Cintas

Account ID: 01b36a94e0c5e5037cdc8a85d26b765d · Audit Date: 2026-03-30 · Full Audit
No Logpush Jobs Configured
Zero forensic/audit log capability. 0 logpush jobs detected — SIEM integration required for compliance.
No Alert Policies Configured
0 notification policies. No automated alerting for DDoS attacks, 5xx spikes, or certificate expiry.
Gateway Antivirus Not Enabled
Download content is not being scanned. AV scanning disabled in Zero Trust Gateway settings.
3 Public Workers AI Fine-Tunes Detected
Fine-tuned models with potentially sensitive training data are publicly accessible. Review and restrict visibility.
📋

Audit Overview

Overall Risk
LOW
0 Critical Findings
Total Findings
6
4 Warn · 2 Info
Critical
0
Immediate Action
Warnings
4
30-Day SLA
Optimizations
2
90-Day SLA
Zones Audited
0
Account-level only
Audit Details
Account ID 01b36a94e0c5...26b765d
Audit Type Full (All Categories)
Audit Date 2026-03-30 16:34 UTC
Generated By cf-audit-web v0.1.0
Category Health
Account Security Pass
SSL/TLS Pass
DNS & DNSSEC Pass
WAF & Firewall Pass
Cache & Performance Pass
Legacy Migration Pass
Agent Readiness Pass
Categories with Findings
Developer Platform 1 Warn
Observability & Logging 2 Warn
Zero Trust 1 Warn 2 Info
📊

Executive Summary

Category Critical Warning Info
Account Security 0 0 0
SSL/TLS 0 0 0
DNS & DNSSEC 0 0 0
WAF & Firewall 0 0 0
Cache & Performance 0 0 0
Legacy Migration 0 0 0
Developer Platform 0 1 0
Observability & Logging 0 2 0
Zero Trust 0 1 2
Agent Readiness 0 0 0
Total 0 4 2
🛡️

Framework Compliance Matrix

Framework Critical Warning Info Total
PCI DSS 4.0 0 2 0 2
SOC 2 0 3 0 3
NIST CSF 2.0 0 0 2 2
NIST 800-53 0 4 2 6
NIST 800-171 0 2 2 4
FedRAMP 0 3 2 5
HIPAA 0 2 0 2
CMMC 2.0 0 2 2 4
SOX 0 2 0 2
FISMA 0 2 2 4
StateRAMP 0 2 2 4
CIS v8 0 3 1 4
HITRUST 0 2 0 2
⚠️

Warning Findings

4 findings — Address within 30 days

WARN-001
No Logpush jobs configured — zero forensic capability
Account Scope Observability & Logging PCI DSS 4.0 SOC 2 NIST 800-53 FedRAMP HIPAA +7 more
Current State
0 logpush jobs
Expected State
At least 1 logpush job exporting to SIEM/storage
Remediation
Configure Logpush to export HTTP requests, firewall events, and audit logs to your SIEM or cloud storage
  • PCI DSS 4.0 §10.2.1 — Audit log capture
  • PCI DSS 4.0 §10.3.1 — Audit log protection
  • SOC 2 CC7.2 — Monitor for anomalies
  • SOC 2 CC7.3 — Evaluate security events
  • NIST 800-53 AU-2 — Event Logging
  • NIST 800-53 AU-6 — Audit Review, Analysis, Reporting
  • FedRAMP AU-2 — Audit Events
  • HIPAA §164.312(b) — Audit controls
  • SOX ITGC — Logging of changes to financial systems
  • CMMC 2.0 AU.L2-3.3.1 — System-level auditing
  • NIST 800-171 3.3.1 — Create and retain system audit logs
  • FISMA AU-2 — Event Logging
  • StateRAMP AU-2 — Audit Events
  • CIS v8 8.2 — Collect audit logs
  • CIS v8 8.5 — Centralize audit log collection
  • HITRUST 09.aa — Audit logging
WARN-002
No alert policies configured
Account Scope Observability & Logging PCI DSS 4.0 SOC 2 NIST 800-53 FedRAMP HIPAA +7 more
Current State
0 alert policies
Expected State
Alert policies for DDoS, origin errors, certificate expiry
Remediation
Create alert policies in Notifications for critical events (DDoS attacks, 5xx spikes, expiring certificates)
  • PCI DSS 4.0 §10.2.1 — Audit log capture
  • PCI DSS 4.0 §10.3.1 — Audit log protection
  • SOC 2 CC7.2 — Monitor for anomalies
  • SOC 2 CC7.3 — Evaluate security events
  • NIST 800-53 AU-2 — Event Logging
  • NIST 800-53 AU-6 — Audit Review, Analysis, Reporting
  • FedRAMP AU-2 — Audit Events
  • HIPAA §164.312(b) — Audit controls
  • SOX ITGC — Logging of changes to financial systems
  • CMMC 2.0 AU.L2-3.3.1 — System-level auditing
  • NIST 800-171 3.3.1 — Create and retain system audit logs
  • FISMA AU-2 — Event Logging
  • StateRAMP AU-2 — Audit Events
  • CIS v8 8.2 — Collect audit logs
  • CIS v8 8.5 — Centralize audit log collection
  • HITRUST 09.aa — Audit logging
WARN-003
Gateway antivirus scanning not enabled for downloads
Account Scope Zero Trust NIST 800-53 FedRAMP CIS v8
Current State
Antivirus: not enabled
Expected State
AV scanning enabled for download content
Remediation
Enable Gateway antivirus scanning in Zero Trust settings
  • NIST CSF 2.0 PR.DS-01 — Data protection
  • NIST 800-53 SC-7 — Boundary Protection
  • NIST 800-53 AC-4 — Information Flow Enforcement
  • NIST 800-171 3.13.1 — Monitor and protect communications
  • FedRAMP SC-7 — Boundary Protection
  • CMMC 2.0 SC.L2-3.13.1 — Boundary protection
  • FISMA SC-7 — Boundary Protection
  • StateRAMP SC-7 — Boundary Protection
  • CIS v8 13.4 — Network-level access filtering
WARN-004
3 Workers AI public fine-tune(s) detected
Account Scope Developer Platform SOC 2 NIST 800-53
Current State
3 public finetunes
Expected State
Fine-tunes are private unless explicitly intended to be public
Remediation
Review public fine-tunes and restrict visibility if they contain sensitive training data or proprietary behavior
  • PCI DSS 4.0 §8.3.1 — Multi-factor authentication
  • PCI DSS 4.0 §8.6.3 — Token and credential hygiene
  • PCI DSS 4.0 §7.2.1 — Least privilege access
  • SOC 2 CC6.1 — Logical access controls
  • SOC 2 CC6.3 — Role-based access
  • NIST CSF 2.0 PR.AA-01 — Identity management
  • NIST CSF 2.0 PR.AA-03 — Multi-factor authentication
  • NIST 800-53 IA-2 — Identification and Authentication
  • NIST 800-53 AC-6 — Least Privilege
  • NIST 800-171 3.5.3 — Multi-factor authentication
  • FedRAMP IA-2(1) — MFA for privileged accounts
  • HIPAA §164.312(d) — Person or entity authentication
  • CMMC 2.0 IA.L2-3.5.3 — Multi-factor authentication
  • FISMA IA-2 — Identification and Authentication
  • StateRAMP IA-2 — Identification and Authentication
  • CIS v8 6.5 — Require MFA for administrative access
  • HITRUST 01.q — User identification and authentication
💡

Optimization Findings

2 findings — Address within 90 days

OPT-001
No Cloudflare Tunnels configured
Account Scope Zero Trust NIST CSF 2.0 NIST 800-53 FedRAMP +5 more
Current State
0 tunnels
Expected State
Tunnels eliminate origin IP exposure without firewall rules
Remediation
Consider Cloudflare Tunnel (cloudflared) to connect origins without exposing public IPs
  • NIST CSF 2.0 PR.DS-01 — Data protection
  • NIST 800-53 SC-7 — Boundary Protection
  • NIST 800-53 AC-4 — Information Flow Enforcement
  • NIST 800-171 3.13.1 — Monitor and protect communications
  • FedRAMP SC-7 — Boundary Protection
  • CMMC 2.0 SC.L2-3.13.1 — Boundary protection
  • FISMA SC-7 — Boundary Protection
  • StateRAMP SC-7 — Boundary Protection
OPT-002
No Access applications configured
Account Scope Zero Trust NIST CSF 2.0 NIST 800-53 FedRAMP +3 more
Current State
0 access apps
Expected State
Internal applications protected with Access policies
Remediation
Consider protecting internal applications (admin panels, staging sites) with Cloudflare Access
  • NIST CSF 2.0 PR.AA-01 — Identity-aware access
  • NIST 800-53 AC-17 — Remote Access
  • NIST 800-53 IA-2 — Identification and Authentication
  • NIST 800-171 3.1.12 — Remote access sessions
  • FedRAMP AC-17 — Remote Access
  • CMMC 2.0 AC.L2-3.1.12 — Remote access
  • FISMA AC-17 — Remote Access
  • StateRAMP AC-17 — Remote Access

Migration Status

Page Rules Migration

No active Page Rules found. Migration complete.

Legacy Firewall Rules Migration

No legacy Firewall Rules found. Migration complete.

Generated by cf-audit-web v0.1.0 · 2026-03-30 16:34:35 UTC · Cloudflare Technical Account Review