SentinelOne
Security Statement
In addition to creating the world’s most advanced endpoint protection solutions, SentinelOne is dedicated to protecting all data that we process on behalf of customers through their use of the Solutions in accordance with industry standards and best practices.
We recognize that our customers’ information must be well managed, controlled, and protected. As a result, we have a dedicated security team to oversee SentinelOne’s internal information security program, which encompasses the following: high-quality network security, application security, identity and access controls, change management, vulnerability management and third-party pentesting, log/event management, vendor risk management, physical security, endpoint security, governance, risk, and compliance, people/HR security, disaster recovery, and a host of additional controls.
To ensure Sentinelone maintains the highest possible standard of information security, SentinelOne has procured external auditing services of a reputable third-party auditor and audits information security practices annually under the SSAE 18 SOC 2 audit. SentinelOne has also achieved the coveted FedRAMP® moderate designation from the Federal Risk and Authorization Management Program. This certification empowers U.S. federal government customers to leverage the most innovative endpoint security solution from the fastest-growing cybersecurity company in the market. With the FedRAMP designation, SentinelOne reinforces its position as a trusted national security partner enabling the federal government to be more efficient and secure. More information about SentinelOne and FedRAMP is available at the FedRAMP marketplace.
Finally, we ask our customers to ensure solution administrators establish sound security practices when maintaining solution access credentials, including the implementation of strong account passwords and access restrictions to authorized personnel. If customers become aware of a compromise to any account credentials, please notify SentinelOne immediately by contacting our Support Team.
SentinelOne’s Compliance
FedRAMP Certification
FedRAMP is the government’s most rigorous security compliance framework, with a standard security baselines and processes to provide both an initial authorization of a cloud service and a mechanism for that security package to be reused across the federal government. SentinelOne’s flagship Singularity Platform combines autonomous endpoint protection (EPP), endpoint detection and response (EDR), IoT security, and cloud workload protection (CWPP) into a centralized platform, providing federal agencies with complete protection and visibility across their entire network. With the FedRAMP designation, the SentinelOne team is primed to work with government agencies, helping mitigate cyber risk on federal, state, and local levels.
SOC 2 Type 2 Examination
SentinelOne has been independently audited against SOC 2 Security, Availability, and Confidentiality Trust Services Criteria (TSC) by Schellman & Company. This examination affirms SentinelOne’s commitment to and maintenance of the highest levels of information security, availability, and confidentiality of our internal infrastructure, controls, and care to customer data.
SOC 2 is an industry standard examination that was developed and maintained by the American Institute of Certified Public Accountants (AICPA).
SentinelOne’s customers can submit a request for SOC 2 report through our support or your assigned technical account manager.
Australia IRAP
The SentinelOne Singularity XDR Platform has been assessed by an independent IRAP against the ‘Protected’ level controls under the independent Information Security Registered Assessors Program (IRAP).
Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative that provides high-quality information and communications technology (ICT) security assessment services to government and industry.
IRAP provides a framework for assessing the implementation and effectiveness of an organization’s security controls against the Australian government’s security requirements, as outlined in the Information Manual (ISM) and Protective Security Policy Framework (PSPF).
How SentinelOne Can Help Your Organization’s Compliance Needs
PCI Compliance Whitepaper
The SentinelOne malware Solution can help your organization with various PCI DSS requirements, including Number 5, which requires that organizations use and regularly update anti-virus software or programs on all systems commonly affected by malicious software.
For more information about how SentinelOne can help your organization’s PCI compliance, read the Tevora PCI Whitepaper.
Criminal Justice Information Services (CJIS)
The CJIS Security Policy provides Criminal Justice Agencies and Noncriminal Justice Agencies with a minimum set of security requirements for access to FBI Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information.
Please contact your sales representative to discuss how SentinelOne can support your CJIS efforts or read SentinelOne’s CJIS statement.