Security

Responsible Disclosure

Quindar is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@quindar.space.

Data Security

Quindar encrypts data at rest and in transit for all of our customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.

Application and API Security

Quindar regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, api endpoints, running application, and the deployed environment.

Quindar also uses high-quality static analysis tooling provided by GitHub Security such as Dependabot to secure our product at every step of the development process.

Compliant

SOC 2
Type II

NIST
800 171

Current Work

Quindar is currently investigating FedRAMP compliance:

FedRAMP Moderate

Cloud Infrastructure Security

Quindar uses the AWS GovCloud (US) partition of Amazon Web Services to host our application. In addition to the regular AWS Security Controls, the GovCloud (US) partition is designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements. We make full use of the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector.

GovCloud Compliance

NIST
800-171

FedRAMP Moderate

Cybersecurity Maturity Model Certification (CMMC)

International Trade in Arms Regulations (ITAR)

Monitoring

We utilize Vanta (https://www.vanta.com) to ensure security controls are continuously monitored for compliance and a formal audit annually.