> ## Documentation Index
> Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance - Overview

> Learn how Aptible enables dev teams to meet regulatory compliance requirements (HIPAA, HITRUST, SOC 2, PCI) and pass security audits

# Overview

[Our story](/getting-started/introduction#our-story) began with a strong focus on security and compliance, making us the leading Platform as a Service (PaaS) for security and compliance.

We provide developer-friendly infrastructure guardrails and solutions to help our customers navigate security audits and achieve compliance. This includes:

* **Security best practices, out-of-the-box**: When you provision a [dedicated stack](/core-concepts/architecture/stacks), you automatically unlock a [suite of security features](https://www.aptible.com/secured-by-aptible), including encryption, [DDoS protection](/core-concepts/security-compliance/ddos-pid-limits), host hardening, [intrusion detection](/core-concepts/security-compliance/hids), and [vulnerability scanning](/core-concepts/security-compliance/security-scans) — alleviating the need to worry about security best practices.
* **Security and Compliance Dashboard**: The [Security & Compliance Dashboard](/core-concepts/security-compliance/security-compliance-dashboard/overview) provides a unified view of the implemented security controls —  track progress, achieve compliance, and easily generate summarized reports.
* **Access control**: Secure access to your resources is ensured with [granular user permission](/core-concepts/security-compliance/access-permissions) controls, [Multi-Factor Authentication (MFA)](/core-concepts/security-compliance/authentication/password-authentication#2-factor-authentication-2fa), and [Single Sign-On (SSO)](/core-concepts/security-compliance/authentication/sso) support.
* **Compliance made easy**: We provide HIPAA Business Associate Agreements (BAAs), HITRUST Inheritance, and streamlined SOC 2 compliance solutions — CISO-approved.

# Learn more about security functionality

<CardGroup cols={3}>
  <Card title=" Authentication" icon="book" iconType="duotone" href="https://www.aptible.com/docs/authenticating-with-aptible">
    Learn about password authentication, SCIM, SSH keys, and Single Sign-On (SSO)
  </Card>

  <Card title="Roles & Permissions" icon="book" iconType="duotone" href="https://www.aptible.com/docs/access-permissions">
    Learn to managr roles & permissions
  </Card>

  <Card title="Security & Compliance Dashboard" icon="book" iconType="duotone" href="https://www.aptible.com/docs/intro-compliance-dashboard">
    Learn to review, manage, and showcase your security & compliance controls
  </Card>

  <Card title="Security Scans" icon="book" iconType="duotone" href="https://www.aptible.com/docs/security-scans">
    Learn about Aptible's Docker Image security scans
  </Card>

  <Card title="DDoS Protection" icon="book" iconType="duotone" href="https://www.aptible.com/docs/pid-limits">
    Learn about Aptible's DDoS Protection
  </Card>

  <Card title="Managed Host Intrusion Detection (HIDS)" icon="book" iconType="duotone" href="https://www.aptible.com/docs/hids">
    Learn about Aptible's methodoloy and process for intrusion detection
  </Card>
</CardGroup>

# FAQ

<AccordionGroup>
  <Accordion title="How do I achieve HIPAA compliance with Aptible?">
    ## Read the guide

    <Card title="How to achieve HIPAA compliance" icon="book-open-reader" iconType="duotone" href="https://www.aptible.com/docs/achieve-hipaa" />
  </Accordion>

  <Accordion title="How do I achieve HITRUST compliance with Aptible?">
    ## Read the guide

    <Card title="How to navigate HITRUST Certification" icon="book-open-reader" iconType="duotone" href="https://www.aptible.com/docs/requesting-hitrust-inheritance" />
  </Accordion>

  <Accordion title="How should I navigate security questionnaires and audits?">
    ## Read the guide

    <Card title="How to navigate security questionnaires and audits" icon="book-open-reader" iconType="duotone" href="https://www.aptible.com/docs/security-questionnaires" />
  </Accordion>

  <Accordion title="Does Aptible provide anti-virus/anti-malware/anti-spyware software?">
    Aptible does not currently run antivirus on our platform; this is because the Aptible infrastructure does not run email clients or web browsers, which are by far the most common vector for virus infection. We do however run Host Intrusion Detection Software (HIDS 12) which scans for malware on container hosts. Additionally, our security program does mandate that we run antivirus on Aptible employee workstations and laptops.
  </Accordion>

  <Accordion title="How do I access Security & Compliance documentation Aptible makes available?">
    Aptible is happy to provide you with copies of our audit reports and certifications, but we do require that the intended consumer of the reports have an NDA in place directly with Aptible. To this end, we use a product called [Conveyor](https://www.conveyor.com/customer-trust-management/rooms) to deliver this confidential security documentation.  You can utilize our Conveyor Room to e-sign our mutual NDA, and access the following documents directly at trust.aptible.com:

    * HITRUST Engagement Letter
    * HITRUST CSF Letter of Certification
    * HITRUST NIST CSF Assessment
    * HITRUST CSF Validated Assessment Report
    * SOC 2 Type 2 Report
    * SOC 2 Continued Operations Letter
    * Penetration Test Summary

    Please request access to and view these audit reports and certifications [here](https://trust.aptible.com/)
  </Accordion>
</AccordionGroup>