From 46cd87a5652c4eff31d86151cf17965446630bcc Mon Sep 17 00:00:00 2001 From: Johnathan Date: Fri, 22 Nov 2024 09:23:52 -0800 Subject: [PATCH 1/2] Add PCI-DSS and update compliance pages Add PCI-DSS and update compliance pages to include Pixie for out-of-scope --- .../fedramp.mdx | 41 ++++++ .../iso-27001.mdx | 68 +++++++++ .../pci-dss.mdx | 132 ++++++++++++++++++ .../soc2.mdx | 42 ++++++ .../tisax.mdx | 68 +++++++++ .../security-privacy/compliance/hitrust.mdx | 42 ++++++ .../regulatory-audits-new-relic-services.mdx | 3 +- src/nav/new-relic-security.yml | 2 + 8 files changed, 397 insertions(+), 1 deletion(-) create mode 100644 src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx diff --git a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/fedramp.mdx b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/fedramp.mdx index 81a6232e3d5..dc8e51b24ba 100644 --- a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/fedramp.mdx +++ b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/fedramp.mdx @@ -163,5 +163,46 @@ The following services are not FedRAMP-authorized: [Historical Data Export](/docs/apis/nerdgraph/examples/nerdgraph-historical-data-export) + + + N/A + + + + GCP + + + + Pixie: Community Cloud for Pixie + + + + + + N/A + + + + GCP + + + + Pixie: Auto-telemetry with Pixie + + + + + + N/A + + + + AWS, Azure + + + + New Relic AI + + diff --git a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001.mdx b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001.mdx index e7728f5a3ef..ed156afc23e 100644 --- a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001.mdx +++ b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001.mdx @@ -11,6 +11,9 @@ freshnessValidatedDate: never The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years and have annual touch point audits (surveillance audits). The scope of certification covers the Company’s locations in Portland, Oregon; San Francisco, California; Barcelona, Spain; and London, United Kingdom. ## Applicable document by service [#applicable-services] + + Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope). + The following applies to the New Relic Observability Platform: @@ -55,3 +58,68 @@ The following applies to the New Relic Observability Platform: + +## Services not in scope [#not-scope] + +The following services are not ISO 27001 authorized: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Last updated + + Infrastructure + + Services +
+ N/A + + GCP + + Pixie: Community Cloud for Pixie +
+ N/A + + GCP + + Pixie: Auto-telemetry with Pixie +
+ N/A + + AWS, Azure + + New Relic AI +
diff --git a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx new file mode 100644 index 00000000000..5943dd7d2c2 --- /dev/null +++ b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx @@ -0,0 +1,132 @@ +--- +title: PCI DSS +tags: + - Security + - Security and Privacy + - Compliance +metaDescription: Criteria and compliance with PCI DSS audits by New Relic services. +freshnessValidatedDate: 2024-07-25 +redirects: + - /docs/security/security-privacy/compliance/certificates-standards-regulations/PCI DSS-moderate +--- + +The Payment Card Industry Data Security Standard (“PCI DSS”), maintained by the Security Standards Council, is a set of security requirements to protect cardholder data environments (“CDEs”) where payment card data is stored, processed, or transmitted. PCI DSS provides a baseline of rigorous technical and operational requirements designed to protect CDEs. + +Assessed against the PCI DSS version 4.0, New Relic maintains a Report on Compliance (“ROC”) and Attestation of Compliance (“AOC”) as a [Level 1 Service Provider](https://www.pcisecuritystandards.org/glossary/service-provider/). + +New Relic removes some of your sensitive data in logs with automatic [log obfuscation](https://docs.newrelic.com/docs/logs/get-started/new-relics-log-management-security-privacy/#auto-obfuscation), which is enabled by default for all customers and helps you protect your data. + +## Applicable document by service [#applicable-services] + + Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope). + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Document + + Last updated + + Infrastructure + + Services +
+ Attestation of Compliance + + 2024-NOV-13 + + AWS, First Party + + New Relic Observability Platform +
+ + + If you require a copy of New Relic’s AOC or PCI Customer Responsibility Matrix, reach out to your New Relic account representative. + + +## Services not in scope [#not-scope] + +The following services are not PCI DSS authorized: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Last updated + + Infrastructure + + Services +
+ N/A + + GCP + + Pixie: Community Cloud for Pixie +
+ N/A + + GCP + + Pixie: Auto-telemetry with Pixie +
+ N/A + + AWS, Azure + + New Relic AI +
diff --git a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2.mdx b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2.mdx index f92513b1989..44af3cf08f2 100644 --- a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2.mdx +++ b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2.mdx @@ -113,5 +113,47 @@ The following services are not SOC 2 certified: ML Ops + + + + N/A + + + + GCP + + + + Pixie: Community Cloud for Pixie + + + + + + N/A + + + + GCP + + + + Pixie: Auto-telemetry with Pixie + + + + + + N/A + + + + AWS, Azure + + + + New Relic AI + + diff --git a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax.mdx b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax.mdx index f4cb414ec93..7a8bfda794e 100644 --- a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax.mdx +++ b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax.mdx @@ -13,6 +13,9 @@ TISAX is a European automotive industry-standard information security assessment For a copy of New Relic’s shared assessment, you must be a member of the [ENX Association](https://portal.enx.com/en-US/). The scope of certification covers the Company’s locations in the US and the EU. ## Applicable document by service [#applicable-services] + + Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope). + The following applies to the New Relic Observability Platform: @@ -61,3 +64,68 @@ The following applies to the New Relic Observability Platform: If you require access to New Relic's TISAX labels, you can view them within the [ENX Portal](https://portal.enx.com/en-US/SignIn?ReturnUrl=%2Fen-US%2Fmyenxportal%2Fpublished-shared-results%2F). + +## Services not in scope [#not-scope] + +The following services are not TISAX certified: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Last updated + + Infrastructure + + Services +
+ N/A + + GCP + + Pixie: Community Cloud for Pixie +
+ N/A + + GCP + + Pixie: Auto-telemetry with Pixie +
+ N/A + + AWS, Azure + + New Relic AI +
diff --git a/src/content/docs/security/security-privacy/compliance/hitrust.mdx b/src/content/docs/security/security-privacy/compliance/hitrust.mdx index ada4e5d2788..ba6d0dc6102 100644 --- a/src/content/docs/security/security-privacy/compliance/hitrust.mdx +++ b/src/content/docs/security/security-privacy/compliance/hitrust.mdx @@ -153,5 +153,47 @@ HITRUST doesn't provide certification for the following services: [Historical Data Export](/docs/apis/nerdgraph/examples/nerdgraph-historical-data-export) + + + + N/A + + + + GCP + + + + Pixie: Community Cloud for Pixie + + + + + + N/A + + + + GCP + + + + Pixie: Auto-telemetry with Pixie + + + + + + N/A + + + + AWS, Azure + + + + New Relic AI + + diff --git a/src/content/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services.mdx b/src/content/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services.mdx index 3d4b3c7adc7..8645f082446 100644 --- a/src/content/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services.mdx +++ b/src/content/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services.mdx @@ -13,7 +13,7 @@ freshnessValidatedDate: never This document describes New Relic's products and services as they relate to regulatory framework compliance status. -**Updated on November 7, 2024.** +**Updated on November 21, 2024.** ## Certifications, standards, and regulations [#cer-std-reg] @@ -23,6 +23,7 @@ For detailed information, see the documentation on the specific certifications, * [HIPAA enabled capabilities](/docs/security/security-privacy/compliance/certificates-standards-regulations/hipaa/) * [HITRUST compliance](/docs/security/security-privacy/compliance/hitrust) * [ISO 27001](/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001/) +* [PCI DSS](/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss/) * [SOC 2](/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2/) * [TISAX](/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax) diff --git a/src/nav/new-relic-security.yml b/src/nav/new-relic-security.yml index fbd0846ff25..7532dd6d2cc 100644 --- a/src/nav/new-relic-security.yml +++ b/src/nav/new-relic-security.yml @@ -31,6 +31,8 @@ pages: path: /docs/security/security-privacy/compliance/hitrust - title: ISO 27001 path: /docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001 + - title: PCI DSS + path: /docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss/ - title: SOC 2 path: /docs/security/security-privacy/compliance/certificates-standards-regulations/soc2 - title: TISAX From eef780d1350a488494c0f319fe843a66fd6a3ef8 Mon Sep 17 00:00:00 2001 From: Johnathan Date: Fri, 22 Nov 2024 09:44:01 -0800 Subject: [PATCH 2/2] Push potential fixes for pci-dss.mdx Push potential fixes for pci-dss file since Gatsby reported missing lines. Everything matches though, maybe formatting? --- .../pci-dss.mdx | 107 +++++------------- 1 file changed, 26 insertions(+), 81 deletions(-) diff --git a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx index 5943dd7d2c2..8ee97fdafdc 100644 --- a/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx +++ b/src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx @@ -17,116 +17,61 @@ Assessed against the PCI DSS version 4.0, New Relic maintains a Report on Compli New Relic removes some of your sensitive data in logs with automatic [log obfuscation](https://docs.newrelic.com/docs/logs/get-started/new-relics-log-management-security-privacy/#auto-obfuscation), which is enabled by default for all customers and helps you protect your data. ## Applicable document by service [#applicable-services] + Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope). + - - - - - - - + + + + - - - - - - - - + + + +
- Document - - Last updated - - Infrastructure - - Services - DocumentLast updatedInfrastructureServices
- Attestation of Compliance - - 2024-NOV-13 - - AWS, First Party - - New Relic Observability Platform - Attestation of Compliance2024-NOV-13AWS, First PartyNew Relic Observability Platform
+## Services not in scope [#not-scope] + If you require a copy of New Relic’s AOC or PCI Customer Responsibility Matrix, reach out to your New Relic account representative. -## Services not in scope [#not-scope] - The following services are not PCI DSS authorized: + - - - - - + + + - - - - - - + + + - - - - - - + + + - - - - - - + + + -
- Last updated - - Infrastructure - - Services - Last updatedInfrastructureServices
- N/A - - GCP - - Pixie: Community Cloud for Pixie - N/AGCPPixie: Community Cloud for Pixie
- N/A - - GCP - - Pixie: Auto-telemetry with Pixie - N/AGCPPixie: Auto-telemetry with Pixie
- N/A - - AWS, Azure - - New Relic AI - N/AAWS, AzureNew Relic AI
+ \ No newline at end of file