Understanding "Pass by Default" Tests in Vanta

  • Updated

What is a "Pass by Default" Test?

  • A test passes by default when the security configurations being assessed are integral to an integrated service. Essentially, these configurations are built-in and enabled by default, with no option for user configuration. When Vanta detects such configurations during an audit, the test automatically passes.

pass-by-default.png

Why Do "Pass by Default" Tests Exist?

  • Speeding Up Your Audit Process: "Pass by default" tests are designed to streamline your audit process. They save valuable time by quickly identifying integrated services with built-in security features already compliant with the required standards. This feature reinforces Vanta's commitment to expediting your audit procedures.

  • Ensuring Accuracy: Vanta takes the accuracy of its tests seriously. Our team regularly validates "Pass by default" tests to ensure they remain accurate. If an integrated service changes its built-in features, we promptly update the test to reflect these changes. This commitment to accuracy ensures that your audits are always based on the most up-to-date information.

How Are "Pass by Default" Tests Conducted?

  • By default, Vanta checks an integrated service's configurations for compliance if an API for that service exists. When an API doesn't exist the assessment is based on the integrated service's security documentation. This approach maintains a reliable evaluation of your integrated services.