Before starting these tasks, be sure to link as many of your connections to Vanta as possible. You can connect your integrations using our in-product wizard on the connections page. Test management is critical to your continued security monitoring and setting up for a smooth and easy audit.
The tests will be separated by category, and each test will show who is assigned to the test, and the test status.
For some quick wins for a successful audit, make sure the following tests are enabled:
Turn on MFA for systems you’ve integrated with Vanta
- MFA on G Suite
*This monitor can take up to two days to pass after updating the setting - MFA on infrastructure provider
- MFA on version control tool
Update your SSL configurations
- SSL certificate has not expired
- SSL configuration has no known issues
- SSL enforced on the company website
- Strong SSL/TLS ciphers used
Deny public SSH in your infrastructure resources
- Public SSH denied
Ensure the root account is not used
- Root infrastructure account unused
Add pull request templates and require code approval in your codebase
- Application changes reviewed
- Security impact considered in pull requests (GitHub)
Upload organization documentation
- Add job descriptions for key security roles
- Add a new hire contract
- Add your company organization chart
- Add a sample of an internal communications sample about a significant product change
Updated