The 25 PagerDuty security checks Black Cat runs
Black Cat SSPM evaluates 25 security policies against your PagerDuty configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Reduce the number of PagerDuty admin accounts to three or fewer to limit blast radius
Designate at least one additional Account Owner in PagerDuty to ensure administrative redundancy
Assign unassigned PagerDuty users to an appropriate team or deactivate them if no longer needed
Follow up on pending PagerDuty invitations or remove stale user accounts that were never activated
Assign a manager to each PagerDuty team to ensure accountability and oversight
Assign each PagerDuty service to a team for clear ownership and access control
authentication
Enable SSO in PagerDuty account settings to enforce centralized identity authentication
Enable Advanced Permissions in PagerDuty to enforce granular role-based access control
configuration
Configure notification rules for PagerDuty users so they receive incident alerts
Add contact methods (phone, SMS, email) to PagerDuty users so they can be reached during incidents
Add members to empty PagerDuty teams or delete them if no longer needed
Add integrations to PagerDuty services so they can receive events and trigger incidents
Set an acknowledgement timeout on PagerDuty services to auto-escalate unacknowledged incidents
Attach orphaned escalation policies to services or remove them if no longer needed
Link orphaned on-call schedules to escalation policies or remove them if unused
incident response
Attach an escalation policy to each PagerDuty service to ensure incidents are routed correctly
Review inactive PagerDuty services and either reactivate them or decommission them
Enable an auto-resolve timeout on each PagerDuty service to prevent indefinitely open incidents
Add additional responders or on-call schedules to escalation policies that rely on a single user
Replace direct user assignments in escalation policies with on-call schedules for reliable coverage
Set the repeat count on escalation policies to at least 1 so alerts re-escalate if unacknowledged
Add additional users to single-user on-call schedules to eliminate single points of failure
integration security
Re-enable or remove disabled PagerDuty extensions to keep integrations in a known and auditable state
Update PagerDuty webhook subscriptions to use HTTPS delivery URLs to ensure encrypted transport
Re-enable or remove inactive PagerDuty webhook subscriptions to keep integrations in a known state