The 25 Google Ads security checks Black Cat runs
Black Cat SSPM evaluates 25 security policies against your Google Ads configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Review Google Ads users with email-only access and remove or upgrade as appropriate
Reduce the number of Google Ads admin users to minimize the blast radius of account compromise
Cancel stale pending Google Ads user invitations that have not been accepted
Remove or deactivate Google Ads users who have not accessed the account recently
Assign at least one admin user to each Google Ads account to ensure it can be governed and recovered
Add a second admin user to eliminate the single point of failure for account governance
Review Standard-role users whose access was granted more than 180 days ago and confirm it is still required
Cancel or re-send admin invitations that have been pending for more than 7 days to reduce the window for account takeover
Investigate and revoke self-granted access to enforce separation of duties for Google Ads account access
Cancel or re-send read-only invitations that have been pending for more than 14 days
Review email-only users whose access was granted more than 90 days ago and confirm it is still required
Review admin user access that has not been reviewed in more than 90 days
Investigate user access records with no recorded inviter to ensure they were properly authorized
Cancel or re-send standard access invitations that have been pending for more than 7 days
availability
Investigate and resolve the account suspension to restore ad delivery and prevent data loss
change management
Review recent sensitive changes in Google Ads to ensure they were authorized
Review the recent access role change to confirm it was authorized and did not result in unauthorized privilege escalation
compliance
Review cancelled billing setups and clean up stale billing configurations
Review and approve or reject pending account budgets
data sharing
Review and remove unauthorized external data links from the Google Ads account
financial controls
Set an end date on all Google Ads account budgets to prevent uncapped spend
Set a spending limit on all Google Ads account budgets to cap maximum spend
governance
Resolve the pending billing setup to ensure payment authorization is in place before ad spend occurs
Remove cancelled accounts from the MCC hierarchy to keep the account structure clean and avoid confusion
Link a valid payments account to the billing setup to ensure all ad spend is properly tracked and billed