Skip to main content
All Collections
Monitoring
Monitoring

Continuous, automated testing of your security controls

121 articles
Monitoring
Mapping Tests and Controls
Best practice security controls for logging
How to manually run a control test anytime
Exclusions
How to Disable a Test
Exclusions vs. Disabling a Test

Test: Logs Are Monitored For Suspicious Activity
Test: Termination Process and Checklist
Test: Sensitive Data Disposal Policy
Test: Clean Desk Policy
Test: Deleting Customer Data Upon Terminated Contract
Test: Data Retention Policy
Test: Backups Checked for Integrity
Test: Failed Backup Alerts Being Sent
Test: Capacity and Usage Monitoring
Test: Security Policies Cover Encryption
Test: Cloud Infrastructure Linked to Drata
Test: NoSQL Cluster CPU Load Monitored
Test: Logs are Retained for 365 Days
Test: Only Authorized Users can Access Log Sinks
Test: Logs are Centrally Stored
Test: Storage Data Versioned or Retained
Test: Threat Detection
Test: Terms of Use Publicly Available
Test: Privacy Policy Publicly Available
Test: MSAs Offered to Customers
Test: Hard Disk Encryption Enabled
Test: Screensaver Lock Required on Employee Computers
Test: Engineering Job Description
Test: Job Descriptions
Test: New Hire Contracts
Test: Contractor Background Checks
Test: Employee Background Checks
Test: Performance Evaluation Process
Test: Security Awareness Training Completed
Test: Policies for Security Awareness Training
Test: Policies for a Security Team
Test: Only Authorized Employees Change Code
Test: Only Authorized Employees Access Version Control
Test: Root Infrastructure Account Unused
Test: Daily Database Backups
Test: Cloud Data Storage Exposure
Test: Employees have Unique Infrastructure Accounts
Test: Employees have Unique Version Control Accounts
Test: Infrastructure Accounts Properly Removed
Test: Version Control Accounts Removed Properly
Test: MFA on Infrastructure Console
Test: Password Manager Required
Test: Production Code Changes Restricted
Test: Data Classification Policy
Test: Load Balancer Used
Test: Physical Security Policy
Test: Web Application Firewall in Place
Test: Firewall Default Disallows Traffic
Test: Infrastructure Instance CPU Monitored
Test: NoSQL Cluster Storage Utilization Monitored
Test: Messaging Queue Message Age Monitored
Test: Database Read I/O Monitored
Test: Database Free Storage Space Monitored
Test: Database CPU Monitored
Test: Public SSH Denied
Test: Internal Password Policy for Employees
Test: Customer Data in Cloud Storage is Encrypted at Rest
Test: Customer Data is Encrypted at Rest
Test: Cryptography Policy
Test: Security Patches Auto-Applied
Test: Malware Detection Software Installed
Test: Employees Acknowledge the Data Protection Policy
Test: Data Protection Policy
Test: Employees Acknowledge the Code of Conduct
Test: Formal Code of Conduct
Test: Independent Board of Directors
Test: Contractors Acknowledge the Acceptable Use Policy
Test: Contractors Acknowledge the Code of Conduct
Test: Employees Acknowledge the Acceptable Use Policy
Test: Acceptable Use Policy
Test: Security Policies are Reviewed
Test: Policies are Acknowledge
Test: Has Security Policies
Test: Has a SDLC Policy
Test: IRP Includes Lessons Learned
Test: IRP Designates Responsible Team Members
Test: Incident Response Plan (IRP)
Test: Policies for Tracking Security Items
Test: Availability Zones Used
Test: Disaster Recovery Plan
Test: SLA for Security Bugs
Test: Security Issues are Prioritized
Test: Vulnerability Scanning
Test: Risk Assessment Policy
Test: Maintains Organization Chart
Test: Information Security Policy
Test: System Access Control Policy
Test: Process for Responsible Disclosure
Test: Contact Information Available to Customers
Test: Formal Code Review Process
Test: A Version Control System is being Used
Test: Least Privilege Policy for Customer Data Access
Test: SSL/TLS on Admin Page of Infrastructure Console
Test: Policies Cover Employee Confidentiality
Test: Policies Cover Employee Access
Test: Backup Policy
Test: Employees have Unique Email Accounts
Test: MFA on Version Control System
Test: MFA on Identity Provider
Test: SSL Certification has Not Expired
Test: SSL/TLS Configuration has No Known Issues
Test: SSL/TLS Enforced on Company Website
Test: Password Manager Records
Test: External Exposure for Cloud Resources
Test: Excessive Privileges Assigned
Test: Encryption in Transit
Test: Critical Vulnerabilities Addressed
Test: High Vulnerabilities Addressed