Assessment Coverage
Summary
Section titled “Summary”RedCloud runs thousands of automated security checks across multiple clouds and domains, plus deeper IAM analytics. This page describes the breadth of coverage and how to see exactly what ran for a given scan.
Coverage by cloud
Section titled “Coverage by cloud”RedCloud assesses six surfaces:
| Surface | Coverage |
|---|---|
| Google Cloud | Hundreds of checks across IAM, networking, storage, GKE, compute, databases, logging, and more |
| AWS | The largest check set, spanning identity, network, storage, and containers |
| Azure | Broad coverage across identity, network, and Kubernetes |
| Microsoft 365 | Tenant security checks |
| Google Workspace | Workspace security checks |
| Web applications | Web security and Web PT checks |
Coverage by domain (GCP example)
Section titled “Coverage by domain (GCP example)”GCP checks are organized into dozens of categories, with the largest being:
| Domain | Focus |
|---|---|
| IAM | Roles, bindings, service accounts, privilege escalation |
| Compute | VM configuration and hardening |
| Web Security | Web-facing service exposure |
| Networking | Firewalls, VPC, public exposure |
| GKE | Kubernetes cluster and node hardening |
| Storage | Bucket exposure and data protection |
| Database | Managed database security |
| Workspace | Google Workspace controls |
Specialized check families also cover DSPM (data security), CIEM (entitlements), toxic combinations, secrets scanning, host/OS hardening, container vulnerabilities, Model Armor, and AI prompt-injection.
IAM analytics coverage
Section titled “IAM analytics coverage”Beyond pass/fail checks, the Assessment Coverage and IAM Permissions screens show permission distribution and analytics — how entitlements are spread across identities and where over-privilege concentrates. Domain-Wide Delegation (DWD) analysis highlights service accounts with broad, sensitive scopes.
Compliance coverage
Section titled “Compliance coverage”Findings map to recognized frameworks for reporting — including CIS, PCI-DSS, SOC 2, HIPAA, ISO 27001, NIST 800-53 / CSF, GDPR, and many more. See Audit & Compliance.
Notes & limitations
Section titled “Notes & limitations”- The set of checks that run depends on the chosen profile (e.g.
mvp15vsfull) and the connected cloud. - For the exact, current inventory, rely on the in-product Capabilities view rather than a static number.