Skip to content

The 39 Slack security checks Black Cat runs

Black Cat SSPM evaluates 39 security policies against your Slack configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highSSO Disabled

Enable SAML single sign-on for the workspace

highSSO Not Enforced

Enforce SAML SSO as the only allowed authentication method

mediumPublic Channel Creation Unrestricted

Restrict public channel creation to workspace admins or owners

mediumInvite Approval Disabled

Enable admin approval for workspace invitations

lowAnalytics Not Admin Only

Restrict workspace analytics access to admins only

mediumApp Management Unrestricted

Restrict app installation and management to workspace admins

mediumMarketplace Apps Not Required

Require all apps to be sourced from the Slack App Directory

mediumDesktop Session Unlimited

Set a session duration limit for Slack desktop clients

mediumMobile Session Unlimited

Set a session duration limit for Slack mobile clients

mediumSSO Email Change Allowed

Prevent SSO-managed users from changing their email address in Slack

lowSSO Display Name Change Allowed

Enforce display name synchronisation from the SSO identity provider

lowTLS Email Invites Disabled

Enable TLS-enforced delivery for workspace email invitations

mediumShared Channels Unrestricted

Restrict Slack Connect shared channel creation and management to admins

mediumSlack Connect DM Unrestricted

Restrict Slack Connect direct messages to verified external organisations

lowGuest Slash Commands

Restrict guest access to slash commands and app interactions

mediumExcessive Admins

Reduce the number of workspace admins to the minimum necessary

mediumExcessive Owners

Reduce the number of workspace owners to two or fewer

highExternal Admin

Remove admin privileges from guest accounts

highOwner Redundancy

Ensure at least two workspace owners exist for business continuity

lowGuest Multi Channel

Convert multi-channel guests to single-channel guests or full members as appropriate

mediumApp Approval Not Required

Require admin approval before app installation

compliance

mediumPublic Channel Retention Limited

Configure a custom message retention policy for public channels

data leakage

mediumPublic File Sharing

Disable public file sharing links for the workspace

governance

lowMessage Edit Unrestricted

Set a time limit on how long members can edit messages

lowSlackbot Responses Unrestricted

Restrict Slackbot custom response creation to workspace admins

lowEveryone Notify General

Restrict @channel and @everyone mentions in

lowArchive Channel Unrestricted

Restrict channel archiving to workspace admins only

lowRemove Public Channel Unrestricted

Restrict deletion of public channels to workspace admins only

lowWorkflow Creation Unrestricted

Restrict Workflow Builder creation to workspace admins only

lowNew User Notification Disabled

Enable notifications when new members join the workspace

lowRemove Private Channel Unrestricted

Restrict deletion of private channels to workspace admins only

lowUser Groups Unrestricted

Restrict user group creation and management to workspace admins

lowNotify Channel Unrestricted

Restrict @channel and @here usage to workspace admins

lowDisplay Name Not Validated

Require members to use their real (full) names as display names

lowDefault Channels Excessive

Reduce default channels to only the essential ones for new members

lowInactive Channel

Archive inactive channels with no recent activity

lowApp No Description

Ensure all installed apps have descriptive names and documented purpose

mfa

highMFA Not Required

Enable mandatory two-factor authentication for the workspace

highUser No MFA

Enable two-factor authentication for the flagged user account

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial