Pro audit program · v1.0

SaaS Security Posture

How well is your SaaS estate protected — SSO, MFA enforcement, offboarding, third-party app review?

General target area
CIS Controls framework
6 controls in this program
Cyentrix Cyentrix Trusted Author

Sign in to run → Back to library

About this program

How well is your SaaS estate protected — SSO, MFA enforcement, offboarding, third-party app review?

Risks addressed

High Ungoverned SaaS sprawl exposes corporate data
High Leavers retain access to SaaS post-departure
High Malicious OAuth apps exfiltrate mailbox / Drive data
Medium No central log of SaaS activity for IR

Controls (6)

SaaS inventory maintained
High

SaaS inventory maintained

How to test + evidence

Testing procedure: List every SaaS in use (CASB/SSPM or finance export). Confirm owners + tier.

Evidence to collect: SaaS register.
SSO enforced on all SaaS where supported
High

SSO enforced on all SaaS where supported

How to test + evidence

Testing procedure: For each Tier-1/2 SaaS, confirm SSO is the only sign-in option.

Evidence to collect: SSO config screenshots per app.
MFA enforced on every SaaS account
High

MFA enforced on every SaaS account

How to test + evidence

Testing procedure: Verify MFA is enforced at the app or IdP layer for every SaaS user.

Evidence to collect: IdP / app reports.
Joiner-mover-leaver wired into IdP
High

Joiner-mover-leaver wired into IdP

How to test + evidence

Testing procedure: Confirm HR-driven provisioning + deprovisioning across Tier-1 SaaS.

Evidence to collect: JML workflow doc + SCIM logs.
Third-party app review process
Medium

Third-party app review process

How to test + evidence

Testing procedure: OAuth grants reviewed before approval; periodic re-review of installed marketplace apps.

Evidence to collect: App-review register.
Audit logs streamed to SIEM
Medium

Audit logs streamed to SIEM

How to test + evidence

Testing procedure: Tier-1 SaaS audit logs flow to SIEM / log warehouse.

Evidence to collect: SIEM source inventory.