This document is a checklist designed to assist organizations in evaluating their identity security posture in preparation for potential cyber attacks. It outlines a series of 14 questions categorized into three sections: pre-attack, during attack, and post-attack. The pre-attack section emphasizes proactive posture management, focusing on the continuous validation of identity security for both human and non-human identities, the enforcement of least privilege, and the identification of stale accounts. The during attack section addresses the need for continuous threat detection and response, highlighting the importance of phishing-resistant authentication and real-time monitoring of user behavior. Lastly, the post-attack section discusses strategies for strengthening identity resilience, including tools for incident observability and compliance assurance. The checklist serves as a component of a broader security program, aimed at enhancing an organization's defense capabilities against identity-based threats.