§ 00·0x00/COMPLIANCE / SOC 2
SOC 2 and CipherStash.
CipherStash helps you meet your SOC 2 obligations by giving you identity-based access controls that keep your data encrypted even when it is in use. Six common controls map directly to CipherStash capabilities without custom engineering.
§ 01·0x01/CONTROLS / HOW IT MAPS
Six controls. CipherStash, by default.
01
CC 6.1
Secure authentication to production data stores
With CipherStash this can be scoped to individual records. You can demonstrate that only authorized users have access to specific pieces of data.
02
CC 6.1
Data encrypted at rest
With CipherStash this means storing ciphertext in the database, not only relying on storage-level encryption. Every value is encrypted under its own identity-bound key.
03
CC 6.1
Privileged access to databases
CipherStash lets you grant full admin access to a database for authorized users with a business need (DBAs, SRE), while keeping sensitive data encrypted at the field level. Admins see ciphertext unless they also carry the right identity.
04
CC 6.5
Confidence in data deletion
With key-per-record encryption, you can guarantee data access is prevented by revoking specific keys or groups of keys. Works for physical and virtual storage media.
05
CC 7.2
Log management for security impact
CipherStash logs what SQL queries were made and what fields were returned (or would have been returned in the event of a denial). You can prove sensitive data was not accessed, or see which identities accessed it.
06
CC 7.4
Accurate data access during incidents
Granular encryption and detailed logging make post-incident reporting easier. You can show exactly which data was accessed and by whom to satisfy internal communications and regulatory obligations.
§ 02·0x02/NEXT / TRUST CENTER
SOC 2 Type II certified.
Visit the CipherStash Trust Center for the SOC 2 Type II report, penetration test summaries, and security questionnaires.