The 27 LastPass security checks Black Cat runs
Black Cat SSPM evaluates 27 security policies against your LastPass configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Disable or remove LastPass user accounts that have been dormant for 90 or more days
Demote or disable dormant LastPass admin accounts after verifying with management
Remove or revoke LastPass user accounts that have never been used since provisioning
Remove or revoke admin privileges from LastPass admin accounts that have never logged in
Permanently delete LastPass user accounts that have been disabled but not yet removed
Reduce the number of admins in LastPass shared folders to the minimum required
Downgrade at least some members of LastPass shared folders where all users have admin rights
Add read-only members to LastPass shared folders that currently grant every user write access
Add a second admin to LastPass shared folders that have only a single admin
Reduce LastPass shared folder membership by removing unnecessary users or splitting the folder
Assign the user to at least one LastPass group to ensure group-level policies apply
Revoke admin privileges from the disabled LastPass account before or during deactivation
Verify that the recently created admin account was authorized through the proper access management process
configuration
Enforce a minimum master password strength policy to eliminate weak master passwords
Enforce a minimum master password strength of 50 or higher in LastPass policies
Send onboarding reminders to LastPass users with empty vaults and remove unused licenses
Notify LastPass users with stale master passwords to rotate them and enforce a password age policy
Notify LastPass users who have never changed their master password to rotate it
Enforce immediate master password rotation for LastPass admin accounts with stale passwords
Improve the security score of LastPass shared folders by updating weak or reused passwords
Update weak or reused passwords in LastPass shared folders to improve the security score
Require the admin to immediately update their master password to meet the higher strength threshold
Delete orphaned shared folders that have no members
Require the admin to immediately change their master password from the initial value
mfa
Enable multifactor authentication for LastPass users who have MFA disabled
Require MFA for all LastPass admin accounts that currently have it disabled
sharing
Disable the credential export (give) permission for shared folder members who do not need it