Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items

Overview

StrongDM's Security & Compliance Programs are rooted in providing our Customers with the most secure infrastructure access platform on the market. If you have further questions beyond the information provided here, please reach out to your sales representative, or your Customer Success Manager at csm-team@strongdm.com. If you're interested in the StrongDM Platform, and how it can solve your Infrastructure Access problems, please reach out to sales@strongdm.com

Compliance

SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information

StrongDM is reviewed and trusted by

ASICS-company-logoASICS
Benevity-company-logoBenevity
Better-company-logoBetter
Bloom Credit-company-logoBloom Credit
Braze-company-logoBraze
Chime-company-logoChime
Clearcover-company-logoClearcover
ClickUp-company-logoClickUp
Coveo-company-logoCoveo
Olive-company-logoOlive
SailPoint-company-logoSailPoint
SentinelOne-company-logoSentinelOne
Sequoia Capital-company-logoSequoia Capital
SoFi-company-logoSoFi
StackAdapt-company-logoStackAdapt
Yext-company-logoYext
Zefr-company-logoZefr
Disaster Recovery Report
Network Diagram
Pentest Report
SOC 2 Report
CAIQ Lite
SIG Lite
VSA Core
Cyber Insurance
Data Processing Agreement
BC/DR
Access Control Policy
Incident Management Framework
Information Security Policy
Other Policies
Risk Management Policy

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Recovery Time Objective12 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Disaster Recovery Report
Network Diagram
Pentest Report
View more

Self-Assessments

CAIQ
CAIQ Lite
SIG Lite
View more

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
View more

App Security

Code Analysis
Credential Management
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Security Information and Event Management
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policies

Access Control Policy
Incident Management Framework
Information Security Policy
View more

Security Grades

SecurityScorecard
strongdm.com
Security Scorecard A grade
Qualys SSL Labs
StrongDM Platform AdminUI
A+
StrongDM Platform API
A+
Security Headers
StrongDM Platform AdminUI
A

Trust Center Updates

StrongDM Not Impacted by the MOVEit Vulnerability

VulnerabilitiesCopy link

We recently became aware of a vulnerability within the file transfer software product, MOVEit. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers and potential customers to know that StrongDM is not impacted by this vulnerability.

We do not use MOVEit within our product or business functions, in any capacity. We are also not aware of any usage of MOVEit software amongst our contracted third parties currently.

Published at N/A

Trust Center Updates

ComplianceCopy link

2022 Penetration Test Report Now Available

We are happy to announce the successful completion of a comprehensive penetration test of StrongDM's Platform AdminUI and API (also known as the "Control Plane").

In 2022, StrongDM engaged Cobalt Labs to conduct a gray-box penetration test and we are proud to present the results of this test in the 2022 Control Plane Penetration Test Combined Report.

Published at N/A*

Newsworthy Vulnerability Updates

VulnerabilitiesCopy link

The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6).

The two CVE's are listed below:

Response
StrongDM's Trust teams have enumerated the services that could be affected by these vulnerabilities, and no vulnerable versions of the OpenSSL software were found.

Published at N/A*

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo