The 25 Box security checks Black Cat runs
Black Cat SSPM evaluates 25 security policies against your Box configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Reduce the number of Box admin and co-admin users to the minimum necessary
Deactivate or remove Box user accounts that have been inactive for over 90 days
Enable external collaboration restrictions on admin accounts to limit data exposure
Remove admin privileges from platform-only (service account) users
Remove login verification exemptions to enforce authentication controls for all users
Remove deactivated Box user accounts after verifying content transfer is complete
Remove login verification exemption from admin accounts to enforce strong authentication on privileged users
app governance
Review and remove Box applications that have not been approved or featured by your enterprise
Audit and remove unused or unnecessary Box application integrations
compliance
Activate at least one retention policy to enforce data retention requirements
configuration
Remove or repopulate empty Box groups that may retain inherited folder permissions
data protection
Define a collaboration whitelist to restrict external sharing to approved domains only
Review and tighten inbound collaboration whitelist entries to limit external user access
Replace bidirectional collaboration whitelist entries with directional entries to reduce data exfiltration risk
device trust
Remove device limit exemptions from users who do not have a documented business need
Configure device pins to enforce device trust and restrict access from unmanaged devices
retention
Create retention policies to ensure data is retained for the required compliance period
Review and replace retired retention policies to ensure continued compliance coverage
Extend the retention period for policies set below the minimum recommended duration of 30 days
Convert modifiable retention policies to non-modifiable to prevent tampering with retained content
Change the disposition action to remove from policy instead of permanently deleting, to allow for legal holds
Create at least one indefinite retention policy to preserve critical business records for compliance
sharing
Disable the collaborator invitation permission on groups to prevent uncontrolled external sharing
Review outbound collaboration whitelist entries to ensure data sharing to external domains is justified
Reduce the number of collaboration whitelist entries to minimize the external sharing surface