Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Faros' commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.

Please contact security@faros.ai with specific questions or requests.

Compliance

CSA STAR Logo
CSA STAR
SOC 2 Logo
SOC 2
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access
15 Documents
SOC 2 Report
Network Diagram
Other Reports
Pentest Report
CSA STAR
CAIQ
Cyber Insurance
Data Processing Agreement
Master Services Agreement
Service-Level Agreement
Product Architecture

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
BC/DR
Infrastructure Security
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Virtual Private Cloud
See more

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

Security Grades

ImmuniWeb
Web Application
A
Qualys SSL Labs
Web Application
A+
API
A+
Security Headers
Web Application
A
API
B

Trust Center Updates

Custom Security Policies

In order to provide our customers with custom security policies that meet their needs we added the ability for tenant owners to customize the security policies for their tenant account. An owner can now modify settings such as:

  • MFA enforcement
  • User lockout after X password attempts
  • Password history
  • Idle session timeout
  • Force re-login on session expiry
  • Maximum concurrent sessions
  • Login restrictions based on IP addresses
Published at 11/17/2022, 9:06 PM

OpenSSL 3.0.x vulnerability (CVE-2022-3786 and CVE-2022-3602)

The Faros Infosec team has evaluated our exposure to the OpenSSL 3.0 vulnerability (CVE-2022-3786 and CVE-2022-3602). The vulnerability was disclosed on Tuesday, November 1, 2022.

We determined that none of our services were affected by the vulnerability.

Published at 11/02/2022, 5:00 PM*

Static IP addresses for Faros connectors

The Faros Infosec team added static IPv4 addresses for Faros connectors - 3.221.115.234, 35.169.78.145. This allows restricting incoming traffic by whitelisting these IP addresses in customer network. The whitelisting is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access.

Published at 10/12/2022, 6:33 PM

WAF implemented for Faros API

The Faros Infosec team implemented a WAF solution for Faros API. WAF provides an extra level of security which can help mitigate many common attacks.

Published at 09/08/2022, 1:41 AM

SOC 2 Type II audit completion

Faros AI management is pleased to announce that Faros has successfully completed our SOC2 Type II audit for the one year period ending in July 2022. The auditors at Sensiba San Filippo, LLP (SSF) performed the audit and found no exceptions during their review of our controls. A copy of this report is available via our security portal.

Published at 08/17/2022, 6:21 PM

Static IP addresses for Faros API

The Faros Infosec team added static IPv4 addresses for Faros API (prod.api.faros.ai) - 44.206.103.31, 44.208.253.61. This allows restricting outgoing traffic by whitelisting these IP addresses in customer network. The whitelisting is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access.

Published at 08/14/2022, 5:15 AM

WAF implemented for Faros Application

The Faros Infosec team implemented a WAF solution for Faros Application. WAF provides an extra level of security which can help mitigate many common attacks.

Published at 06/25/2022, 6:12 AM

Latest security patches applied

The Faros Infosec team has performed our periodic update of all system level packages. All Faros services are running with latest security patches.

Published at 05/24/2022, 10:28 PM

Spring4Shell (CVE-2022-22965)

The Faros Infosec team has evaluated our exposure to the Spring Framework Java framework remote code execution (RCE) vulnerability (CVE-2022-22965), also known as Spring4Shell. The vulnerability was disclosed on Tuesday, March 29, 2022.

We determined that none of our services were affected by the vulnerability.

Published at 05/03/2022, 4:50 AM

Log4Shell (CVE-2021-44228)

The Faros Infosec team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021.

We immediately deployed recommended mitigations and began to roll out permanent remediation. As of December 10, 2021, remediation in our production environments was complete. There has been no member or customer impact.

Published at 05/03/2022, 4:36 AM

If you think you may have discovered a vulnerability, please send us a note.