Skip to main content

Security

TODO: insert GovAssure baseline? or excerpt from?

How does your organisation authenticate and manage non-human service accounts?

How does your organisation authenticate and manage user identities?

How does your organisation ensure that users have appropriate permissions aligned with their roles?

How does your organisation handle user provisioning for cloud systems, focusing on authentication for human users?

How does your organisation manage authentication for non-human service accounts in cloud systems?

How does your organisation manage risks?

How does your organisation manage staff identities?

How does your organisation mitigate risks associated with privileged internal threat actors?

How does your organisation monitor and manage security within its software supply chain?

How does your organisation monitor and manage threats, vulnerabilities, and misconfigurations?

What approach does your organisation take towards network architecture for security?

What is your organisation's approach to implementing 2FA/MFA for securing access?

What is your organisation's approach to managing privileged access?

What measures are in place in your organisation to mitigate the risk of data breaches, including exfiltration, corruption, deletion, and non-availability?

Reset Section Save and continue