| Asset Management |
Assets known to Asset Management |
 |
| Data Protection |
Systems with their volumes encrypted |
 |
| Disaster Recovery |
Systems with backups configured per their SLO |
|
|
Systems that has had a successful backup per their SLO |
 |
| Identity Management |
Identities with MFA |
|
|
Identity - Credentials - Regular Password Rotation |
|
|
Identity - Inactive Identities |
|
|
Accounts without Admin privileges |
|
| Malware Protection |
Systems with an up-to-date agent deployed |
|
| Network Security |
Network Security - DNS Domains Expiring Within the Next Month |
|
|
Network Security - DNS Domains with SPF configured |
|
|
Network Security - DNS Domains with DMARC Configured |
|
|
Network Security - External endpoints with insecure ports exposed |
|
|
Network Security - External endpoints protected by a WAF |
|
| Software Development |
SDLC - Repositories with SAST / DAST scanning enabled |
|
|
SDLC - Repositories without exploitable vulnerabilities |
|
|
SDLC - Repositories without exploitable vulnerabilities remediated within SLO |
|
| User Security |
Users completed awareness training in the last 12 months |
|
| Vulnerability Management |
Systems with an up-to-date agent deployed |
|
|
Systems with an up-to-date vulnerability database deployed |
|
|
End-of-life - Systems running vendor-supported software |
|
|
Vulnerabilities not remediated within SLO - critical and high |
|
|
Vulnerabilities not remediated within SLO - exploitable |
|
|
Vulnerabilities not remediated within SLO - exploitable patchable |
|
|
Vulnerabilities not remediated within SLO - exploitable patchable critical and high |
|
|
Vulnerabilities not remediated within SLO - patchable |
|
|
Systems without vulnerabilities - exploitable and patchable critical and high |
|
|
Systems without vulnerabilities - exploitable and patchable critical and high |
|
|
Systems without vulnerabilities in 48 hours - exploitable or critical and high |
|
|
Systems without vulnerabilities - exploitable and patchable critical and high |
|
|
Systems without vulnerabilities - exploitable and patchable critical and high |
|
|
Systems without vulnerabilities - non critical patched in 2 weeks |
|
|
Systems without vulnerabilities - non critical patched in a month |
|
|
Systems without vulnerabilities - exploitable and patchable critical and high |
|