricted
Test 292: AWS EC2 Instances IMDSv1 Disabled
Test 293: AWS Classic Load Balancer Latency Monitored
Test 294: AWS Application Load Balancer Target Response Time Monitored
Test 295: AWS Classic Load Balancer Server Errors Monitored
Test 296: AWS Application Load Balancer Server Errors Monitored
Test 297: AWS Classic Load Balancer Unhealthy Hosts Monitored
Test 298: AWS Application Load Balancer Unhealthy Hosts Monitored
Test 299: AWS Application Load Balancer Redirects HTTP to HTTPS
Test 300: AWS Lambda Error Rate Monitored
Test: Critical Vulnerabilities Addressed
Test: High Vulnerabilities Addressed
Test 206: SQL Freeable Memory Monitored
Test 205: CloudTrail log file integrity validation enabled
Test 301: AWS DynamoDB Point-in-Time Recovery Enabled
Test 132: Daily backup job status monitored
October 2024 Release: AWS Drata test