| Access Control |
Access Control - Account Deactivation Timeliness |
 |
| Asset Management |
Asset Management - Asset Discovery Coverage |
|
| Data Protection |
Data Protection - Volume Encryption Coverage |
 |
| Disaster Recovery |
Disaster Recovery - Backup Configuration Coverage |
|
|
Disaster Recovery - Backup Success Rate |
 |
| Identity Management |
Identity Management - Multi-Factor Authentication Coverage |
|
|
Identity Management - Password Rotation Compliance |
|
|
Identity Management - Inactive Account Detection |
|
|
Identity Management - Privileged Account Control |
|
| Malware Protection |
Malware Protection - Agent Deployment Coverage |
|
| Network Security |
Network Security - DNS Domains Expiring Within the Next Month |
|
|
Network Security - DNS Domains with SPF configured |
|
|
Network Security - DNS Domains with DMARC Configured |
|
|
Network Security - External endpoints with insecure ports exposed |
|
|
Network Security - External endpoints protected by a WAF |
|
| Software Development |
SDLC - Repositories with SAST / DAST scanning enabled |
|
|
SDLC - Repositories without exploitable vulnerabilities |
|
|
SDLC - Repositories without exploitable vulnerabilities remediated within SLO |
|
| User Security |
User Security - Awareness Training Completion |
|
| Vulnerability Management |
Vulnerability Management - Agent Deployment Coverage |
|
|
Systems with an up-to-date vulnerability database deployed |
|
|
End-of-life - Systems running vendor-supported software |
|
|
Vulnerabilities not remediated within SLO - exploitable patchable critical and high |
|
|
Application vulnerabilities not mitigated within SLO - non-patchable exploitable |
|
|
OS vulnerabilities not mitigated within SLO - non-patchable exploitable |
|
|
Vulnerabilities not remediated within SLO - patchable |
|
|
Application vulnerabilities not remediated within SLO - patchable exploitable |
|
|
OS vulnerabilities not remediated within SLO - patchable exploitable |
|
|
OS vulnerabilities not remediated within SLO - patchable non-exploitable |
|
|
Systems without non-patchable exploitable application vulnerabilities |
|
|
Systems without non-patchable exploitable OS vulnerabilities |
|
|
Systems without non-patchable non-exploitable application vulnerabilities |
|
|
Systems without non-patchable non-exploitable OS vulnerabilities |
|
|
Systems without patchable exploitable application vulnerabilities |
|
|
Systems without patchable exploitable OS vulnerabilities |
|
|
Systems without patchable non-exploitable application vulnerabilities |
|
|
Systems without patchable non-exploitable OS vulnerabilities |
|