Trust Center

Overview

StrongDM's Security & Compliance Programs are rooted in providing our Customers with the most secure infrastructure access platform on the market. If you have further questions beyond the information provided here, please reach out to your sales representative, or your Customer Success Manager at csm-team@strongdm.com. If you're interested in the StrongDM Platform, and how it can solve your Infrastructure Access problems, please reach out to sales@strongdm.com

Compliance

SOC 2

StrongDM is reviewed and trusted by

ASICS

Benevity

Better

Bloom Credit

Braze

Chime

Clearcover

ClickUp

Coveo

Olive

SailPoint

SentinelOne

Sequoia Capital

SoFi

StackAdapt

Yext

Zefr

Documents

All

Public

Private

Disaster Recovery Report

Network Diagram

Pentest Report

SOC 2 Report

CAIQ Lite

SIG Lite

VSA Core

Cyber Insurance

Data Processing Agreement

Access Control Policy

Information Security Policy

Other Policies

Risk Management Policy

BC/DR

Risk Profile

Data Access LevelRestricted

Impact LevelSubstantial

Recovery Time Objective12 hours

Product Security

Audit Logging

Data Security

Integrations

Reports

Disaster Recovery Report

Network Diagram

Pentest Report

Self-Assessments

CAIQ

CAIQ Lite

SIG Lite

Data Security

Access Monitoring

Backups Enabled

Encryption-at-rest

App Security

Responsible Disclosure

Code Analysis

Credential Management

Legal

Platform Subservice Providers

Cyber Insurance

Data Processing Agreement

Access Control

Data Access

Logging

Password Security

Infrastructure

Status Monitoring

Amazon Web Services

Anti-DDoS

Endpoint Security

Disk Encryption

Endpoint Detection & Response

Mobile Device Management

Network Security

Firewall

IDS/IPS

Security Information and Event Management

Corporate Security

Email Protection

Employee Training

HR Security

Policies

Access Control Policy

Information Security Policy

Other Policies

Security Grades

SecurityScorecard

strongdm.com

Qualys SSL Labs

StrongDM Platform AdminUI

A+

StrongDM Platform API

A+

Security Headers

StrongDM Platform AdminUI

Trust Center Updates

StrongDM Not Impacted by the MOVEit Vulnerability

VulnerabilitiesCopy link

We recently became aware of a vulnerability within the file transfer software product, MOVEit. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers and potential customers to know that StrongDM is not impacted by this vulnerability.

We do not use MOVEit within our product or business functions, in any capacity. We are also not aware of any usage of MOVEit software amongst our contracted third parties currently.

Published at N/A

Security Portal Updates

ComplianceCopy link

2022 Penetration Test Report Now Available

We are happy to announce the successful completion of a comprehensive penetration test of StrongDM's Platform AdminUI and API (also known as the "Control Plane").

In 2022, StrongDM engaged Cobalt Labs to conduct a gray-box penetration test and we are proud to present the results of this test in the 2022 Control Plane Penetration Test Combined Report.

Published at N/A

Newsworthy Vulnerability Updates

GeneralCopy link

The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6).

The two CVE's are listed below:

CVE-2022-3602
- NIST NVD
- MITRE CVE List
CVE-2022-3786
- NIST NVD
- MITRE CVE List

Response
StrongDM's Trust teams have enumerated the services that could be affected by these vulnerabilities, and no vulnerable versions of the OpenSSL software were found.

Published at N/A*

If you think you may have discovered a vulnerability, please send us a note.

Report Issue