CyberArk achieves SOC 2 Type 2 and SOC 3 certifications

CyberArk recently announced the successful completion of its Service Organization Control (SOC) 2 Type 2 and SOC 3 certifications, reinforcing the highest level of security controls for an Identity Security platform. CyberArk successfully achieved SOC 3 compliance while expanding SOC 2 compliance to include CyberArk Secure Web Sessions.

The CyberArk Identity Security Platform applies intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity lifecycle. With CyberArk, organizations can enable Zero Trust and least privilege with complete visibility, ensuring that every identity can securely access any resource, located anywhere, from everywhere.

With the completed examination, the following CyberArk Identity Security Platform offerings have achieved required compliance certification:

  • CyberArk Secure Web Sessions, the newest CyberArk offering to achieve SOC 2 compliance, provides visibility into every action users take within web applications.
  • CyberArk Workforce Identity unifies single sign-on, multi-factor authentication, session security and credential management with lifecycle management, identity orchestration and identity governance solutions in a single offering to provide simple and secure access to corporate resources.
  • CyberArk Endpoint Privilege Manager removes local admin rights, enforces least privilege and implements foundational endpoint security controls across all operating systems from hybrid to cloud environments.
  • CyberArk Privilege Cloud protects privileged access across all identities, infrastructures and apps from endpoint to the cloud.
  • CyberArk Remote Access secures third-party access to critical internal resources with full session isolation, monitoring and auditing capabilities without the need for VPNs, passwords or agents.
  • CyberArk Cloud Entitlements Manager removes excessive permissions across the cloud footprint.

“At CyberArk, we continually invest in our products to ensure we’re providing customers with the highest levels of security and compliance,” said Peretz Regev, chief product officer, CyberArk. “We believe in the Zero Trust motto ‘never trust, always verify,’ which is why we consistently and carefully evaluate our tools, year after year. Our aim is to verify what our customers already know – that our Identity Security platform delivers the world’s most advanced approach to securing all identities, anywhere.”

SOC Reports are standardized reports based on the Trust Services Principles established by the American Institute of CPAs (AICPA). SOC 2 Type 2 certification demonstrates that an independent auditing firm has reviewed, tested and examined CyberArk production services controls to ensure their operation is aligned with expected security standards. A SOC 3 report is a general use report of the SOC 2 reports that cover how CyberArk safeguards customer data and how well those controls operate.

The SOC 2 and SOC 3 examinations were conducted by A-LIGN ASSURANCE (“A-LIGN”), an independent auditing firm, in accordance with the American Institute of Certified Public Accountants (AICPA).