https://tesserohq.com/https://tesserohq.com/about/https://tesserohq.com/frameworks/https://tesserohq.com/frameworks/cloud-security/https://tesserohq.com/frameworks/cloud-security/a-strong-password-policy-is-configured/https://tesserohq.com/frameworks/cloud-security/active-access-keys-are-rotated-at-least-every-90-days/https://tesserohq.com/frameworks/cloud-security/activity-log-alerts-exist-for-critical-changes-nsg-security-policy-key-vault/https://tesserohq.com/frameworks/cloud-security/amazon-guardduty-is-enabled/https://tesserohq.com/frameworks/cloud-security/audit-log-retention-is-set-to-the-maximum-365-days/https://tesserohq.com/frameworks/cloud-security/automatic-rotation-is-enabled-on-kms-customer-keys/https://tesserohq.com/frameworks/cloud-security/autonomous-database-network-access-is-restricted-private-endpoint-acls/https://tesserohq.com/frameworks/cloud-security/aws-config-is-enabled-in-all-regions/https://tesserohq.com/frameworks/cloud-security/azure-policy-assigns-guardrails-for-required-configurations/https://tesserohq.com/frameworks/cloud-security/azure-sql-auditing-is-enabled/https://tesserohq.com/frameworks/cloud-security/block-volumes-are-encrypted-default-or-cmk/https://tesserohq.com/frameworks/cloud-security/buckets-use-customer-managed-encryption-keys-where-required/https://tesserohq.com/frameworks/cloud-security/budget-alerts-detect-anomalous-spend-abuse-indicator/https://tesserohq.com/frameworks/cloud-security/cloudtrail-is-enabled-in-all-regions-with-a-multi-region-trail/https://tesserohq.com/frameworks/cloud-security/cloudtrail-log-file-validation-is-enabled/https://tesserohq.com/frameworks/cloud-security/cloudtrail-logs-are-encrypted-with-a-kms-cmk/https://tesserohq.com/frameworks/cloud-security/cloudwatch-metric-filters-alarms-exist-for-critical-events/https://tesserohq.com/frameworks/cloud-security/compartment-structure-and-iam-boundaries-isolate-workloads/https://tesserohq.com/frameworks/cloud-security/compute-instances-have-no-unintended-public-ips/https://tesserohq.com/frameworks/cloud-security/credentials-unused-for-90-days-are-disabled/https://tesserohq.com/frameworks/cloud-security/customer-secret-keys-api-keys-are-rotated-regularly-90-days/https://tesserohq.com/frameworks/cloud-security/database-systems-use-encryption-tde/https://tesserohq.com/frameworks/cloud-security/default-security-group-of-every-vpc-restricts-all-traffic/https://tesserohq.com/frameworks/cloud-security/default-security-list-of-each-vcn-restricts-traffic/https://tesserohq.com/frameworks/cloud-security/diagnostic-settings-ship-activity-logs-to-log-analytics-storage-with-retention/https://tesserohq.com/frameworks/cloud-security/ebs-volume-encryption-by-default-is-enabled-per-region/https://tesserohq.com/frameworks/cloud-security/ec2-instances-enforce-imdsv2-token-required-metadata/https://tesserohq.com/frameworks/cloud-security/ecr-repositories-have-image-scanning-enabled/https://tesserohq.com/frameworks/cloud-security/eks-clusters-log-control-plane-and-restrict-public-api-endpoint/https://tesserohq.com/frameworks/cloud-security/guest-user-access-and-invitations-are-restricted/https://tesserohq.com/frameworks/cloud-security/iam-policies-follow-least-privilege-no-broad-manage-all-resources/https://tesserohq.com/frameworks/cloud-security/key-vault-network-access-is-restricted-firewall-private-endpoint/https://tesserohq.com/frameworks/cloud-security/key-vaults-have-soft-delete-and-purge-protection-enabled/https://tesserohq.com/frameworks/cloud-security/lambda-functions-hold-no-secrets-in-plaintext-env-vars-and-use-least-privilege-r/https://tesserohq.com/frameworks/cloud-security/legacy-basic-authentication-is-blocked/https://tesserohq.com/frameworks/cloud-security/membership-of-the-administrators-group-is-minimal/https://tesserohq.com/frameworks/cloud-security/mfa-is-enabled-for-all-iam-users-with-console-access/https://tesserohq.com/frameworks/cloud-security/mfa-is-enforced-for-all-iam-users-especially-administrators/https://tesserohq.com/frameworks/cloud-security/mfa-is-enforced-for-all-users-especially-privileged-roles/https://tesserohq.com/frameworks/cloud-security/microsoft-defender-for-cloud-is-on-the-standard-paid-tier-for-key-resource-types/https://tesserohq.com/frameworks/cloud-security/microsoft-defender-for-sql-threat-detection-is-enabled/https://tesserohq.com/frameworks/cloud-security/no-access-keys-exist-on-the-root-account/https://tesserohq.com/frameworks/cloud-security/no-iam-identity-has-unrestricted-administrator-policies-beyond-a-justified-few/https://tesserohq.com/frameworks/cloud-security/no-individual-s3-bucket-is-publicly-readable-writable/https://tesserohq.com/frameworks/cloud-security/no-nsg-allows-unrestricted-inbound-rdp-3389-from-the-internet/https://tesserohq.com/frameworks/cloud-security/no-nsg-allows-unrestricted-inbound-ssh-22-from-the-internet/https://tesserohq.com/frameworks/cloud-security/no-object-storage-bucket-has-public-access/https://tesserohq.com/frameworks/cloud-security/no-security-group-allows-unrestricted-0-0-0-0-0-ingress-to-ssh-22-or-rdp-3389/https://tesserohq.com/frameworks/cloud-security/no-security-group-exposes-database-ports-3306-5432-1433-27017-to-0-0-0-0-0/https://tesserohq.com/frameworks/cloud-security/notifications-events-alert-on-iam-network-and-policy-changes/https://tesserohq.com/frameworks/cloud-security/nsg-flow-logs-are-enabled/https://tesserohq.com/frameworks/cloud-security/number-of-global-administrators-is-limited-typically-2-4/https://tesserohq.com/frameworks/cloud-security/oracle-cloud-guard-is-enabled-at-tenancy-root/https://tesserohq.com/frameworks/cloud-security/permissions-are-granted-via-groups-roles-not-directly-to-users/https://tesserohq.com/frameworks/cloud-security/privileged-identity-management-pim-provides-just-in-time-elevation/https://tesserohq.com/frameworks/cloud-security/public-facing-ec2-instances-are-intentional-and-minimal/https://tesserohq.com/frameworks/cloud-security/rds-instances-are-encrypted-at-rest/https://tesserohq.com/frameworks/cloud-security/rds-instances-are-not-publicly-accessible/https://tesserohq.com/frameworks/cloud-security/resource-locks-protect-critical-resources-from-deletion/https://tesserohq.com/frameworks/cloud-security/root-account-is-not-used-for-day-to-day-activity/https://tesserohq.com/frameworks/cloud-security/root-account-mfa-is-enabled/https://tesserohq.com/frameworks/cloud-security/s3-block-public-access-is-enabled-at-the-account-level/https://tesserohq.com/frameworks/cloud-security/s3-default-encryption-is-enabled-on-all-buckets/https://tesserohq.com/frameworks/cloud-security/secure-transfer-https-only-is-required/https://tesserohq.com/frameworks/cloud-security/security-lists-do-not-allow-unrestricted-rdp-3389-from-0-0-0-0-0/https://tesserohq.com/frameworks/cloud-security/security-lists-do-not-allow-unrestricted-ssh-22-from-0-0-0-0-0/https://tesserohq.com/frameworks/cloud-security/sql-server-firewall-does-not-allow-0-0-0-0-all-internet/https://tesserohq.com/frameworks/cloud-security/storage-account-network-rules-default-to-deny-with-explicit-allow-lists/https://tesserohq.com/frameworks/cloud-security/storage-accounts-disallow-public-blob-access/https://tesserohq.com/frameworks/cloud-security/storage-blob-soft-delete-is-enabled/https://tesserohq.com/frameworks/cloud-security/strong-iam-password-policy-is-enforced/https://tesserohq.com/frameworks/cloud-security/transparent-data-encryption-tde-is-enabled/https://tesserohq.com/frameworks/cloud-security/vault-keys-have-rotation-configured/https://tesserohq.com/frameworks/cloud-security/vcn-flow-logs-are-enabled/https://tesserohq.com/frameworks/cloud-security/versioning-is-enabled-on-sensitive-buckets/https://tesserohq.com/frameworks/cloud-security/vm-os-and-data-disks-are-encrypted-ade-cmk-or-platform-encryption/https://tesserohq.com/frameworks/cloud-security/vms-use-managed-disks-not-unmanaged-page-blobs/https://tesserohq.com/frameworks/cloud-security/vpc-flow-logs-are-enabled-on-all-vpcs/https://tesserohq.com/frameworks/itgc/https://tesserohq.com/frameworks/itgc/access-privileged-activity-logging/https://tesserohq.com/frameworks/itgc/application-access-rbac/https://tesserohq.com/frameworks/itgc/application-security-testing-pen-test/https://tesserohq.com/frameworks/itgc/asset-configuration-management/https://tesserohq.com/frameworks/itgc/backup-failure-monitoring/https://tesserohq.com/frameworks/itgc/backup-policy-execution/https://tesserohq.com/frameworks/itgc/backup-restoration-testing/https://tesserohq.com/frameworks/itgc/backup-storage-protection/https://tesserohq.com/frameworks/itgc/batch-monitoring-failure-handling/https://tesserohq.com/frameworks/itgc/business-continuity-plan/https://tesserohq.com/frameworks/itgc/capacity-performance-management/https://tesserohq.com/frameworks/itgc/centralised-identity-sso/https://tesserohq.com/frameworks/itgc/change-authorisation/https://tesserohq.com/frameworks/itgc/change-management-policy/https://tesserohq.com/frameworks/itgc/change-request-documentation/https://tesserohq.com/frameworks/itgc/cloud-iam-console-gcp/https://tesserohq.com/frameworks/itgc/cloud-provider-governance-gcp/https://tesserohq.com/frameworks/itgc/code-review-peer-approval/https://tesserohq.com/frameworks/itgc/cryptographic-key-management/https://tesserohq.com/frameworks/itgc/data-centre-environmental-controls/https://tesserohq.com/frameworks/itgc/data-classification-handling/https://tesserohq.com/frameworks/itgc/data-conversion-migration/https://tesserohq.com/frameworks/itgc/data-retention-secure-disposal/https://tesserohq.com/frameworks/itgc/database-access-controls/https://tesserohq.com/frameworks/itgc/database-schema-change-control/https://tesserohq.com/frameworks/itgc/deployment-pipeline-ci-cd/https://tesserohq.com/frameworks/itgc/developer-access-to-production/https://tesserohq.com/frameworks/itgc/disaster-recovery-plan/https://tesserohq.com/frameworks/itgc/dr-testing/https://tesserohq.com/frameworks/itgc/emergency-changes/https://tesserohq.com/frameworks/itgc/encryption-at-rest/https://tesserohq.com/frameworks/itgc/encryption-in-transit/https://tesserohq.com/frameworks/itgc/endpoint-protection-edr/https://tesserohq.com/frameworks/itgc/environment-segregation/https://tesserohq.com/frameworks/itgc/generic-shared-service-accounts/https://tesserohq.com/frameworks/itgc/go-live-implementation-approval/https://tesserohq.com/frameworks/itgc/incident-management/https://tesserohq.com/frameworks/itgc/infrastructure-iac-changes/https://tesserohq.com/frameworks/itgc/it-governance-oversight/https://tesserohq.com/frameworks/itgc/it-information-security-policies/https://tesserohq.com/frameworks/itgc/it-organisation-segregation/https://tesserohq.com/frameworks/itgc/it-risk-assessment/https://tesserohq.com/frameworks/itgc/job-scheduling-control/https://tesserohq.com/frameworks/itgc/logging-standard-retention/https://tesserohq.com/frameworks/itgc/multi-factor-authentication-mfa/https://tesserohq.com/frameworks/itgc/network-security-firewall/https://tesserohq.com/frameworks/itgc/operating-system-server-access/https://tesserohq.com/frameworks/itgc/outsourcing-register-mas-compliance/https://tesserohq.com/frameworks/itgc/password-authentication-policy/https://tesserohq.com/frameworks/itgc/patch-management/https://tesserohq.com/frameworks/itgc/periodic-user-access-review/https://tesserohq.com/frameworks/itgc/physical-access-or-cloud-soc/https://tesserohq.com/frameworks/itgc/post-implementation-review/https://tesserohq.com/frameworks/itgc/privileged-access-management-pam/https://tesserohq.com/frameworks/itgc/privileged-administrator-access/https://tesserohq.com/frameworks/itgc/problem-management/https://tesserohq.com/frameworks/itgc/project-governance-stage-gates/https://tesserohq.com/frameworks/itgc/regulatory-compliance-monitoring/https://tesserohq.com/frameworks/itgc/remote-access-vpn/https://tesserohq.com/frameworks/itgc/requirements-design-approval/https://tesserohq.com/frameworks/itgc/rollback-back-out-plans/https://tesserohq.com/frameworks/itgc/sdlc-methodology/https://tesserohq.com/frameworks/itgc/secrets-api-key-token-management/https://tesserohq.com/frameworks/itgc/secure-development-standards/https://tesserohq.com/frameworks/itgc/security-alerting-anomaly-monitoring/https://tesserohq.com/frameworks/itgc/security-awareness-training/https://tesserohq.com/frameworks/itgc/segregation-of-duties-sod/https://tesserohq.com/frameworks/itgc/service-level-performance-monitoring/https://tesserohq.com/frameworks/itgc/session-management-timeout/https://tesserohq.com/frameworks/itgc/soc-report-review-soc-1-2/https://tesserohq.com/frameworks/itgc/sod-in-changes-dev-deployer/https://tesserohq.com/frameworks/itgc/system-infrastructure-monitoring/https://tesserohq.com/frameworks/itgc/testing-uat-before-production/https://tesserohq.com/frameworks/itgc/third-party-access-management/https://tesserohq.com/frameworks/itgc/time-synchronisation-ntp/https://tesserohq.com/frameworks/itgc/user-access-de-provisioning-leavers/https://tesserohq.com/frameworks/itgc/user-access-modification-movers/https://tesserohq.com/frameworks/itgc/user-access-provisioning/https://tesserohq.com/frameworks/itgc/vendor-third-party-risk-assessment/https://tesserohq.com/frameworks/itgc/version-control-scm/https://tesserohq.com/frameworks/itgc/vulnerability-management/https://tesserohq.com/pricing/https://tesserohq.com/privacy/https://tesserohq.com/product/https://tesserohq.com/security/https://tesserohq.com/terms/