Skip to main content
false
 security

Security certifications and attestations

Splunk maintains a comprehensive set of compliance certifications and attestations to support customers in meeting their own compliance obligations across global regulated markets. This webpage provides a list of Splunk products that are in scope of Splunk’s compliance programs and is solely for informational purposes.

For generally available products listed below, not all features of the product may be within the scope of the relevant third-party audit report. Specific key features that are within the relevant third-party audit report for the product are listed below. Also, for generally available products and features that are currently in scope of Splunk’s compliance program as listed below, the product or feature may not be a part of the third-party audit report until the next assessment cycle.

Additional detailed information about Splunk’s compliance programs, including third party reports, is available to Splunk customers under non-disclosure agreement from the Customer Trust Portal.

Product Compliance Programs

Product FeatureSOC 1SOC 2ISO 27001ISO 27017ISO 27018PCICSA Star  level 1CSA Star  level 2
Splunk® Cloud Platform










Splunk Cloud Platform

Admin Config Service









Splunk Cloud Platform

Dashboard Studio









Splunk Cloud Platform

Data Manager









Splunk Cloud Platform

KV Store









Splunk Cloud Platform

Federated Search









Splunk Cloud Platform

Automated Private App Validation









Splunk Cloud Platform

Private Connectivity









Splunk Cloud Platform

Ingest Actions









Splunk Cloud Platform

Cloud Monitoring Console (CMC)









Splunk Cloud Platform

Dynamic Data Active Searchable (DDAS)









Splunk Cloud PlatformDynamic Data Active Archive (DDAA)







Splunk Cloud PlatformDynamic Data Self-Storage (DDSS)







Splunk Cloud PlatformDMX Edge Processor







Splunk Cloud PlatformFederated Search S3







Splunk Cloud PlatformDMX Ingest Processor







Splunk® Mission Control








Splunk® SOAR (Cloud)








Splunk® Enterprise Security








Splunk® Enterprise SecurityBehavioral Analytics







Splunk® Enterprise SecurityThreat Intelligence Management







Splunk® IT Service Intelligence








Splunk® Infrastructure Monitoring (IMM)








Splunk® Infrastructure Monitoring (IMM)Network Explorer







Splunk® Application Performance Monitoring (APM)








Splunk® Application Performance Monitoring (APM)AlwaysOn Profiling







Log Observer Connect








Splunk® Real User Monitoring








Splunk® Synthetic Monitoring









✓= This product is currently in scope of Splunk’s third party audit/attestation reports.

✓* =  IL5 limited scope. Only on-premises to cloud available.

ProductFeature
HIPAA
Splunk® Cloud Platform



Splunk Cloud Platform

Admin Config Service


Splunk Cloud Platform

Dashboard Studio


Splunk Cloud Platform

Data Manager


Splunk Cloud Platform

KV Store


Splunk Cloud Platform

Federated Search


Splunk Cloud Platform

Automated Private App Validation


Splunk Cloud Platform

Private Connectivity


Splunk Cloud Platform

Ingest Actions


Splunk Cloud Platform

Cloud Monitoring Console (CMC)


Splunk Cloud Platform

Dynamic Data Active Searchable (DDAS)


Splunk Cloud PlatformDynamic Data Active Archive (DDAA)
Splunk Cloud PlatformDynamic Data Self-Storage (DDSS)
Splunk Cloud PlatformDMX Edge Processor
Splunk Cloud PlatformFederated Search S3
Splunk Cloud PlatformDMX Ingest Processor
Splunk® Mission Control

Splunk® SOAR (Cloud)

Splunk® Enterprise Security


Splunk® Enterprise SecurityBehavioral Analytics
Splunk® Enterprise SecurityThreat Intelligence Management
Splunk® IT Service Intelligence

Splunk® Infrastructure Monitoring (IMM)

Splunk® Infrastructure Monitoring (IMM)Network Explorer
Splunk® Application Performance Monitoring (APM)

Splunk® Application Performance Monitoring (APM)AlwaysOn Profiling
Log Observer Connect

Splunk® Real User Monitoring

Splunk® Synthetic Monitoring


✓= This product is currently in scope of Splunk’s third party audit/attestation reports.

✓* =  IL5 limited scope. Only on-premises to cloud available.


   

   

Product FeatureDoD CC SRG IL5FedRAMP ModerateFedRAMP HighStateRAMPTX-RAMP
Splunk® Cloud Platform







Splunk® Cloud Platform

Admin Config Service






Splunk® Cloud Platform

Dashboard Studio






Splunk® Cloud PlatformKV Store




Splunk® Cloud Platform

Federated Search

 *



Splunk® Cloud Platform

Automated Private App Validation






Splunk® Cloud Platform
Ingest Actions




Splunk® Cloud PlatformCloud Monitoring Console (CMC)




Splunk® Cloud PlatformPrivate Connectivity




Splunk® Cloud PlatformDynamic Data Active Searchable (DDAS)




Splunk® Cloud PlatformDynamic Data Active Archive (DDAA)




Splunk® Cloud PlatformDynamic Data Self-Storage (DDSS)




Splunk® Cloud PlatformDMX Edge Processor




Splunk® Cloud PlatformFederated Search S3 *



Splunk® Cloud PlatformDMX Ingest Processor




Splunk® Mission Control





Splunk® SOAR





Splunk® Enterprise Security





Splunk® Enterprise SecurityBehavioral Analytics




Splunk® Enterprise SecurityThreat Intelligence Management




Splunk® IT Service Intelligence





Splunk® Infrastructure Monitoring (IMM)





Splunk® Infrastructure Monitoring (IMM)Network Explorer




Splunk® Application Performance Monitoring (APM)





Splunk® Application Performance Monitoring (APM)AlwaysOn Profiling




Log Observer Connect





Splunk® Real User Monitoring





Splunk® Synthetic Monitoring





   


✓= This product is currently in scope of Splunk’s third party audit/attestation reports.

✓* =  IL5 limited scope. Only on-premises to cloud available.

ProductFeature
IRAP
Splunk® Cloud Platform



Splunk® Cloud Platform

Admin Config Service


Splunk® Cloud Platform

Dashboard Studio


Splunk® Cloud Platform

Data Manager


Splunk® Cloud Platform

KV Store


Splunk® Cloud Platform

Federated Search


Splunk® Cloud Platform

Automated Private App Validation


Splunk® Cloud Platform

Private Connectivity


Splunk® Cloud Platform

Ingest Actions


Splunk® Cloud Platform

Cloud Monitoring Console (CMC)


Splunk® Cloud Platform

Dynamic Data Active Searchable (DDAS)


Splunk® Cloud PlatformDynamic Data Active Archive (DDAA)
Splunk® Cloud PlatformDynamic Data Self-Storage (DDSS)
Splunk® Cloud PlatformDMX Edge Processor
Splunk® Cloud PlatformFederated Search S3
Splunk® Cloud PlatformDMX Ingest Processor
Splunk® Mission Control

Splunk®  SOAR

Splunk® Enterprise Security


Splunk® Enterprise SecurityThreat Intelligence Management
Splunk® Enterprise SecurityBehavioral Analytics
Splunk® IT Service Intelligence


Splunk® Infrastructure Monitoring (IMM)

Splunk® Infrastructure Monitoring (IMM)Network Explorer
Splunk® Application Performance Monitoring (APM)

Splunk® Application Performance Monitoring (APM)AlwaysOn Profiling
Log Observer Connect

Splunk® Real User Monitoring

Splunk® Synthetic Monitoring


✓= This product is currently in scope of Splunk’s third party audit/attestation reports.

✓* =  IL5 limited scope. Only on-premises to cloud available.

ProductFeature
TISAX
Splunk® Cloud Platform


Splunk® Cloud Platform

Admin Config Service


Splunk® Cloud Platform

Dashboard Studio


Splunk® Cloud Platform

Data Manager


Splunk® Cloud Platform

KV Store


Splunk® Cloud Platform

Federated Search


Splunk® Cloud Platform

Automated Private App Validation


Splunk® Cloud Platform

Private Connectivity


Splunk® Cloud Platform

Ingest Actions


Splunk® Cloud Platform

Cloud Monitoring Console (CMC)


Splunk® Cloud Platform

Dynamic Data Active Searchable (DDAS)


Splunk® Cloud Platform
Dynamic Data Active Archive (DDAA)
Splunk® Cloud Platform
Dynamic Data Self-Storage (DDSS)
Splunk® Cloud PlatformDMX Edge Processor
Splunk® Cloud PlatformFederated Search S3
Splunk® Cloud PlatformDMX Ingest Processor
Splunk® Mission Control


Splunk® SOAR (Cloud)

Splunk® Enterprise Security


Splunk® Enterprise Security
Behavioral Analytics

Splunk® Enterprise Security
Threat Intelligence Management
Splunk®  IT Service Intelligence

Splunk® Infrastructure Monitoring (IMM)

Splunk® Infrastructure Monitoring (IMM)Network Explorer
Splunk® Application Performance Monitoring (APM)


Splunk® Application Performance Monitoring (APM)AlwaysOn Profiling
Log Observer Connect

Splunk® Real User Monitoring

Splunk® Synthetic Monitoring



✓= This product is currently in scope of Splunk’s third party audit/attestation reports.

✓* =  IL5 limited scope. Only on-premises to cloud available.

This document addresses the named product(s) only as of November 2024. Since laws are frequently amended, the listed information may not reflect all changes or recent amendments to applicable law or how such changes might affect our products. Accordingly, Splunk does not represent, warrant or guarantee that the listed information is complete, accurate, or up-to-date and no part of the information should be construed as part of any contractual commitment to be included in any contract absent Splunk’s express acknowledgement through language in the contract itself.

Compliance certifications, standards, and regulations for our products

The International Organization for Standardization (ISO) is an independent, international organization. The ISO 27001 standard outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage identified risks.


On an annual basis, specified Splunk products are reviewed and certified by an independent third-party assessor against the ISO 27001 requirements (surveillance audits) and certifications are reissued every 3 years (renewal audits). Authorized users can access related documentation in the Customer Trust Portal.

The ISO 27017 standard provides cloud service providers guidance on the information security aspects of cloud computing, providing recommendations on the implementation of cloud-specific information security controls to support the ISO 27001 standard.


On an annual basis, specified Splunk products are reviewed and certified by an independent third-party assessor against the ISO 27017 requirements and certifications are reissued every 3 years. Authorized users can access related documentation in the Customer Trust Portal.

The ISO 27018 standard covers the protection of personally identifiable information (PII) for cloud service providers. ISO 27018 builds upon the existing ISO 27001 standard by adding specific items for cloud privacy and provides new security controls for personal data.


On an annual basis, specified Splunk products are reviewed and certified by an independent third-party assessor against the ISO 27018 requirements and certifications are reissued every 3 years. Authorized users can access related documentation in the Customer Trust Portal.

A Service Organization Controls (SOC) 1 report evaluates internal controls that are applicable to a user entity's controls and is governed by the American Institute of Certified Public Accountants (AICPA). It is specially designed to meet the needs of customers and the accountants who audit our financial statements.


On a semi-annual basis, Splunk’s critical systems related to financial reporting are reviewed and evaluated by an independent third-party auditor against the SOC 1 control objectives. Authorized users can access related documentation in the Customer Trust Portal.

A Service Organization Controls (SOC) 2 report is designed to provide assurance about the effectiveness of controls in place that is relevant to the security, availability, and confidentiality of the systems where customer data is processed. The SOC 2 control objectives are governed by the American Institute of Certified Public Accountants (AICPA) and the reports are inclusive of specified Splunk products utilized by our customers. For more information; see the Splunk Cloud Security Addendum.


On a semi-annual basis, specified Splunk products and services are reviewed and evaluated by an independent third-party auditor against the SOC 2 control objectives. Authorized users can access related documentation in the Customer Trust Portal.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S. federal law that establishes data privacy and security requirements for organizations that are responsible for safeguarding individuals' protected health information (PHI). Under HIPAA, these organizations meet the definition of “covered entities” or “business associates.” Customers that are subject to HIPAA and want to utilize HIPAA compliant Splunk Cloud products in connection with PHI must review and accept Splunk’s Business Associate Agreement (BAA).


On an annual basis, specified Splunk products are reviewed and evaluated by an independent third-party auditor against the HIPAA requirements. Authorized users can access related documentation in the Customer Trust Portal.

The Payment Card Industry Security Standards Council (PCI SSC) developed one standard policy, the PCI Data Security Standards (PCI DSS) to ensure a baseline level of protection for consumers and vendors. All merchants and their service providers that store, process, or transmit cardholder data must be compliant with PCI DSS.


As a Level 1 PCI service provider, Splunk is required to undergo an Annual Compliance Report (ROC) by Qualified Security Assessor (QSA) or Internal Security Assessor and quarterly network scanning by an Approved Scanning Vendor (ASV). Authorized users can access related documentation in the Customer Trust Portal.

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). For CSA STAR level 1, cloud providers submit the Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM).


On an annual basis, Splunk self-attests specified products against the CSA STAR Level 1 requirements and submits to the STAR registry. This information then becomes publicly available, promoting industry transparency and providing customer visibility into specific provider security practices. Authorized users can access related documentation in the Customer Trust Portal.

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). The CSA STAR Level 2 certification leverages the requirements of the ISO 27001:2013 management system standard together with the CSA CCM criteria.


On an annual basis, specified Splunk products are reviewed and evaluated by an independent third-party auditor against the CSA STAR Level 2 requirements. This information is submitted to the STAR registry then becomes publicly available, promoting industry transparency and providing customer visibility into specific Splunk security practices. Authorized users can access related documentation in the Customer Trust Portal.

The U.S. Department of Defense (DoD) has information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD has defined cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud service providers supporting U.S. DoD customers are required to comply with these requirements.


Per DISA’s Memorandum for FedRAMP-approved Cloud Service Providers on August 15th, 2019, Splunk’s FedRAMP moderate offering is eligible for Impact Level 2 (IL2) customer use by the DoD for public data under reciprocity. Prospective DoD customers may submit a FedRAMP Package Access Request form at: https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf to request Splunk’s FedRAMP Moderate documentation for review and issuance of IL2 authorization.

The U.S. Department of Defense (DoD) has information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD has defined cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud service providers supporting U.S. DoD customers are required to comply with these requirements.


Splunk does not have an Impact Level 4 (IL4) offering, however, specified Splunk products are assessed by an independent third-party auditor against the Impact Level 5 (IL5) requirements. Splunk’s IL5 offering provides additional security controls beyond IL4 requirements and may be leveraged by customers to meet and exceed IL4 compliance obligations.

The U.S. Department of Defense (DoD) has information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD has defined cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud service providers supporting U.S. DoD customers are required to comply with these requirements.


On an annual basis, specified Splunk products are assessed by an independent third-party auditor against the Impact Level 5 (IL5) requirements. DoD IL5 is a designation that includes high sensitivity controlled unclassified information (CUI) and mission data, along with Unclassified National Security Information (U-NSI).

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. Cloud Service Providers (CSP) that support U.S. government customers or operate on U.S. government information are responsible for complying with the requirements established by the FedRAMP program.


On an annual basis, specified Splunk products are assessed by an independent third-party auditor against the FedRAMP Moderate requirements, see Splunk’s FedRAMP authorizations. Authorized users can access related documentation in the Customer Trust Portal.

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. Cloud Service Providers (CSP) that support U.S. government customers or operate on U.S. government information are responsible for complying with the requirements established by the FedRAMP program.


On an annual basis, specified Splunk products are assessed by an independent third-party auditor against the FedRAMP High Security baseline, see Splunk’s FedRAMP authorizations.

StateRAMP is a non-profit, 501(c)6 membership organization that brings U.S. state and local governments, educational institutions, and special districts with the cloud service providers (CSP) who serve them and to promote best cyber practices and to establish a common set of security criteria. Similar to the Federal Risk Authorization Management Program (FedRAMP), StateRAMP established a certification program which verifies CPSs meet the controls for National Institute of Standards and Technology (NIST) Special Publication 800- 53 by impact level.


On an annual basis, specified Splunk products are assessed by an independent third-party auditor against the StateRAMP moderate impact level requirements, see the StateRAMP product list.

The Texas Risk and Authorization Management Program (TX-RAMP) provides a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services that process the data of Texas state agencies. Similar to the Federal Risk Authorization Management Program (FedRAMP), TX-RAMP established a certification program which verifies Cloud Service Providers (CSP) meet the controls for National Institute of Standards and Technology (NIST) Special Publication 800- 53 by impact level.


On an annual basis, specified Splunk products are assessed by an independent third-party auditor against the FedRAMP moderate impact level requirements. Texas provides reciprocal authorization for FedRAMP M services at TX-RAMP level 2, see the TX-RAMP certified cloud product list. Authorized users can access related documentation in the Customer Trust Portal.

Trusted Information Security Assessment Exchange (TISAX) is a European information security assessment (ISA) for the automotive industry. The TISAX ISA is based on the ISO 27001 standard and covers key aspects of information security adapted for the automotive industry, suppliers, and subcontractors. The standard was created by the Association of the German Automotive Industry (VDA) and the association of European automotive manufacturers, European Network Exchange (ENX). ENX accredits the audit service providers and monitors the quality of the implementation and the assessment results.


Specified splunk products are reviewed and certified by an independent third-party auditor against the TISAX requirements. The certification is valid for 3 years.

The Information Security Registered Assessors Program (IRAP) enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC). The ISM describes the security control mechanisms that cloud services providers require for providing services to the government.


Specified Splunk products are assessed by an independent third-party auditor against the protected level IRAP requirements. The resulting report from the third party auditor is valid for 2 years.

Splunk Enterprise, Splunk Cloud Platform FedRAMP and Splunk Cloud Platform IL5 leverage the FIPS 140-2 validated Splunk Cryptographic Module for the protection of sensitive information when deployed on any compliant operating system. The Splunk cryptographic module achieved Federal Information Processing Standard 140-2 validation.

Splunk Enterprise is Common Criteria certified by National Information Assurance Partnership (NIAP). This certification facilitates the use of Splunk Enterprise by Government Agencies requiring products that meet the Common Criteria security standard. Additional details are available on the NIAP Product Compliant List website.

VPATs/ACRs that reflect Splunk product conformance to applicable accessibility requirements can be found on the Splunk Accessibility Page.

Cyber Essentials is a UK Government backed scheme that will help protect organisations against a range of the most common cyber attacks.

Additional Resources

The Splunk Customer Trust Portal provides you with easy, on-demand access to documentation about Splunk’s global privacy, security, and compliance programs, including certifications, compliance reports, standard security questionnaires and white papers.