The 31 Zoom security checks Black Cat runs
Black Cat SSPM evaluates 31 security policies against your Zoom configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Deactivate or remove inactive users in Zoom User Management
Reduce admin role members by demoting unnecessary administrators to standard roles
Enable SSO sign-in enforcement under Advanced Security settings
Require encryption for 3rd party endpoints (H.323/SIP)
Stop embedding the meeting passcode in the join link
Disable join before host so participants cannot enter meetings unattended
Require a passcode for instant meetings
Require a passcode for Personal Meeting ID (PMI) meetings
configuration
Enable meeting password requirements in Zoom Meeting Security settings
Enable the Waiting Room feature in Zoom Meeting Security settings
Restrict meeting joins to authenticated users only in Zoom Meeting Security settings
Disable local recording in Zoom Recording settings to prevent unauthorised local storage
Enable auto-deletion of cloud recordings to limit long-term data retention exposure
Strengthen the account password policy under Advanced Security settings
Disable file transfer in meeting chat to reduce data exfiltration risk
Disable automatic recording so meetings are not recorded without explicit consent
Disable auto-saving of meeting chats to avoid retaining sensitive information
Disable continuous meeting chat so messages do not persist beyond the session
Enable email notification when participants join before the host
Disable far end camera control so remote participants cannot control cameras
Disable host video on by default to avoid exposing video without consent
Enable identification of guest participants to distinguish external attendees
Disable participant video on by default to avoid exposing video without consent
Enable a sound when participants join or leave to maintain awareness
Disable remote control so participants cannot take control of another screen
Require permission to unmute participants
Restrict screen sharing to the host only
Enable screen share watermark to attribute shared content
data sharing
Disable meeting live streaming to external platforms unless required
mfa
Enable two-factor authentication for the user in Zoom User Management
Immediately enable two-factor authentication for the admin account in Zoom User Management