Before starting these tasks, link as many of your connections to Vanta as possible. You can connect your integrations using our in-product wizard on the connections page. Test management is critical to your continued security monitoring and to setting up a smooth audit.
The tests will be separated by category, and each test will show who is assigned to it and its status.
For some quick wins for a successful audit, make sure the following tests are enabled:
Turn on MFA for systems you’ve integrated with Vanta
MFA on G Suite
*This monitor can take up to two days to pass after updating the settingMFA on infrastructure provider
MFA on version control tool
Update your SSL configurations
SSL certificate has not expired
SSL configuration has no known issues
SSL enforced on the company website
Strong SSL/TLS ciphers used
Deny public SSH in your infrastructure resources
Public SSH denied
Ensure the root account is not used
Root infrastructure account unused
Add pull request templates and require code approval in your codebase
Application changes reviewed
Security impact considered in pull requests (GitHub)
Upload organization documentation
Add job descriptions for key security roles
Add a new hire contract
Add your company organization chart
Add a sample of an internal communications sample about a significant product change