Skip to content

The 25 Box security checks Black Cat runs

Black Cat SSPM evaluates 25 security policies against your Box configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highExcessive Admin Users

Reduce the number of Box admin and co-admin users to the minimum necessary

mediumInactive User Account

Deactivate or remove Box user accounts that have been inactive for over 90 days

highExternal Collaboration Not Restricted

Enable external collaboration restrictions on admin accounts to limit data exposure

highPlatform Access Only Admin

Remove admin privileges from platform-only (service account) users

highUser Exempt from Login Verification

Remove login verification exemptions to enforce authentication controls for all users

mediumUser Account Deactivated But Not Removed

Remove deactivated Box user accounts after verifying content transfer is complete

criticalAdmin Exempt From Login Verification

Remove login verification exemption from admin accounts to enforce strong authentication on privileged users

app governance

mediumUnauthorized Application

Review and remove Box applications that have not been approved or featured by your enterprise

lowExcessive Applications Installed

Audit and remove unused or unnecessary Box application integrations

compliance

highRetention Policies Configured But None Active

Activate at least one retention policy to enforce data retention requirements

configuration

lowEmpty Group

Remove or repopulate empty Box groups that may retain inherited folder permissions

data protection

mediumNo Collaboration Whitelist Entries

Define a collaboration whitelist to restrict external sharing to approved domains only

mediumBroad Inbound Collaboration Whitelist

Review and tighten inbound collaboration whitelist entries to limit external user access

highBidirectional Collaboration Whitelist

Replace bidirectional collaboration whitelist entries with directional entries to reduce data exfiltration risk

device trust

mediumUser Exempt from Device Limits

Remove device limit exemptions from users who do not have a documented business need

mediumNo Device Pins Configured

Configure device pins to enforce device trust and restrict access from unmanaged devices

retention

highNo Retention Policies Defined

Create retention policies to ensure data is retained for the required compliance period

mediumRetired Retention Policy

Review and replace retired retention policies to ensure continued compliance coverage

mediumShort Retention Period

Extend the retention period for policies set below the minimum recommended duration of 30 days

mediumModifiable Retention Policy

Convert modifiable retention policies to non-modifiable to prevent tampering with retained content

mediumPermanent Delete Disposition Action

Change the disposition action to remove from policy instead of permanently deleting, to allow for legal holds

mediumNo Indefinite Retention Policies

Create at least one indefinite retention policy to preserve critical business records for compliance

sharing

mediumGroup Allows External Collaborator Invitations

Disable the collaborator invitation permission on groups to prevent uncontrolled external sharing

mediumOutbound Collaboration Whitelist Entry

Review outbound collaboration whitelist entries to ensure data sharing to external domains is justified

mediumExcessive Collaboration Whitelist Entries

Reduce the number of collaboration whitelist entries to minimize the external sharing surface

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial