Compliance at CyberArk

CyberArk is committed to leading compliance and regulatory measures designed to ensure that our business is compliant and your data is safe.

Compliance program

CyberArk has obtained the following accreditations to provide independent assurance that our programs, products and services meet industry standards for security:

ISO 27001

SOC 2 Type 2

These reports help our customers and their auditors understand the controls CyberArk has established to support operations and compliance. CyberArk has achieved SOC 2 Type 2 certifications for many of our SaaS products.

CSA STAR Certification

SOC 3 Reports

A public facing report demonstrating CyberArk has met the AICPA Trust Services Security, Availability, and Confidentiality Criteria.

ISO 27017

ISO 27018

ISO 27018:2019

International standard for managing the security and privacy of Personally Identifiable Information (PII) within a cloud environment. This standard outlines how cloud service providers can assess risk and implement controls protecting PII.

WACG logo

DoDIN logo

DoD Information Network Approved Product List (DoDIN APL)

CyberArk Privileged Access Manager Self-Hosted version 14.0 has been officially listed as a trusted solution for Department of Defense (DoD) customers. CyberArk PAM Self-Hosted version 14.0 can be found on the DoD Information Network Approved Product List (DoDIN APL), meeting specifications for the DoD. For more information, see DoDIN APL.

FedRAMP High Authorization


CyberGRX operates the world’s largest cyber risk exchange with over 250,000 participants. CyberArk participates in the CyberGRX Global Risk Exchange via an annual validated assessment. CyberArk customers can leverage our CyberGRX report to reduce their supplier due-diligence burden. CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment, replacing outdated static spreadsheets as well as the need to repetitively request access to CyberArk’s assessment each year. The latest report can be accessed through CyberGRX’s Exchange Portal.


Supply Chain Compliance

Supply chain security program

CyberArk policies are designed to ensure that engagements with third parties are, where applicable, subject to a review and approval process by CyberArk, continuously monitored, and required to comply with security requirements as a condition of their engagement.

Internal & external audit

CyberArk performs comprehensive security audits in partnership with leading audit firms on an annual basis. Additional risk-based internal audits are performed and reported to the Audit Committee as needed. All outputs are fed into a continuous improvement work plan which helps CyberArk continue sharpen our greater security program.

Internal and External Audit Compliance

>72% of the Top 25 Fortune 500 Companies
Choose CyberArk across all industries













Still have security questions?

Learn more with supporting resources.

CyberArk Technical Support

Technology Support Community

CyberArk Technical Documentation

Additional Documentation