All Collections
Monitoring
Continuous, automated testing of your security controls
121 articles
Monitoring
Mapping Tests and Controls
Best practice security controls for logging
How to manually run a control test anytime
Exclusions
How to Disable a Test
Exclusions vs. Disabling a Test
Test: Logs Are Monitored For Suspicious Activity
Test: Termination Process and Checklist
Test: Sensitive Data Disposal Policy
Test: Clean Desk Policy
Test: Deleting Customer Data Upon Terminated Contract
Test: Data Retention Policy
Test: Backups Checked for Integrity
Test: Failed Backup Alerts Being Sent
Test: Capacity and Usage Monitoring
Test: Security Policies Cover Encryption
Test: Cloud Infrastructure Linked to Drata
Test: NoSQL Cluster CPU Load Monitored
Test: Logs are Retained for 365 Days
Test: Only Authorized Users can Access Log Sinks
Test: Logs are Centrally Stored
Test: Storage Data Versioned or Retained
Test: Threat Detection
Test: Terms of Use Publicly Available
Test: Privacy Policy Publicly Available
Test: MSAs Offered to Customers
Test: Hard Disk Encryption Enabled
Test: Screensaver Lock Required on Employee Computers
Test: Engineering Job Description
Test: Job Descriptions
Test: New Hire Contracts
Test: Contractor Background Checks
Test: Employee Background Checks
Test: Performance Evaluation Process
Test: Security Awareness Training Completed
Test: Policies for Security Awareness Training
Test: Policies for a Security Team
Test: Only Authorized Employees Change Code
Test: Only Authorized Employees Access Version Control
Test: Root Infrastructure Account Unused
Test: Daily Database Backups
Test: Cloud Data Storage Exposure
Test: Employees have Unique Infrastructure Accounts
Test: Employees have Unique Version Control Accounts
Test: Infrastructure Accounts Properly Removed
Test: Version Control Accounts Removed Properly
Test: MFA on Infrastructure Console
Test: Password Manager Required
Test: Production Code Changes Restricted
Test: Data Classification Policy
Test: Load Balancer Used
Test: Physical Security Policy
Test: Web Application Firewall in Place
Test: Firewall Default Disallows Traffic
Test: Infrastructure Instance CPU Monitored
Test: NoSQL Cluster Storage Utilization Monitored
Test: Messaging Queue Message Age Monitored
Test: Database Read I/O Monitored
Test: Database Free Storage Space Monitored
Test: Database CPU Monitored
Test: Public SSH Denied
Test: Internal Password Policy for Employees
Test: Customer Data in Cloud Storage is Encrypted at Rest
Test: Customer Data is Encrypted at Rest
Test: Cryptography Policy
Test: Security Patches Auto-Applied
Test: Malware Detection Software Installed
Test: Employees Acknowledge the Data Protection Policy
Test: Data Protection Policy
Test: Employees Acknowledge the Code of Conduct
Test: Formal Code of Conduct
Test: Independent Board of Directors
Test: Contractors Acknowledge the Acceptable Use Policy
Test: Contractors Acknowledge the Code of Conduct
Test: Employees Acknowledge the Acceptable Use Policy
Test: Acceptable Use Policy
Test: Security Policies are Reviewed
Test: Policies are Acknowledge
Test: Has Security Policies
Test: Has a SDLC Policy
Test: IRP Includes Lessons Learned
Test: IRP Designates Responsible Team Members
Test: Incident Response Plan (IRP)
Test: Policies for Tracking Security Items
Test: Availability Zones Used
Test: Disaster Recovery Plan
Test: SLA for Security Bugs
Test: Security Issues are Prioritized
Test: Vulnerability Scanning
Test: Risk Assessment Policy
Test: Maintains Organization Chart
Test: Information Security Policy
Test: System Access Control Policy
Test: Process for Responsible Disclosure
Test: Contact Information Available to Customers
Test: Formal Code Review Process
Test: A Version Control System is being Used
Test: Least Privilege Policy for Customer Data Access
Test: SSL/TLS on Admin Page of Infrastructure Console
Test: Policies Cover Employee Confidentiality
Test: Policies Cover Employee Access
Test: Backup Policy
Test: Employees have Unique Email Accounts
Test: MFA on Version Control System
Test: MFA on Identity Provider
Test: SSL Certification has Not Expired
Test: SSL/TLS Configuration has No Known Issues
Test: SSL/TLS Enforced on Company Website
Test: Password Manager Records
Test: External Exposure for Cloud Resources
Test: Excessive Privileges Assigned
Test: Encryption in Transit
Test: Critical Vulnerabilities Addressed
Test: High Vulnerabilities Addressed