Be sure to link as many of your connections to Vanta as possible before starting these tasks. You can connect your integrations using our in-product wizard on the connections page. Test management is a critical component of your continued security monitoring and setting up for a smooth and easy audit.

The tests will be separated by category, and each test will show who is assigned to the test, the status of the test.

 

Screen_Shot_2022-09-12_at_12.40.26_PM.png

 

 

For some quick wins for a successful audit, make sure the following tests are enabled:

 

Turn on MFA for systems you’ve integrated with Vanta

  • MFA on G Suite
    *This test can take up to two days to pass after updating the setting
  • MFA on infrastructure provider
  • MFA on version control tool

 

Update your SSL configurations

  • SSL certificate has not expired
  • SSL configuration has no known issues
  • SSL enforced on the company website
  • Strong SSL/TLS ciphers used

 

Deny public SSH in your infrastructure resources

  • Public SSH denied

 

Ensure the root account is not used

  • Root infrastructure account unused

 

Add pull requests templates and require code approval in your codebase

  • Application changes reviewed
  • Security impact considered in pull requests (GitHub)

 

Upload organization documentation

  • Add job descriptions for key security roles
  • Add a new hire contract
  • Add your company organization chart
  • Add a sample of an internal communications sample about a significant product change