> ## Documentation Index
> Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance - Overview

> Learn how Aptible enables dev teams to meet regulatory compliance requirements (HIPAA, HITRUST, SOC 2, PCI) and pass security audits

# Overview

[Our story](/getting-started/introduction#our-story) began with a strong focus on security and compliance, making us the leading Platform as a Service (PaaS) for security and compliance.

We provide developer-friendly infrastructure guardrails and solutions to help our customers navigate security audits and achieve compliance. This includes:

* **Security best practices, out-of-the-box**: When you provision a [dedicated stack](/core-concepts/architecture/stacks), you automatically unlock a [suite of security features](https://www.aptible.com/secured-by-aptible), including encryption, [DDoS protection](/core-concepts/security-compliance/ddos-pid-limits), host hardening, [intrusion detection](/core-concepts/security-compliance/hids), and [vulnerability scanning](/core-concepts/security-compliance/security-scans) — alleviating the need to worry about security best practices.
* **Security and Compliance Dashboard**: The [Security & Compliance Dashboard](/core-concepts/security-compliance/security-compliance-dashboard/overview) provides a unified view of the implemented security controls —  track progress, achieve compliance, and easily generate summarized reports.
* **Access control**: Secure access to your resources is ensured with [granular user permission](/core-concepts/security-compliance/access-permissions) controls, [Multi-Factor Authentication (MFA)](/core-concepts/security-compliance/authentication/password-authentication#2-factor-authentication-2fa), and [Single Sign-On (SSO)](/core-concepts/security-compliance/authentication/sso) support.
* **Compliance made easy**: We provide HIPAA Business Associate Agreements (BAAs), HITRUST Inheritance, and streamlined SOC 2 compliance solutions — CISO-approved.

# Learn more about security functionality

<CardGroup cols={3}>
  <Card title=" Authentication" icon="book" iconType="duotone" href="https://www.aptible.com/docs/authenticating-with-aptible">
    Learn about password authentication, SCIM, SSH keys, and Single Sign-On (SSO)
  </Card>

  <Card title="Roles & Permissions" icon="book" iconType="duotone" href="https://www.aptible.com/docs/access-permissions">
    Learn to managr roles & permissions
  </Card>

  <Card title="Security & Compliance Dashboard" icon="book" iconType="duotone" href="https://www.aptible.com/docs/intro-compliance-dashboard">
    Learn to review, manage, and showcase your security & compliance controls
  </Card>

  <Card title="Security Scans" icon="book" iconType="duotone" href="https://www.aptible.com/docs/security-scans">
    Learn about Aptible's Docker Image security scans
  </Card>

  <Card title="DDoS Protection" icon="book" iconType="duotone" href="https://www.aptible.com/docs/pid-limits">
    Learn about Aptible's DDoS Protection
  </Card>

  <Card title="Managed Host Intrusion Detection (HIDS)" icon="book" iconType="duotone" href="https://www.aptible.com/docs/hids">
    Learn about Aptible's methodoloy and process for intrusion detection
  </Card>
</CardGroup>

# FAQ

<AccordionGroup>
  <Accordion title="How do I achieve HIPAA compliance with Aptible?">
    ## Read the guide

    <Card title="How to achieve HIPAA compliance" icon="book-open-reader" iconType="duotone" href="https://www.aptible.com/docs/achieve-hipaa" />
  </Accordion>

  <Accordion title="How do I achieve HITRUST compliance with Aptible?">
    ## Read the guide

    <Card title="How to navigate HITRUST Certification" icon="book-open-reader" iconType="duotone" href="https://www.aptible.com/docs/requesting-hitrust-inheritance" />
  </Accordion>

  <Accordion title="How should I navigate security questionnaires and audits?">
    ## Read the guide

    <Card title="How to navigate security questionnaires and audits" icon="book-open-reader" iconType="duotone" href="https://www.aptible.com/docs/security-questionnaires" />
  </Accordion>

  <Accordion title="Does Aptible provide anti-virus/anti-malware/anti-spyware software?">
    Aptible does not currently run antivirus on our platform; this is because the Aptible infrastructure does not run email clients or web browsers, which are by far the most common vector for virus infection. We do however run Host Intrusion Detection Software (HIDS 12) which scans for malware on container hosts. Additionally, our security program does mandate that we run antivirus on Aptible employee workstations and laptops.
  </Accordion>

  <Accordion title="How do I access SOC 2 reports and other security documentation?">
    Aptible maintains compliance with programs and frameworks including SOC 2 Type II, GDPR, HIPAA, PCI, HITRUST, EU-US Data Privacy Framework, PIPEDA, Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework.

    We provide documents attesting to our ongoing compliance for use as evidence in your organization's compliance process. Access is provided through [trust.aptible.com](https://trust.aptible.com/). Use **Request or Regain Access** with the email address associated with your Aptible account.

    Aptible requires the intended consumer of confidential reports to have an NDA in place directly with Aptible. Through the trust portal, you can e-sign the mutual NDA and access documents such as:

    * HITRUST Engagement Letter
    * HITRUST CSF Letter of Certification
    * HITRUST NIST CSF Assessment
    * HITRUST CSF Validated Assessment Report
    * SOC 2 Type 2 Report
    * SOC 2 Continued Operations Letter
    * Penetration Test Summary

    If you have trouble accessing the portal or need special assistance, contact [Aptible Support](/how-to-guides/troubleshooting/aptible-support).
  </Accordion>
</AccordionGroup>