Control Types and Categories

Cloud Controls

Cloud Controls include controls pertain to cloud services such as: computing, storage, networking, database, analytics, application services, and many others. Organizations such as the Cloud Security Alliance (CSA) or National Institute of Technology (NIST) have outlined controls and best practices for providing security assurance with cloud computing.

The following Cloud related controls are organized by Categories. You can also “Jump To” Control Types and Categories by clicking on the link located at the right of this screen.

The following are links to more detailed pages:

AWS

Showing 140 controls:
Control TitleControl TypeRisk Rating
AWS Amazon Machine Images (AMIs) shared with unknown AWS accounts without restrictions Cloud Controls High
AWS Amazon Machine Images (AMIs) using unencrypted Amazon Elastic Block Store (EBS) Cloud Controls High
Amazon Redshift clusters with Database Auditing disabled Cloud Controls High
AWS Account with CloudTrail and encryption not enabled for log files Cloud Controls, Data Controls Medium
AWS Account with CloudTrail not Enabled/Created Cloud Controls High
AWS Accounts with AWS Config disabled Cloud Controls, Configuration controls Medium
AWS security credentials stored in public repositories Cloud Controls High
AWS Default Security Groups allowing all traffic Cloud Controls High
AWS Identity and Access Management (IAM) inline policy usage Cloud Controls Medium
AWS Identity and Access Management (IAM) with privileged access on AWS Customer Master Keys Cloud Controls, Least Privilege High
AWS Security Groups for EC2 instances allowing traffic through DNS Port Cloud Controls High
AWS Security Groups for workload allowing traffic through RDP Port Cloud Controls High
AWS Security Groups for EC2 instances allowing traffic through CIFS Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through FTP Command Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through FTP Data Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through Net-Bios Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through PostgreSQL Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through RPC Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through Telnet Port Cloud Controls High
AWS Security Groups for EC2 instances allowing traffic through VNC Listener Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through VNC Server Port Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through MySQL Port Cloud Controls High
AWS Security Groups for EC2 instances allowing traffic through RDP Port Cloud Controls High
AWS Security Groups for EC2 instances allowing traffic through SSH Port Cloud Controls High
AWS Security Groups – Orphaned and Unused Cloud Controls Medium
AWS Amazon Machine Images (AMIs) that are shared publicly Cloud Controls High
CloudFormation Templates created without Deletion Policy Attribute Cloud Controls High
CloudFormation Templates created without “Output” section Cloud Controls Medium
CloudFormation Templates not integrated with Simple Notification Service (SNS) Cloud Controls Medium
CloudFormation templates with Open RDP Port Security Groups Cloud Controls High
CloudFormation Templates used to create Security Groups that allow traffic though an SSH Port Cloud Controls High
CloudFormation templates created with password violations Cloud Controls, Password controls High
AWS Accounts with CloudTrail S3 Buckets publicly available Cloud Controls High
Ensure the Customer Gateways Limit is not reached Cloud Controls Medium
AWS Account with CloudTrail and Log Validation not enabled Cloud Controls Medium
Amazon Elastic Cloud Compute (EC2) with Termination Protection Disabled Cloud Controls Medium
Events based on DROP (Don’t Route Or Peer) IP List Cloud Controls High
Amazon Elastic Block Store (EBS) that are not encrypted and attached to an EC2 instance Cloud Controls, Data Controls High
Ensure the EBS Snapshot Limit is not reached Cloud Controls Low
Ensure the EBS Volume Limit is not reached Cloud Controls Low
Amazon Elastic Block Store (EBS) that are not Encrypted Cloud Controls, Data Controls High
Amazon Elastic Compute Cloud (EC2) instances affected by Saviynt Preventative Controls Cloud Controls Low
Amazon Elastic Compute Cloud (Amazon EC2) instances associated with default Security Groups Cloud Controls High
Amazon Elastic Compute Cloud (EC2) instances setup outside of the Virtual Private Network Cloud Controls High
Amazon Elastic Compute Cloud (EC2) instances missing tags Cloud Controls Low
AWS Security Groups for EC2 instances allowing traffic through SMTP Port Cloud Controls High
Amazon Elastic Compute Cloud (EC2) instances setup on dedicated tenancy Cloud Controls High
Amazon Elastic Compute Cloud (EC2) instances setup on default tenancy Cloud Controls Low
Amazon Elastic Cloud Compute (EC2) without IAM Roles Cloud Controls Low
Events based on EDROP (Extended Don’t Route Or Peer) IP List Cloud Controls High
Ensure Elastic IP address Limit is not reached Cloud Controls Medium
Ensure Elastic IP address Limit is not reached Cloud Controls High
Elastic Load Balancing (ELB) Certificates which are expired Cloud Controls High
Elastic Load Balancing (ELB) Certificates that will expire within 21 days Cloud Controls Low
Events based on Emerging Threats blocked IP list Cloud Controls High
Amazon Virtual Private Cloud (VPC) without any resources Cloud Controls Medium
Ensure the Expiry time for an unaccepted Virtual Private Cloud (VPC) peering connection request limit is not reached Cloud Controls Medium
Ensure VPC Flow Logs limit is not reached Cloud Controls Medium
GitHub – AWS CloudFormation Templates created without DeletionPolicy attribute Cloud Controls High
GitHub – AWS CloudFormation Templates created without “Output” section Cloud Controls Medium
AWS CloudFormation Templates not integrated with AWS Simple Notification Service (SNS) Cloud Controls Medium
GitHub – AWS CloudFormation Templates used to create Security groups allowing traffic though an RDP Port Cloud Controls High
GitHub – AWS CloudFormation Templates used to create Security groups allowing traffic though an SSH Port Cloud Controls High
GitHub – AWS CloudFormation templates created with password violations Cloud Controls, Password controls High
Terminated users with an AWS high privileged user account Cloud Controls, IT General Controls High
AWS Identity and Access Management (IAM) groups with high privileged access Cloud Controls, Least Privilege High
AWS Identity and Access Management (IAM) users with high privileged access Cloud Controls, Least Privilege High
AWS Identity and Access Management (IAM) policies with High Privileges Cloud Controls, Least Privilege High
AWS IAM user without Multi-Factor Authentication (MFA) enabled Cloud Controls High
AWS Identity and Access Management (IAM) user not following organization’s naming standard Cloud Controls Medium
AWS Identity and Access Management (IAM) user with access to delete CloudFormation Templates Cloud Controls, Least Privilege High
AWS Identity and Access Management (IAM) user with non-rotated Access Keys Cloud Controls High
AWS Identity and Access Management (IAM) user with non-rotated credentials Cloud Controls High
AWS Identity and Access Management (IAM) High Privileged inactive users Cloud Controls High
Amazon instances/hosts setup on dedicated tenancy Cloud Controls High
Amazon instances/hosts setup on default tenancy Cloud Controls Low
Amazon Elastic Compute Cloud (EC2) instances setup with non-approved DNS names Cloud Controls Medium
Ensure the Internet Gateways Limit is not reached Cloud Controls Medium
AWS Key Management Service (KMS) scheduled for deletion Cloud Controls High
AWS Key Management Service (KMS) with rotation disabled Cloud Controls High
AWS Network Access Control List (NACL) allowing traffic through CIFS Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through FTP Command Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through FTP Data Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through Net-Bios Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through PostgreSQL Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through RPC Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through Telnet Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through VNC Listener Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through VNC Server Port Cloud Controls Low
AWS Network Access Control List (NACL) restricting incoming traffic Cloud Controls High
AWS Network Access Control List (NACL) allowing traffic through RDP Port Cloud Controls High
AWS Network Access Control List (NACL) allowing traffic through DNS Port Cloud Controls High
AWS Network Access Control List (NACL) allowing traffic through MySQL Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through SMTP Port Cloud Controls Low
AWS Network Access Control List (NACL) allowing traffic through SSH Port Cloud Controls High
AWS Network Access Control List (NACL) restricting outgoing traffic Cloud Controls High
Ensure the NACLs rule Limit is not reached Cloud Controls Medium
Ensure the NACLs Limit is not reached Cloud Controls Medium
Ensure the Network Address Translation (NAT) Gateways Limit is not reached Cloud Controls Medium
Amazon Redshift clusters that are unencrypted Cloud Controls, Data Controls High
AWS IAM High Privileged user without Multi-Factor Authentication (MFA) enabled Cloud Controls Medium
Ensure the Outstanding Virtual Private Cloud (VPC) peering connection requests limit is not reached Cloud Controls Medium
Amazon Relational Database Service (RDS) granting access to AWS accounts outside the organization Cloud Controls, Data Controls, Least Privilege Medium
Amazon Relational Database Service (RDS) should not be accessible publicly Cloud Controls, Least Privilege High
Amazon Relational Database Service (RDS) which are not Encrypted Cloud Controls, Data Controls High
Amazon Relational Database Service (RDS) with last restorable time greater than 5 minutes Cloud Controls, Data Controls Low
Amazon Relational Database Service (RDS) with retention policy greater than 2 weeks Cloud Controls, Data Controls Low
AWS Security Groups for RedShift clustered DB allowing traffic through RDP Port Cloud Controls High
AWS Security Groups for AWS RedShift VPC allowing traffic through SSH Port Cloud Controls High
AWS Security Groups for AWS RedShift VPC allowing traffic through RDP Port Cloud Controls High
AWS Security Groups for RedShift clustered DB allowing traffic through SSH Port Cloud Controls High
AWS Root Accounts with API Keys Enabled Cloud Controls High
AWS Root accounts with Multi-Factor Authentication disabled Cloud Controls High
Ensure the Route Tables Limit is not reached Cloud Controls Medium
Amazon S3 Buckets without MFA Delete enabled Cloud Controls Medium
Amazon S3 Buckets with logging disabled Cloud Controls Medium
Amazon S3 Buckets with versioning disabled Cloud Controls Low
Amazon S3 Buckets allowing Full access to everyone via ACL Cloud Controls Medium
Amazon S3 Buckets having explicit Global List access via ACL Cloud Controls Medium
Amazon S3 Buckets allowing explicit Read/Write access via ACL Cloud Controls Medium
Amazon S3 Buckets allowing access to Everyone via Access Control List (ACL) Cloud Controls High
Amazon S3 Buckets with server side encryption disabled Cloud Controls High
AWS Security Groups allowing all incoming traffic Cloud Controls High
Ensure the Security Groups limit per VPC is not reached Cloud Controls Medium
AWS Security Groups allowing all outgoing traffic Cloud Controls High
Ensure the Security Groups per network interface limit is not reached Cloud Controls Medium
Events Based on TOR (“The Onion Router”) IP List Cloud Controls High
Elastic Load Balancing (ELB) with zero associated EC2 instances or zero EC2 instances in service Cloud Controls Medium
Track the unused Elastic IP addresses in the account Cloud Controls Medium
Track the unused Elastic IP addresses in your account Cloud Controls High
Ensure the Virtual Private Gateways Limit is not reached Cloud Controls Medium
Ensure the Virtual Private Cloud (VPC) Endpoints limit is not reached Cloud Controls Medium
Ensure the VPC Limit is not reached Cloud Controls Medium
Ensure the Virtual Private Cloud (VPC) Peering Active Connections limit is not reached Cloud Controls Medium
Ensure the VPC Subnet Limit is not reached Cloud Controls Medium
Amazon Virtual Private Cloud (VPC) setup on dedicated tenancy Cloud Controls High
Amazon Virtual Private Cloud (VPC) setup on default tenancy Cloud Controls High
Ensure the Virtual Private Network (VPN) connections per region limit is not reached Cloud Controls Medium
Ensure the Virtual Private Network (VPN) Connections per Virtual Private Cloud (VPC) limit is not reached Cloud Controls Medium
AWS Workloads without Amazon Elastic Block Store (EBS) optimized instance Cloud Controls Low

Azure

Showing 94 controls:
Control TitleControl TypeRisk Rating
Access to Storage Accounts Keys Cloud Controls, Least Privilege High
Application Gateway Insecure listener Cloud Controls Medium
Application Gateway Subnet security group allowing traffic on insecure ports Cloud Controls High
Application Gateway with Logging Disabled Cloud Controls High
Application Gateway with no Health Probe Rule Cloud Controls Low
Application Gateway with single or no VM attached Cloud Controls Low
Application Gateway with WAF Disabled. Cloud Controls High
Application Gateway with WAF not in Prevention mode Cloud Controls High
Application gateways not in WAF tier Cloud Controls High
Availability sets with only 1 fault domain and 1 update domain Cloud Controls Low
Azure Storage account with Disabled Encryption Cloud Controls, Data Controls High
Containers with Public access on Blobs Cloud Controls Medium
Containers with Public Access on Container Cloud Controls Medium
Disks of type Reserved Cloud Controls Low
Disks that are not standard tier Cloud Controls Low
Dynamic public IP Address Default Limit Reached Cloud Controls Low
Ensure that ‘Auditing’ is set to ‘On’ Cloud Controls High
Ensure that ‘Automatic provisioning of monitoring agent’ is set to ‘On’ Cloud Controls High
Ensure that ‘Disk encryption’ is set to ‘On’ Cloud Controls, Data Controls High
Ensure that ‘JIT Network Access’ is set to ‘On’ Cloud Controls High
Ensure that no custom subscription owner roles are created Cloud Controls, Least Privilege High
Ensure that ‘Public access level’ is set to Private for blob containers Cloud Controls High
Ensure that ‘SQL auditing & Threat detection’ is set to ‘On’ Cloud Controls High
Ensure that ‘SQL Encryption’ is set to ‘On’ Cloud Controls, Data Controls High
Ensure that SQL server access is restricted from the internet Cloud Controls High
Ensure that ‘Storage Encryption’ is set to ‘On’ Cloud Controls, Data Controls High
Ensure that ‘Storage service encryption’ is set to Enabled for Blob Service Cloud Controls, Data Controls High
Ensure that ‘System updates’ is set to ‘On’ Cloud Controls High
Ensure that ‘Threat Detection’ is set to ‘On’ Cloud Controls High
Ensure that ‘Threat’ Retention is ‘greater than 90 days Cloud Controls High
List of classic VMs Cloud Controls Low
Load Balancer with single or no VM Attached Cloud Controls Medium
Load Balancers with no Health Probe Rule Cloud Controls Medium
LoadBalancer default Limit Reached Cloud Controls Low
Load Balancer Subnet security group allowing traffic on insecure ports Cloud Controls High
Network Security Groups with Open DNS(TCP) Cloud Controls High
Network Security Groups with Open DNS(UDP) Cloud Controls High
Network Security Groups with Open FTP Cloud Controls High
Network Security Groups with Open LDAP Cloud Controls High
Network Security Groups with Open MS SQL Cloud Controls High
Network Security Groups with Open MySQL Cloud Controls High
Network Security Groups with Open PostgreSQL Cloud Controls High
Network Security Groups with Open RDP Cloud Controls High
Network Security Groups with Open SMTP Cloud Controls High
Network Security Groups with Open SSH Cloud Controls High
Network Interface default Limit Reached Cloud Controls Low
Non-MFA High Privileged Users Cloud Controls, Least Privilege High
NSGs associated with both NIC level and Subnet level Cloud Controls Medium
NSGs with Disabled Logging Cloud Controls Medium
NSGs with Indefinite Log Retention Cloud Controls Medium
Production workloads with no Availability Set Cloud Controls Medium
Production Workloads without Resource Locks Cloud Controls Medium
Public IP’s which have static IP’s associated Cloud Controls Low
Scale Sets with Autoscaling Disabled. Cloud Controls Medium
Scale Sets with Over Provision set to false Cloud Controls Low
Scale Sets with Upgrade Policy mode set to Automatic Cloud Controls Medium
SQL databases not in standard tier Cloud Controls Low
SQL Azure Databases with Encryption Disabled Cloud Controls, Data Controls High
SQL Azure Threat Retention ‘greater than 90 days’ Cloud Controls Medium
SQL Azure with access open to Internet Cloud Controls High
SQL Azure with Auditing Disabled Cloud Controls High
SQL Azure with Threat Detection Disabled Cloud Controls High
Standard Disk attached to VMs (HDD) Cloud Controls Low
Static Public IP Address Default Limit Reached Cloud Controls Low
Storage Account Metrics Cloud Controls Low
Storage accounts that are not standard tier Cloud Controls Low
Subscriptions with NSG default limit reached Cloud Controls Low
Total Azure Active Directory Groups Cloud Controls Low
Underutilized Availability Sets Cloud Controls Low
Underutilized Scale Sets Cloud Controls Low
Unencrypted Disks Cloud Controls, Data Controls High
Unused Disks Cloud Controls Low
Unused Network Security Groups Cloud Controls Low
Unused Public IP Addresses Cloud Controls Low
Unused Static Public IP Addresses Cloud Controls Low
VM Default Limit Reached Cloud Controls Medium
VM instances associated with Public IP Cloud Controls Low
VM Instances with disable automatic updates Cloud Controls Low
VM Instances with Open DNS(TCP) Cloud Controls High
VM Instances with Open DNS(UDP) Cloud Controls High
VM Instances with Open FTP Cloud Controls High
VM Instances with Open LDAP Cloud Controls High
VM Instances with Open MS SQL Cloud Controls High
VM Instances with Open MySQL Cloud Controls High
VM Instances with Open PostgreSQL Cloud Controls High
VM Instances with Open RDP Cloud Controls High
VM Instances with Open SMTP Cloud Controls High
VM Instances with Open SSH Cloud Controls High
VM Instances with Provision VM Agent disabled Cloud Controls Low
VM Network Security Groups allowing Global Inbound traffic on All Ports Cloud Controls Medium
VM Network Security Groups allowing inbound traffic from RFC-1918 CIDRs Cloud Controls, Least Privilege Medium
VMs outside Resource Groups Cloud Controls Medium
VMs with Disabled Logging Cloud Controls Medium
Workloads without Resource Locks Cloud Controls Low

BOX

Showing 11 controls:
Control TitleControl TypeRisk Rating
BOX – External Users with File Edit or Delete Rights Cloud Controls Medium
Box False Positive Files Cloud Controls Medium
BOX – Folders Shared for External Collaboration Cloud Controls Medium
BOX – Quarantine Access Rights Details Cloud Controls Medium
BOX – Shared Sensitive Files with No Link Expiration Cloud Controls Medium
BOX – Top 5 External Collaborators Cloud Controls Medium
BOX – Top 5 Sensitive Violation Documents Cloud Controls, Data Controls Medium
Box Whitelisted and False Positive files Cloud Controls Medium
Box Whitelisted Files Cloud Controls Medium
Folders shared with link having access type – People with link Cloud Controls Medium
Quarantined Files by Saviynt Cloud Controls Medium

GApps

Showing 2 controls:
Control TitleControl TypeRisk Rating
Files shared with public Cloud Controls Medium
GApps – Shared Sensitive Files Cloud Controls High

GCP

Showing 7 controls:
Control TitleControl TypeRisk Rating
Detects accounts of type NULL Cloud Controls, Identity Governance Low
Detects all active accounts without any entitlement association Cloud Controls, Identity Governance Low
Detects the accounts in child organization Cloud Controls Medium
Detects the accounts where mailbox is not setup Cloud Controls Low
Detects active accounts not logged in last 45 days Cloud Controls, Identity Governance Medium
Ensure that corporate login credentials are used instead of Gmail accounts Cloud Controls, Identity Governance Medium
List of accounts of type Internal Cloud Controls Low

GitHub

Showing 4 controls:
Control TitleControl TypeRisk Rating
Organizations with no members Cloud Controls, Identity Governance Medium
Organizations with no Repositories Cloud Controls Medium
Repositories with no members Cloud Controls, Identity Governance Medium
Unused Teams Cloud Controls Low

Office 365

Showing 103 controls:
Control TitleControl TypeRisk Rating
Auditlog Trimming Retention period of SharePoint Sites Cloud Controls High
Count of Files and Document Libraries within Site Collection Cloud Controls Low
Count of Files and Document Libraries within Site Cloud Controls Low
Count of Files Within Document Library Cloud Controls Low
Document Libraries of a Site Collection Cloud Controls High
Document Libraries on Site Cloud Controls Low
Document Libraries with Major and Minor Versions Cloud Controls Low
Document libraries with no versioning enabled Cloud Controls Low
Documents In Site Collection Cloud Controls Medium
Documents In Sites Cloud Controls Low
Documents on SiteCollection -Dynamic Cloud Controls Medium
Documents shared publically Cloud Controls High
Documents with Broken Inheritance and no FSO Cloud Controls Low
Documents with versions Cloud Controls, Data Controls Low
Export Control – Non-US Content – Controlled Cloud Controls, Data Controls Low
Export Control – US Content – Controlled Cloud Controls, Data Controls Medium
Files with Guest Links with Edit Permissions and No Expiration Period Cloud Controls High
FSO’s of Site Collection Cloud Controls Low
Invalid FSO for Site Collection Cloud Controls Low
Libraries with Inheritance Break Cloud Controls Low
Libraries with No Major Versioning Cloud Controls Low
List of document libraries with broken inheritance and FSO access Cloud Controls Medium
List of document libraries with broken inheritance and TSO access Cloud Controls Medium
List of Documents Libraries with Unique Permission Cloud Controls Low
List of documents with broken inheritance and FSO access Cloud Controls Medium
List of documents with broken inheritance and TSO access Cloud Controls Medium
List of external users having access to confidential documents from internal sites Cloud Controls, Data Controls High
List of external users having access to document libraries with unique permissions in internal sites Cloud Controls, Identity Governance High
List of external users having access to export controlled Non-US content from internal sites Cloud Controls High
List of external users having access to export controlled US content from internal sites Cloud Controls High
List of external users having access to restricted documents from internal sites Cloud Controls High
List of external users having access to SharePoint Sites Cloud Controls, Identity Governance High
List of external users having access to shared sites Cloud Controls High
List of external users with allowed ISI having access to Internal Sites Cloud Controls High
List of external users with blocked ISI having access to Internal Sites Cloud Controls High
List of Items on SubSite Cloud Controls Low
List of Orphaned Permissions on Sharepoint Sites Cloud Controls, Identity Governance High
List of Ownership Cloud Controls Medium
Lists with Broken Inheritance and no FSO Cloud Controls Medium
Major and Minor Version Cloud Controls Medium
O365 License Utilization Cloud Controls Low
O365 Services utilization Cloud Controls Low
One Drives with Sensitive Files Cloud Controls Low
Permission Hierarchy of Group on Sites Cloud Controls Medium
Permission Hierarchy of site and its elements Cloud Controls Low
Permission management audit report Cloud Controls Medium
Records of business type declared on a site Cloud Controls Low
Records on SiteCollection Cloud Controls Low
Records on SubSites Cloud Controls Low
Records per month Cloud Controls Medium
Restricted Documents on Site Cloud Controls Medium
Sensitive Files shared publically Cloud Controls, Data Controls High
Sensitive files with edit rights for external users Cloud Controls, Data Controls Low
Sensitive files with external access Cloud Controls Low
SharePoint American Express Card Sensitive Files Cloud Controls, Data Controls High
SharePoint Confidential Sensitive Files Cloud Controls, Data Controls High
SharePoint Diners Club Card Sensitive Files Cloud Controls High
SharePoint Discover Credit Card Sensitive Files Cloud Controls, Data Controls High
SharePoint External users list Cloud Controls, Identity Governance Low
SharePoint files with external access Cloud Controls Low
SharePoint files with guest link Cloud Controls Low
SharePoint files with guest links with Edit permissions Cloud Controls Low
SharePoint Files with Unique Permissions Cloud Controls Low
SharePoint JCB Credit Card Sensitive Files Cloud Controls, Data Controls High
SharePoint Mastercard Sensitive Files Cloud Controls, Data Controls High
SharePoint PCI Sensitive Files Cloud Controls, Data Controls High
SharePoint Secret Sensitive Files Cloud Controls, Data Controls High
SharePoint Site Collection Owner Reports Cloud Controls Low
SharePoint Site Collections not modified for last 6 weeks Cloud Controls Low
SharePoint Site Collections with external sharing enabled Cloud Controls High
SharePoint Site Collections with guest links and edit permissions Cloud Controls High
SharePoint Sites not modified for last 6 weeks Cloud Controls Low
SharePoint Sites Shared with External Users Cloud Controls High
SharePoint Sites With Broken Inheritance Cloud Controls High
SharePoint Sites With No document libraries Cloud Controls Low
SharePoint UK Driver License Sensitive Files Cloud Controls, Data Controls Low
SharePoint UK National Insurance Number Sensitive Files Cloud Controls, Data Controls High
SharePoint US Bank RTN Sensitive Files Cloud Controls, Data Controls High
SharePoint US Drivers License Sensitive Files Cloud Controls, Data Controls High
SharePoint US ITIN Sensitive Files Cloud Controls, Data Controls High
SharePoint US Passport Sensitive Files Cloud Controls, Data Controls High
SharePoint US Swift Code Sensitive Files Cloud Controls High
SharePoint VISA Credit Card Sensitive Files Cloud Controls, Data Controls High
Site Collection without PSO Cloud Controls Low
Site Collection without SSO Cloud Controls Medium
Site with broken inheritance and user permission Cloud Controls Medium
Sites with broken inheritance and no FSO Cloud Controls Low
Sites with Orphaned External Users Cloud Controls, Identity Governance Low
Storage level of Site Collection Cloud Controls Low
Subsites In SiteCollection Cloud Controls Medium
Terminated users with O365 licenses Cloud Controls, Identity Governance Low
Top 5 Sensitive Documents Cloud Controls Low
Total Accounts in Office365 Cloud Controls, Identity Governance Low
Total Active Accounts in Office365 Cloud Controls, Identity Governance Low
Total non Records Cloud Controls Medium
Total Orphan Accounts in O365 Cloud Controls, Identity Governance Low
Total Records Cloud Controls Low
Total SharePoint Files Cloud Controls Low
Total SharePoint Groups Cloud Controls Low
Total SharePoint Lists Cloud Controls Low
Total SharePoint Site Collection Cloud Controls Low
Total SharePoint Sites Cloud Controls Low
Unrestricted Documents Cloud Controls Low