Be sure to link as many of your connections to Vanta as possible before starting these tasks. You can connect your integrations using our in-product wizard on the connections page. Test management is a critical component of your continued security monitoring and setting up for a smooth and easy audit.
The tests will be separated by category, and each test will show who is assigned to the test, the status of the test.
For some quick wins for a successful audit, make sure the following tests are enabled:
Turn on MFA for systems you’ve integrated with Vanta
- MFA on G Suite
*This test can take up to two days to pass after updating the setting - MFA on infrastructure provider
- MFA on version control tool
Update your SSL configurations
- SSL certificate has not expired
- SSL configuration has no known issues
- SSL enforced on the company website
- Strong SSL/TLS ciphers used
Deny public SSH in your infrastructure resources
- Public SSH denied
Ensure the root account is not used
- Root infrastructure account unused
Add pull requests templates and require code approval in your codebase
- Application changes reviewed
- Security impact considered in pull requests (GitHub)
Upload organization documentation
- Add job descriptions for key security roles
- Add a new hire contract
- Add your company organization chart
- Add a sample of an internal communications sample about a significant product change