arrow-left Back to Announcements
DATE:
AUTHOR:
The folks at Scrut
New Feature

Expand compliance coverage with 5 new automated tests

DATE:
AUTHOR: The folks at Scrut

What's new?

Scrut has introduced 5 new automated tests:

#1: DocumentDB Cluster Encrypted (AWS)

  • What it does: Verifies that all AWS DocumentDB clusters are encrypted at rest.

  • Why it matters: Ensures compliance with encryption requirements and prevents unauthorized access to sensitive data.

  • Control coverage: Data protection and encryption at rest.

#2: EC2 Backups Enabled (AWS)

  • What it does: Checks whether Amazon EC2 instances have backup mechanisms enabled (snapshots/AMIs).

  • Why it matters: Provides evidence of data availability and recoverability in case of system failure.

  • Control coverage: Backup and disaster recovery.

#3: No Risks Are in Open State

  • What it does: Ensures that all risks logged in Scrut’s Risk Register are either mitigated, accepted, or closed.

  • Why it matters: Demonstrates a mature risk management process with no unresolved, high-risk exposures left open.

  • Control coverage: Risk management and governance.

#4: Third-party Tool Used for Capacity Monitoring

  • What it does: Validates the use of a recognized third-party monitoring tool (e.g., Datadog, New Relic, etc) for capacity monitoring.

  • Why it matters: Provides auditors with proof that system capacity and performance are proactively tracked and managed.

  • Control coverage: Availability and capacity monitoring.

#5: Data in Transit is Encrypted (SSL/TLS Check for Custom Domains)

  • What it does:

    • Enables you to add your web platform domains as resources in Scrut.

    • Runs automated SSL/TLS scans (via SSL Labs API or internal testssl.sh checks).

    • Verifies that domains achieve a minimum A-grade for strong encryption.

  • Why it matters: Replaces the old manual SSL Labs screenshot evidence with a fully automated test. Ensures customer data in transit is always protected with modern encryption standards.

  • Control coverage: Encryption in transit (TLS/SSL).

  • Evidence replaced: SSL Labs manual screenshots.

Why it matters

These tests run continuously to verify security controls and reduce the number of manual evidence collection tasks required.

How it works

Once your integrations are connected, Scrut will automatically run these tests and surface findings into evidence tasks, tests, dashboards, and reports.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.

Powered by LaunchNotes