CSPM Evaluation Checklist
Assess your organization's cloud security posture with this comprehensive evaluation form.
Organization Name
*
Contact Person's Name
*
First Name
Last Name
Contact Email
*
example@example.com
Which cloud provider(s) are in scope for this evaluation?
*
Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform (GCP)
Other
Governance & Policy Assessment
*
Rows
Not Implemented
Partially Implemented
Fully Implemented
Not Applicable
Documented cloud security policies exist
1
2
3
4
Roles and responsibilities are defined
5
6
7
8
Regular policy reviews are conducted
9
10
11
12
Identity & Access Management (IAM) Assessment
*
Rows
Not Implemented
Partially Implemented
Fully Implemented
Not Applicable
Multi-factor authentication is enforced
13
14
15
16
Least privilege access is applied
17
18
19
20
Regular access reviews are conducted
21
22
23
24
Monitoring & Logging Assessment
*
Rows
Not Implemented
Partially Implemented
Fully Implemented
Not Applicable
Cloud activity logs are enabled
25
26
27
28
Centralized log management is in place
29
30
31
32
Automated alerts for suspicious activity
33
34
35
36
Configuration Management Assessment
*
Rows
Not Implemented
Partially Implemented
Fully Implemented
Not Applicable
Baseline configurations are defined
37
38
39
40
Automated configuration assessments are performed
41
42
43
44
Remediation processes are established
45
46
47
48
Incident Detection & Response Assessment
*
Rows
Not Implemented
Partially Implemented
Fully Implemented
Not Applicable
Incident response plan includes cloud incidents
49
50
51
52
Automated incident detection tools are used
53
54
55
56
Incident response is regularly tested
57
58
59
60
Overall Cloud Security Posture Rating
*
1
2
3
4
5
Additional Comments or Recommendations
Submit Evaluation
Should be Empty: