Skip to content

The 18 Workday security checks Black Cat runs

Black Cat SSPM evaluates 18 security policies against your Workday configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

mediumSecurity Group With Excessive Members

Review and reduce security group membership

lowEmpty Security Group

Remove unused security group or add members

highSecurity Group With Broad Domain Access

Reduce domain permissions for this security group

audit

criticalAudit Logging Disabled

Enable user activity logging for the tenant

authentication

highWeak Password Policy

Strengthen password requirements to minimum 12 characters with complexity

highSSO Not Enabled

Configure SSO for centralized authentication

mediumExcessive Session Timeout

Reduce session timeout to 60 minutes or less

highNo Account Lockout Policy

Configure account lockout to prevent brute-force attacks

highDelegated Auth Certificate Expiring Soon

Renew the delegated authentication x.509 certificate

mediumDelegated Auth Allows Local Fallback

Disable local password fallback to enforce SSO

identity

mediumWorkday Dormant User Account

Review and disable inactive Workday accounts

criticalTerminated User With Active Account

Disable the Workday account for this terminated worker

lowUser Without Manager Assigned

Assign a manager to this worker

integration security

mediumStale Integration System

Review and disable unused integrations

mediumIntegration With Excessive Scope

Reduce integration functional areas to minimum required

mfa

highWorkday User Without MFA Required

Enable MFA for this Workday user account

criticalMFA Not Enforced

Enable MFA enforcement in the authentication policy

network security

mediumNo IP Restrictions Configured

Configure trusted IP ranges to restrict Workday access

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial