Skip to content

The 25 PagerDuty security checks Black Cat runs

Black Cat SSPM evaluates 25 security policies against your PagerDuty configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highExcessive Admins

Reduce the number of PagerDuty admin accounts to three or fewer to limit blast radius

mediumSingle Account Owner

Designate at least one additional Account Owner in PagerDuty to ensure administrative redundancy

mediumUnassigned User

Assign unassigned PagerDuty users to an appropriate team or deactivate them if no longer needed

lowUser Pending Invitation

Follow up on pending PagerDuty invitations or remove stale user accounts that were never activated

mediumTeam Without Manager

Assign a manager to each PagerDuty team to ensure accountability and oversight

mediumService Not Assigned to Team

Assign each PagerDuty service to a team for clear ownership and access control

authentication

highSSO Disabled

Enable SSO in PagerDuty account settings to enforce centralized identity authentication

mediumAdvanced Permissions Disabled

Enable Advanced Permissions in PagerDuty to enforce granular role-based access control

configuration

highUser Without Notification Rules

Configure notification rules for PagerDuty users so they receive incident alerts

highUser Without Contact Methods

Add contact methods (phone, SMS, email) to PagerDuty users so they can be reached during incidents

mediumEmpty Team

Add members to empty PagerDuty teams or delete them if no longer needed

mediumService Without Integrations

Add integrations to PagerDuty services so they can receive events and trigger incidents

mediumService Without Acknowledgement Timeout

Set an acknowledgement timeout on PagerDuty services to auto-escalate unacknowledged incidents

lowEscalation Policy Without Services

Attach orphaned escalation policies to services or remove them if no longer needed

lowSchedule Not Linked to Escalation Policy

Link orphaned on-call schedules to escalation policies or remove them if unused

incident response

criticalService Without Escalation Policy

Attach an escalation policy to each PagerDuty service to ensure incidents are routed correctly

lowPossibly Abandoned Service

Review inactive PagerDuty services and either reactivate them or decommission them

mediumService Without Auto-Resolve

Enable an auto-resolve timeout on each PagerDuty service to prevent indefinitely open incidents

highSingle User Escalation Rule

Add additional responders or on-call schedules to escalation policies that rely on a single user

mediumEscalation Policy Without Schedule

Replace direct user assignments in escalation policies with on-call schedules for reliable coverage

highEscalation Policy Without Loops

Set the repeat count on escalation policies to at least 1 so alerts re-escalate if unacknowledged

mediumSingle User Schedule

Add additional users to single-user on-call schedules to eliminate single points of failure

integration security

mediumExtension Disabled

Re-enable or remove disabled PagerDuty extensions to keep integrations in a known and auditable state

mediumWebhook External URL

Update PagerDuty webhook subscriptions to use HTTPS delivery URLs to ensure encrypted transport

lowWebhook Inactive

Re-enable or remove inactive PagerDuty webhook subscriptions to keep integrations in a known state

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial