Checkpoints Dashboard
Select Application
Available Checkpoints
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| DR-001 | DR Readiness | Evaluates disaster recovery readiness based on plan compliance, testing frequency, and recovery objectives. | |
| MONITOR-001 | Automated Monitoring | Evaluates the effectiveness of automated monitoring systems based on coverage, alert quality, and response times. | |
| EC2-001 | EC2 Instances Monitoring | Checks the operational health of EC2 instances and their monitoring configuration. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| ARCH-001 | Architecture Documents | Evaluates the completeness and quality of architecture documentation. | |
| DOC-001 | Architecture Documentation | Verifies that system architecture is properly documented. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| SSL-001 | SSL Certificates Registered | Verifies that SSL certificates are properly registered and maintained. | |
| SEC-001 | Enrolled in ORCA | Verifies enrollment in the Operational Risk Compliance Assessment program. | |
| SEC-002 | IAC Scan | Evaluates results from Infrastructure as Code security scans. | |
| NET-001 | Network Perimeter Testing | Assesses the results of network perimeter security testing. | |
| IAM-001 | IAM Compliance | Evaluates AWS IAM user and role security configuration, including password policies, MFA, and access key rotation. | |
| S3-001 | S3 Bucket Security | Verifies S3 buckets are configured securely with encryption, logging, and proper access controls. | |
| SEC-003 | Vulnerability Scanning | Checks if regular security vulnerability scans are conducted. | |
| COMP-001 | Regulatory Compliance | Checks compliance with relevant regulations like GDPR, HIPAA, etc. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| HOST-001 | Local Load Balancer Conformance | Verifies that local load balancers conform to standards. | |
| MON-003 | Automated Monitoring Setup | Verifies that automated monitoring and alerts are configured for critical services. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| APM-001 | APM Tool Configuration | Checks if application performance monitoring tools are properly configured. | |
| PERF-001 | Load Testing | Verifies that load testing has been performed and meets requirements. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| ENV-001 | Environment Readiness | Checks if all environments (dev, test, prod) are properly configured and consistent. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| BACKUP-003 | Backup Verification | Verifies that backups are tested and can be successfully restored. | |
| DR-004 | DR Testing Schedule | Verifies that DR tests are scheduled and performed regularly. |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| azure_vm_monitoring | Azure VM Monitoring | Evaluates Azure Virtual Machines for operational health and configuration compliance. | |
| azure_storage_monitoring | Azure Storage Monitoring | Evaluates Azure Blob Storage for operational health and configuration compliance. | |
| azure_rbac_compliance | Azure RBAC Compliance | Evaluates Azure Role-Based Access Control for compliance with security best practices. | |
| azure_dr_readiness | Azure Disaster Recovery Readiness | Evaluates Azure Disaster Recovery for operational health and configuration compliance. | |
| AZURE-VM-001 | Azure VM Monitoring | Evaluates Azure Virtual Machines for operational health and configuration compliance. | |
| AZURE-STORAGE-001 | Azure Storage Monitoring | Evaluates Azure Blob Storage for operational health and configuration compliance. | |
| AZURE-RBAC-001 | Azure RBAC Compliance | Evaluates Azure Role-Based Access Control for compliance with security best practices. | |
| AZURE-DR-001 | Azure Disaster Recovery Readiness | Evaluates Azure Disaster Recovery for operational health and configuration compliance. | |
| AZURE_RBAC_COMPLIANCE | Azure RBAC Compliance | Evaluates Azure role-based access control | |
| AZURE_LOGGING_MONITORING | Azure Logging & Monitoring | Checks Azure Monitor and logging configuration | |
| AZURE_COST_OPTIMIZATION | Azure Cost Optimization | Analyzes Azure resource utilization for cost efficiency | |
| AZURE_STORAGE_MONITORING | Azure Storage Monitoring | Evaluates Azure Storage account configuration and security |
| Checkpoint ID | Name | Description | Actions |
|---|
| Checkpoint ID | Name | Description | Actions |
|---|
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| AWS-IAM-001 | AWS: Root account has active access keys | Checks if AWS root account has active access keys, which is a security risk | |
| AWS-IAM-002 | AWS: IAM users with administrator privileges | Checks for IAM users with administrator privileges | |
| AWS-IAM-003 | AWS: IAM users without MFA enabled | Checks for IAM users that don't have Multi-Factor Authentication enabled | |
| AWS-IAM-004 | AWS: IAM policies allowing wildcard actions | Checks for IAM policies that use wildcard actions, which can create security risks | |
| AZURE-IAM-002 | Azure: More than three owners assigned to a subscription | Checks if more than three owners are assigned to an Azure subscription | |
| AZURE-IAM-003 | Azure: Users can register applications without restriction | Checks if users can register applications without restriction in Azure AD | |
| AZURE-IAM-004 | Azure: Users can add gallery apps to their Access Panel | Checks if users can add gallery apps to their Access Panel without approval | |
| AZURE-IAM-005 | Azure: Custom subscription administrator roles exist | Checks for custom subscription administrator roles in Azure | |
| AZURE-IAM-006 | Azure: Non-privileged users executing privileged functions | Checks for non-privileged users executing privileged functions without audit logs |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| AWS-SEC-001 | AWS: S3 buckets with public read access | Checks for S3 buckets with public read access, which is a security risk | |
| AZURE-SEC-001 | Azure: Storage accounts not using secure transfer | Checks for storage accounts that are not configured to use secure transfer | |
| AWS-SEC-002 | AWS: Security groups allowing unrestricted SSH access | Checks for security groups that allow unrestricted SSH access | |
| AWS-SEC-003 | AWS: RDS instances not using encryption at rest | Checks for RDS instances that are not using encryption at rest | |
| AWS-SEC-004 | AWS: CloudTrail not enabled in all regions | Checks if CloudTrail is not enabled in all AWS regions | |
| AWS-SEC-005 | AWS: EBS volumes not encrypted | Checks for EBS volumes that are not encrypted | |
| AZURE-SEC-002 | Azure: SQL servers without auditing enabled | Checks for SQL servers that do not have auditing enabled | |
| AZURE-SEC-003 | Azure: Key Vaults without purge protection | Checks for Key Vaults that do not have purge protection enabled | |
| AZURE-SEC-004 | Azure: NSGs allowing inbound RDP from any source | Checks for NSGs that allow inbound RDP from any source | |
| AZURE-SEC-005 | Azure: VMs without endpoint protection installed | Checks for VMs that do not have endpoint protection installed |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| AWS-LOG-001 | AWS: CloudTrail logs not integrated with CloudWatch | Checks if CloudTrail logs are not integrated with CloudWatch Logs | |
| AZURE-LOG-001 | Azure: App Service apps without diagnostic logs | Checks for App Service apps that do not have diagnostic logs enabled | |
| AWS-LOG-002 | AWS: VPC flow logs not enabled | Checks if VPC flow logs are not enabled | |
| AWS-LOG-003 | AWS: ELB access logs not enabled | Checks if ELB access logs are not enabled | |
| AZURE-LOG-002 | Azure: Resource logs not enabled for Key Vault | Checks if resource logs are not enabled for Key Vault | |
| AZURE-LOG-003 | Azure: Activity log alerts not configured | Checks if activity log alerts are not configured for administrative operations | |
| AZURE-LOG-004 | Azure: Diagnostic settings not configured | Checks if diagnostic settings are not configured for selected resource types | |
| AZURE-LOG-005 | Azure: Log analytics workspace retention policies | Checks if Log Analytics workspace is not configured for retention policies | |
| AZURE-LOG-006 | Azure: Missing alerts for policy changes | Checks for missing alerts for policy changes | |
| AZURE-LOG-007 | Azure: Missing alerts for security operations | Checks for missing alerts for security operations |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| AWS-RES-001 | AWS: EC2 instances without termination protection | Checks for EC2 instances that do not have termination protection enabled | |
| AZURE-RES-001 | Azure: Virtual machines without backup configured | Checks for VMs that do not have backup configured | |
| AWS-RES-002 | AWS: Unused Elastic IP addresses | Checks for unused Elastic IP addresses that may incur charges | |
| AWS-RES-003 | AWS: RDS instances without backups enabled | Checks for RDS instances that do not have backups enabled | |
| AZURE-RES-002 | Azure: Unassociated public IP addresses | Checks for unassociated public IP addresses that may incur charges | |
| AZURE-RES-003 | Azure: Virtual networks without Network Watcher | Checks for virtual networks that do not have Network Watcher enabled | |
| AZURE-RES-004 | Azure: Load balancers without diagnostic logs | Checks for load balancers that do not have diagnostic logs enabled | |
| AZURE-RES-005 | Azure: SQL databases without geo-redundant backups | Checks for SQL databases that do not have geo-redundant backups configured | |
| AZURE-RES-006 | Azure: App Service plans without scaling configured | Checks for App Service plans that do not have scaling configured | |
| AZURE-RES-007 | Azure: Storage accounts without soft delete enabled | Checks for storage accounts that do not have soft delete enabled |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| AWS-COST-001 | AWS: Underutilized EC2 instances | Checks for underutilized EC2 instances that may be wasting resources | |
| AZURE-COST-001 | Azure: Unused virtual machines | Checks for unused virtual machines that may be wasting resources | |
| AWS-COST-002 | AWS: Idle RDS instances | Checks for idle RDS instances that may be wasting resources | |
| AWS-COST-003 | AWS: Unattached EBS volumes | Checks for unattached EBS volumes that may incur unnecessary charges | |
| AZURE-COST-002 | Azure: Orphaned disks not attached to any VM | Checks for orphaned disks that are not attached to any VM | |
| AZURE-COST-003 | Azure: Unused public IP addresses | Checks for unused public IP addresses that may incur charges | |
| AZURE-COST-004 | Azure: Unused network interfaces | Checks for unused network interfaces that may incur charges | |
| AZURE-COST-005 | Azure: Unused load balancers | Checks for unused load balancers that may incur charges | |
| AZURE-COST-006 | Azure: Unused application gateways | Checks for unused application gateways that may incur charges | |
| AZURE-COST-007 | Azure: Unused ExpressRoute circuits | Checks for unused ExpressRoute circuits that may incur charges |
| Checkpoint ID | Name | Description | Actions |
|---|---|---|---|
| AWS_SECURITY_CONFIG | AWS Security Configuration | Checks AWS security settings compliance | |
| AWS_LOGGING_MONITORING | AWS Logging & Monitoring | Evaluates AWS CloudTrail and CloudWatch setup | |
| AWS_COST_OPTIMIZATION | AWS Cost Optimization | Analyzes AWS resource utilization and cost efficiency |