Trust Center

Faros AI management would like to announce that Faros AI has successfully completed our SOC2 Type II audit for the one year period ending in July 2023. The auditors at Prescient Assurance performed the audit and found no exceptions during their review of our controls. The report includes an attestation of Faros AI's GDPR controls. A copy of this report is available via our security portal.

Faros AI has recently achieved certification in ISO 27001, with our most recent certificate available for review in our Trust Center. ISO 27001 demonstrates our commitment to meet and exceed international information security standards. The certificate is available here.

The Faros Infosec team has partnered with Blaze Inforsec to perform the annual pentest for Faros App & API. There were no critical, high, or medium findings. The report is available here.

In order to provide our customers with custom security policies that meet their needs we added the ability for tenant owners to customize the security policies for their tenant account. An owner can now modify settings such as:

• MFA enforcement
• User lockout after X password attempts
• Password history
• Idle session timeout
• Force re-login on session expiry
• Maximum concurrent sessions
• Login restrictions based on IP addresses

The Faros Infosec team has evaluated our exposure to the OpenSSL 3.0 vulnerability (CVE-2022-3786 and CVE-2022-3602). The vulnerability was disclosed on Tuesday, November 1, 2022.

We determined that none of our services were affected by the vulnerability.

The Faros Infosec team added static IPv4 addresses for Faros connectors - 3.221.115.234, 35.169.78.145. This allows customers to restrict incoming traffic by whitelisting these IP addresses in their network. The whitelisting is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access.

The Faros Infosec team implemented a WAF solution for Faros API. WAF provides an extra level of security which can help mitigate many common attacks.

Faros AI management is pleased to announce that Faros has successfully completed our SOC2 Type II audit for the one year period ending in July 2022. The auditors at Sensiba San Filippo, LLP (SSF) performed the audit and found no exceptions during their review of our controls. A copy of this report is available via our security portal.

The Faros Infosec team added static IPv4 addresses for Faros API (prod.api.faros.ai) - 44.206.103.31, 44.208.253.61. This allows customers to restrict outgoing traffic by whitelisting these IP addresses in their network. The whitelisting is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access.

The Faros Infosec team implemented a WAF solution for Faros Application. WAF provides an extra level of security which can help mitigate many common attacks.

The Faros Infosec team has performed our periodic update of all system level packages. All Faros services are running with latest security patches.

The Faros Infosec team has evaluated our exposure to the Spring Framework Java framework remote code execution (RCE) vulnerability (CVE-2022-22965), also known as Spring4Shell. The vulnerability was disclosed on Tuesday, March 29, 2022.

We determined that none of our services were affected by the vulnerability.

The Faros Infosec team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021.

We immediately deployed recommended mitigations and began to roll out permanent remediation. As of December 10, 2021, remediation in our production environments was complete. There has been no member or customer impact.