The 28 Atlassian security checks Black Cat runs
Black Cat SSPM evaluates 28 security policies against your Atlassian configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Deactivate inactive Atlassian users who are no longer needed
Remove all product access and group memberships from suspended Atlassian users
Remove unnecessary admin role from Atlassian users with admin access to multiple products
Review and remove unnecessary product access for external Atlassian users
Rotate Atlassian API tokens that are older than 90 days
Reduce Atlassian API tokens per user by revoking unnecessary tokens
Configure SAML SSO for Atlassian to centralize identity management
Reduce Atlassian session timeout to 24 hours or less
Remove anonymous browse access and restrict default role permissions in Jira projects
Add a descriptive label to unlabeled Atlassian API tokens to enable auditing and attribution
Enable the external users policy to enforce controls on guest and external account access
Review and reduce org-admin product access to the minimum required set of users
Remove or fully deprovision closed Atlassian user accounts from the organization directory
Replace generic-labeled API tokens older than 30 days with tokens bearing descriptive, purpose-specific labels
Remove empty groups that have no members to reduce administrative overhead
Require the admin user to enable two-step verification immediately
Review product-level admin access and reduce to the minimum required users
compliance
Enable the data residency policy to pin data storage location for regulatory compliance
configuration
Enable mobile app management policy to control mobile device access to organization data
data sharing
Review and disable external sharing on Jira projects that do not require outside access
Review and disable external sharing on Confluence spaces that do not require outside access
mfa
Enforce two-step verification for all Atlassian users in authentication policies
Enforce two-step verification for all users in Atlassian authentication policies
network
Enable IP allowlist policy to restrict access to trusted network ranges
sharing
Restrict Jira project visibility from public to private
Disable anonymous access to Confluence spaces
Disable public link sharing for Confluence spaces
Disable anonymous access on archived Confluence spaces to prevent unintended data exposure