From 89287b14ed8b57ef4ac8ce8357c28be3188eefc5 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 2 May 2025 09:21:27 -0400 Subject: [PATCH] Closes #19383: Extend security policy to provide guidance on compliance reporting --- SECURITY.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 97881a901..58b73cbb7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,6 +14,12 @@ Administrators are encouraged to adhere to industry best practices concerning th * Prohibit access to your database from clients other than the NetBox application * Keep your deployment updated to the most recent stable release +## Compliance Reporting + +Please note that security compliance reports (e.g. SOC 2) are provided by NetBox Labs only to customers using NetBox Cloud or NetBox Enterprise. They are not available to users of self-hosted NetBox Community Edition. + +If you would like to consider upgrading to NetBox Cloud or Enterprise, please contact `sales@netboxlabs.com`. + ## Reporting a Suspected Vulnerability If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so by emailing `security@netboxlabs.com`. Please ensure that your report meets all the following conditions: