FedRAMP Secure Configuration Guide

CircleCI Trust Center

background-image
Start your security review
View & download sensitive information
ControlK

Overview

CI/CD is the foundation of engineering productivity and speed. At CircleCI, we know that a team’s velocity must go hand in hand with building securely.

World-class engineering teams don’t sacrifice security for speed, but rather, choose platforms like CircleCI that deliver both.

We are constantly evaluating how we can improve both our internal security posture, and how we improve security for our customers. We invite questions and conversations on security at CircleCI and look forward to working with you to improve the security of the software ecosystem as a whole. Please email CircleCI's GRC team with any questions.

For customers interested in signing a Data Processing Addendum with CircleCI, you can sign our DPA here.

CircleCI's Privacy Policy can be viewed here.

Compliance

SOC 2 Type 2 Logo
SOC 2 Type 2
FedRAMP LI-SaaS Logo
FedRAMP LI-SaaS
CSA STAR for AI Logo
CSA STAR for AI
GDPR Logo
GDPR
AWS Advanced Technology Partner Logo
AWS Advanced Technology Partner
CCPA Logo
CCPA
CPRA Logo
CPRA
EU-US DPF Logo
EU-US DPF
Swiss-US DPF Logo
Swiss-US DPF
UK Extension to EU-US DPF Logo
UK Extension to EU-US DPF
CSA STAR Level 1 Logo
CSA STAR Level 1

CircleCI is reviewed and trusted by

Compass Real Estate-company-logoCompass Real Estate
Headspace-company-logoHeadspace
Lightspeed Commerce-company-logoLightspeed Commerce
Okta-company-logoOkta
Procore Technologies-company-logoProcore Technologies
Quizlet-company-logoQuizlet

Documents

Featured Documents

REPORTSPentest Report
REPORTSSOC 2 Report
SELF-ASSESSMENTSCAIQ
SELF-ASSESSMENTSSIG Lite
LEGALCyber Insurance
POLICIESShared Responsibility Policy

Access Control

Access Log Management
Automated Account Management
Bring Your Own Device (BYOD)
View more

AI

AI Overview
AI Training Data and Bias
AI Security
View more

App Security

Responsible Disclosure
Application Penetration Testing
Bot Detection
View more

Asset Management

Asset Classification
Asset Inventories (Hardware/Software)
Asset Tracking
View more

BC/DR

Alternate Processing/Storage Site
Business Continuity Management System (BCMS)
Business Continuity Plan (BCP)
View more

Change Management

Change Management Program
Change Restrictions
Changes Notification & Verification
View more

Continuous Monitoring

Automated Alert Response
Automated Compliance Monitoring
Data Loss Prevention System (DLP)
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Handbook
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Data Security

Access Monitoring
Certificates of Destruction
Data Asset Classification
View more

Endpoint Security

Anti-Malware
Disk Encryption
DNS Filtering
View more

ESG

Anti-Bribery and Corruption
Anti-Competitive Practices
Anti-Modern Slavery
View more

Incident Response

Designated Response Personnel
Forensic Retainer
Incident Reporting Process
View more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Legal

Sub-ProcessorsAmazon Web Services (AWS)-company-logoAmplitude-company-logoCircleCI-company-logoDocuSign-company-logoFivetran-company-logo
Customer Audit Rights
Cyber Insurance
View more

Network Security

Bot Detection
Data Loss Prevention
Distributed Denial of Service Protection (Anti-DDoS)
View more

Physical & Environment

Access Monitoring
Alarms & Surveillance
Alternate Work Sites
View more

Policies

Access Control Policy
Asset Management Policy
Awareness and Training Policy
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Data Flow Diagram (DFD)
Network Diagram
PCI DSS
View more

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Risk Profile

Data Access LevelInternal
Recovery Time Objective4 hours
Recovery Point Objective1 hour
View more

Self-Assessments

CAIQ
SIG Lite

Training

Employee Privacy Training
Phishing Training
Role-Based Training
View more

Sub-Processors

CircleCI Trust Center Updates

FedRAMP Secure Configuration Guide

Copy link
Compliance

Published in fulfillment of FedRAMP requirement SCG-CSO-RSC, CircleCI's Secure Configuration Guide (SCG) for FedRAMP Tailored LI-SaaS is now publicly available to support agency ATO inheritance documentation and onboarding on CircleCI's Trust Center. This guide provides federal agency administrators and Authorizing Officials with comprehensive guidance for securely deploying and operating CircleCI under a FedRAMP Tailored Low Impact SaaS authorization.

If you need help using this CircleCI Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo