Back to Trust Center

Compliance at CyberArk

CyberArk is committed to leading compliance and regulatory measures designed to ensure that our business is compliant and your data is safe.

Compliance program

CyberArk has obtained the following accreditations to provide independent assurance that our programs, products and services meet industry standards for security:

ISO 27001

ISO 27001

International standard for managing information security. ISO details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

SOC 2 Type 2

These reports help our customers and their auditors understand the controls CyberArk has established to support operations and compliance. CyberArk has achieved SOC 2 Type 2 certifications for many of our SaaS products.

CSA STAR Certification

CSA STAR Certification

Founded in 2013 by the Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.

SOC 3 Reports

A public facing report demonstrating CyberArk has met the AICPA Trust Services Security, Availability, and Confidentiality Criteria.

View Reports

ISO 27017

ISO 27017:2015

International standard for managing information security for cloud services, supplementing guidance from the ISO 27001 standard with specific guidelines for security controls in a cloud environment.

ISO 27018

ISO 27018:2019

International standard for managing the security and privacy of Personally Identifiable Information (PII) within a cloud environment. This standard outlines how cloud service providers can assess risk and implement controls protecting PII.

WACG logo

WCAG 2.1 compliance

CyberArk is committed to following Web Content Accessibility Guidelines (WCAG) standards to ensure our products are accessible to all users. Our continuous efforts to uphold WCAG compliance demonstrate our dedication to inclusivity and ensuring equal access to information and services for everyone. For more information, please visit our PAM Self-Hosted documentation.

DoDIN logo

DoD Information Network Approved Product List (DoDIN APL)

CyberArk Privileged Access Manager Self-Hosted version 14.2 has been officially listed as a trusted solution for Department of Defense (DoD) customers. CyberArk PAM Self-Hosted version 14.2 can be found on the DoD Information Network Approved Product List (DoDIN APL), meeting specifications for the DoD. For more information, see DoDIN APL.

common criteria

PAM Self-Hosted Receives Common Criteria NSCIB Scheme Certification

CyberArk PAM SH main modules, Vault, PSM, , PSMP, CPM and PVWA were certified for the leading security standard for Self hosted solutions, Common Criteria.

The certification was done based on the tested operating systems, split into 3 packages: the Vault, the Win based components (PVWA, PSM, CPM) and the Linux based PSMP.

We are listed on the Trust CB site: https://trustcb.com/common-criteria/nscib/nscib-certificates/

FedRAMP High Authorization

FedRAMP High Authorization

CyberArk’s leading SaaS offerings, CyberArk Endpoint Privilege Manager and CyberArk Workforce Identity, achieve FedRAMP High Authorization, enhancing security for federal agencies in line with Zero Trust principles.

FIDO logo

FIDO2 Certification

CyberArk Workforce Identity has achieved FIDO2 certification by the FIDO Alliance. CyberArk continues to advance its offering to eliminate password-based authentication vulnerabilities and meet industry standards for secure, phishing-resistant sign-ins and device attestation. Through open standards and passkeys, FIDO offers stronger, more secure alternatives to passwords and SMS OTPs, significantly reducing the risk of credential theft.

CyberGRX

CyberGRX operates the world’s largest cyber risk exchange with over 250,000 participants. CyberArk participates in the CyberGRX Global Risk Exchange via an annual validated assessment. CyberArk customers can leverage our CyberGRX report to reduce their supplier due-diligence burden. CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment, replacing outdated static spreadsheets as well as the need to repetitively request access to CyberArk’s assessment each year. The latest report can be accessed through CyberGRX’s Exchange Portal.

Cybergrx

Supply Chain Compliance

Supply chain security program

CyberArk policies are designed to ensure that engagements with third parties are, where applicable, subject to a review and approval process by CyberArk, continuously monitored, and required to comply with security requirements as a condition of their engagement.

Sub-Processors

Internal & external audit

CyberArk performs comprehensive security audits in partnership with leading audit firms on an annual basis. Additional risk-based internal audits are performed and reported to the Audit Committee as needed. All outputs are fed into a continuous improvement work plan which helps CyberArk continue sharpen our greater security program.

Internal and External Audit Compliance

>72% of the Top 25 Fortune 500 Companies
Choose CyberArk across all industries

Insurance

80%

Financial

92%

Pharmaceutical

72%

Energy

84%

Manufacturing

84%

Telecom

80%

Still have security questions?

Learn more with supporting resources.

CyberArk Technical Support

Technology Support Community

Technology Support

CyberArk Technical Documentation

Additional Documentation

CyberArk Docs

SOC 3 reports

CyberArk Secure Web Sessions SOC 3 Report

CyberArk Identity SOC 3 Report

CyberArk Endpoint Privilege Manager SOC 3 Report

CyberArk Cloud Security SOC 3 Report

CyberArk Privilege Cloud SOC 3 Report

CyberArk Remote Access SOC 3 Report

CyberArk Conjur Cloud SOC 3 Report

CyberArk Dynamic Privilege Access SOC 3 Report

Copyright © 2024 CyberArk Software Ltd.
All rights reserved.