Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Faros' commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.

Please contact security@faros.ai with specific questions or requests.

Compliance

CSA STAR Logo
CSA STAR
SOC 2 Logo
SOC 2
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Documents

All
Public
Private
10 Documents
Network Diagram
Other Reports
Pentest Report
SOC 2 Report
CSA STAR
Cyber Insurance
Master Services Agreement
Service-Level Agreement

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Code Analysis
Software Development Lifecycle
See more

Legal

Cyber Insurance
Master Services Agreement
Privacy Policy
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
BC/DR
Infrastructure Security
See more

Network Security

Firewall
Virtual Private Cloud
Zero Trust

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
See more

Security Grades

Qualys SSL Labs
Web Application
A+
API
A+

Trust Center Updates

Spring4Shell (CVE-2022-22965)

Published at 05/03/2022, 4:50 AM

The Faros Infosec team has evaluated our exposure to the Spring Framework Java framework remote code execution (RCE) vulnerability (CVE-2022-22965), also known as Spring4Shell. The vulnerability was disclosed on Tuesday, March 29, 2022.

We determined that none of our services were affected by the vulnerability.

Log4Shell (CVE-2021-44228)

Published at 05/03/2022, 4:36 AM

The Faros Infosec team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021.

We immediately deployed recommended mitigations and began to roll out permanent remediation. As of December 10, 2021, remediation in our production environments was complete. There has been no member or customer impact.

If you think you may have discovered a vulnerability, please send us a note.

Report Issue