Security & Compliance - Overview
Learn how Aptible enables dev teams to meet regulatory compliance requirements (HIPAA, HITRUST, SOC 2, PCI) and pass security audits
Overview
Our story began with a strong focus on security and compliance, making us the leading Platform as a Service (PaaS) for security and compliance.
We provide developer-friendly infrastructure guardrails and solutions to help our customers navigate security audits and achieve compliance. This includes:
- Security best practices, out-of-the-box: When you provision a dedicated stack, you automatically unlock a suite of security features, including encryption, DDoS protection, host hardening, intrusion detection, and vulnerability scanning — alleviating the need to worry about security best practices.
- Security and Compliance Dashboard: The Security & Compliance Dashboard provides a unified view of the implemented security controls — track progress, achieve compliance, and easily generate summarized reports.
- Access control: Secure access to your resources is ensured with granular user permission controls, Multi-Factor Authentication (MFA), and Single Sign-On (SSO) support.
- Compliance made easy: We provide HIPAA Business Associate Agreements (BAAs), HITRUST Inheritance, and streamlined SOC 2 compliance solutions — CISO-approved.
Learn more about security functionality
Authentication
Learn about password authentication, SCIM, SSH keys, and Single Sign-On (SSO)
Roles & Permissions
Learn to managr roles & permissions
Security & Compliance Dashboard
Learn to review, manage, and showcase your security & compliance controls
Security Scans
Learn about Aptible’s Docker Image security scans
DDoS Protection
Learn about Aptible’s DDoS Protection
Managed Host Intrusion Detection (HIDS)
Learn about Aptible’s methodoloy and process for intrusion detection
FAQ
How do I achieve HIPAA compliance with Aptible?
How do I achieve HIPAA compliance with Aptible?
Read the guide
How to achieve HIPAA compliance
How do I achieve HITRUST compliance with Aptible?
How do I achieve HITRUST compliance with Aptible?
Read the guide
How to navigate HITRUST Certification
How should I navigate security questionnaires and audits?
How should I navigate security questionnaires and audits?
Does Aptible provide anti-virus/anti-malware/anti-spyware software?
Does Aptible provide anti-virus/anti-malware/anti-spyware software?
Aptible does not currently run antivirus on our platform; this is because the Aptible infrastructure does not run email clients or web browsers, which are by far the most common vector for virus infection. We do however run Host Intrusion Detection Software (HIDS 12) which scans for malware on container hosts. Additionally, our security program does mandate that we run antivirus on Aptible employee workstations and laptops.
How do I access Security & Compliance documentation Aptible makes available?
How do I access Security & Compliance documentation Aptible makes available?
Aptible is happy to provide you with copies of our audit reports and certifications, but we do require that the intended consumer of the reports have an NDA in place directly with Aptible. To this end, we use a product called Conveyor to deliver this confidential security documentation. You can utilize our Conveyor Room to e-sign our mutual NDA, and access the following documents directly at trust.aptible.com:
- HITRUST Engagement Letter
- HITRUST CSF Letter of Certification
- HITRUST NIST CSF Assessment
- HITRUST CSF Validated Assessment Report
- SOC 2 Type 2 Report
- SOC 2 Continued Operations Letter
- Penetration Test Summary
Please request access to and view these audit reports and certifications here