Getting Started with Tests

  • Updated

Before starting these tasks, be sure to link as many of your connections to Vanta as possible. You can connect your integrations using our in-product wizard on the connections page. Test management is critical to your continued security monitoring and setting up for a smooth and easy audit.

The tests will be separated by category, and each test will show who is assigned to the test, and the test status.

 

Screenshot 2024-06-14 at 9.09.25 AM.png

 

For some quick wins for a successful audit, make sure the following tests are enabled:

 

Turn on MFA for systems you’ve integrated with Vanta

  • MFA on G Suite
    *This monitor can take up to two days to pass after updating the setting
  • MFA on infrastructure provider
  • MFA on version control tool

 

Update your SSL configurations

  • SSL certificate has not expired
  • SSL configuration has no known issues
  • SSL enforced on the company website
  • Strong SSL/TLS ciphers used

 

Deny public SSH in your infrastructure resources

  • Public SSH denied

 

Ensure the root account is not used

  • Root infrastructure account unused

 

Add pull request templates and require code approval in your codebase

  • Application changes reviewed
  • Security impact considered in pull requests (GitHub)

 

Upload organization documentation

  • Add job descriptions for key security roles
  • Add a new hire contract
  • Add your company organization chart
  • Add a sample of an internal communications sample about a significant product change