Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Silverfort = Security

Silverfort was founded on secure practices and takes your company's data security extremely seriously. As such, we have developed this online diligence package with SafeBase.io to make it easy for our clients to assess the risks and effectiveness of our controls related to the Confidentiality, Integrity, and Availability controls of our products and services. We are happy to address any questions not answered here during the diligence process.

Our security self-assessments use the 2023 SIG-LITE and CIAQ v4. In addition, we have a self-assessment available here that is based on SIG and contains additional common privacy questions related to GDPR compliance for our European customers.

Silverfort was architected with security in mind to ensure the product secures the customer's environment with no added risk. The core of Silverfort’s platform can be delivered on-prem as a hardened virtual appliance. Silverfort integrates with AD by installing an AD adapter. The AD adapter is minimal in its design and well-tested to reduce the attack surface as much as possible.

Most importantly, Silverfort doesn’t extract passwords, hashes, session keys or any other secret from AD. So even in the unlikely event that the virtual appliance is compromised, the AD secrets remain secure. Security is an important consideration in the design of every feature in Silverfort. Among other controls, all code is peer reviewed, and the product undergoes periodic external testing. The product is considered a Microsoft-preferred solution and received the Microsoft Intelligent Security Association Zero Trust Champion award.

Silverfort benchmarks its cybersecurity program against the following standards, controls, and frameworks: ISO27xxx, ITIL NIST Cybersecurity Framework, SANS Top20 CSC & SANS Common Weakness Enumeration (CWE) 25, the COSO Enterprise Risk Framework, OWASP including OWASP Top 10, and AICPA SOC2 Type 2 Trust Services Criteria for Security, Confidentiality, Availability, Privacy, and Integrity Controls.

Compliance

CCPA Logo
CCPA
CPRA Logo
CPRA
EU-US DPF Logo
EU-US DPF
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
Microsoft SSPA Logo
Microsoft SSPA
NIST CSF Logo
NIST CSF
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information

Silverfort is trusted by hundreds of organizations worldwide, including

BlueSnap-company-logoBlueSnap
Payoneer-company-logoPayoneer
KAYAK-company-logoKAYAK
UPS-company-logoUPS
agoda-company-logoagoda
General Motors-company-logoGeneral Motors

Documents

Architecture Diagrams
Pentest Report
Security Whitepaper
ISO 27001
SOC 2
CAIQ
Other Self-Assessments
SIG Lite
Open Source Components
Vulnerability & Patch Management
Cyber Insurance
Sub-Processors / Hosting Locations
Data Processed
BC/DR
Incident Response Procedures
Information Security Policy

Risk Profile

Data Access LevelInternal
Impact LevelSubstantial
Recovery Time ObjectiveImmediate
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Architecture Diagrams
Pentest Report
Security Whitepaper

Self-Assessments

CAIQ
Other Self-Assessments
SIG Lite

Data Security

Backups Enabled
Data Erasure
Encryption-at-rest
View more

App Security

Code Analysis
Credential Management
Open Source Components
View more

ESG

Anti-Bribery and Corruption
Code of Ethics
Diversity, Equity, and Inclusion
View more

Data Privacy

Cookies Policy
Data Breach Notifications
Data Processed
View more

Access Control

Data Access
Password Security

Infrastructure

Status Monitoring
Anti-DDoS
Azure
View more

Endpoint Security

Antivirus Protection
Disk Encryption
Mobile Device Management
View more

Network Security

Firewall
Intrusion Detection
Spoofing Protection
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Business Continuity-Disaster Recovery Plan
View more

Security Grades

SecurityScorecard
silverfort.com
Security Scorecard A grade
ImmuniWeb
silverfort.com
A
Qualys SSL Labs
silverfort.com
A
View more

Trust Center Updates

CVE-2024-3094

VulnerabilitiesCopy link

Related to https://nvd.nist.gov/vuln/detail/CVE-2024-3094, where a vulnerability allowed malicious code to be inserted into the upstream xz tarballs via a modified liblzma, Silverfort has confirmed that neither our on-premises deployment nor our SaaS application and messaging services are affected by this vulnerability. Please feel free to contact us as security@silverfort.com if any other questions.

Published at N/A

If you need help using this Trust Center, please contact us.

Powered bySafeBase Logo