Virtual Private Cloud Security Inspection Checklist
Use this form to review the security posture of a virtual private cloud environment and record inspection findings, risks, and remediation actions.
Inspection Metadata
Inspection Date
*
-
Month
-
Day
Year
Date
Inspector Name
*
Team or Department
*
Environment Type
*
Production
Staging
Development
Test
Other
Cloud Provider
*
Please Select
AWS
Microsoft Azure
Google Cloud
Oracle Cloud
Other
Account / Subscription / Project ID
*
Inspection Reference ID
VPC and Scope Details
VPC Name or Identifier
*
Region or Zone
*
Scope of Inspection
*
Routing
Subnets
Security Groups
Network ACLs
Internet Exposure
VPN/Peering
Logging/Monitoring
Encryption
DNS
Other
Inspection Scope Level
*
Full
Partial
Network Architecture Review
Number of subnets reviewed
*
Subnet segmentation status
*
Adequate
Needs improvement
Inadequate
Public subnet presence
*
None
Limited and justified
Present and excessive
Route table review status
*
Compliant
Minor issues
Major issues
Misrouted or overly permissive routes observed
Access Control and Traffic Rules
Security group posture rating
*
Weak
1
2
3
4
5
6
7
8
9
Strong
10
1 is Weak, 10 is Strong
Network ACL posture rating
*
Weak
1
2
3
4
5
6
7
8
9
Strong
10
1 is Weak, 10 is Strong
Inbound rule review results
*
Acceptable
Needs review
Critical finding
Outbound rule review results
*
Acceptable
Needs review
Critical finding
Unrestricted internet access to sensitive services
*
No
Yes
Unknown
Notable rules
Logging, Monitoring, and Detection
Are VPC flow logs enabled?
*
Yes
No
Partial
Unknown
Logging destination
Monitoring and alerting coverage
*
Poor
1
2
3
4
5
6
7
8
9
Excellent
10
1 is Poor, 10 is Excellent
Intrusion or anomaly detection status
*
Enabled
Partially enabled
Not enabled
Unknown
Findings or gaps in logging, monitoring, and detection
Encryption and Data Protection
Encryption at rest coverage
*
Complete
Partial
None
Unknown
Encryption in transit coverage
*
Complete
Partial
None
Unknown
Key management status
Please Select
Fully managed
Customer-managed
Partially managed
Not applicable
Unknown
Data protection concerns identified during inspection
Exposure, Findings, and Remediation
Exposed Services or Assets Discovered
Severity of Most Important Finding
*
Low
Medium
High
Critical
Overall Inspection Result
*
Pass
Pass with Findings
Fail
Recommended Remediation Actions
Priority Level
*
P1
P2
P3
P4
Follow-up Owner or Team
Submit Inspection
Should be Empty: