This list is current. Last updated 7 October 2021.
This document describes New Relic's products and services as they relate to regulatory framework compliance status. For more information, download the New Relic FedRAMP Customer Responsibility Matrix (CRM) Worksheet as a PDF|87K.
Customer FedRAMP obligations
New Relic customers must meet all of the following requirements for New Relic’s FedRAMP environment:
New Relic-approved customers: New Relic’s FedRAMP-Moderate authorized environment is only available to New Relic-approved customers. For more information, contact your New Relic account representative.
Order form: Customer’s order form with New Relic must include customer’s eligibility for FedRAMP.
Subscription level: Customer must have a current and valid subscription to our Enterprise edition or a New Relic-approved subscription.
Authorized New Relic endpoints: Customer must send its data only to New Relic’s FedRAMP-designated endpoints.
Authorized services and features: Customer must use only FedRAMP audited and authorized New Relic services and features.
Time frames
New Relic's time frames for supported regulatory frameworks and annual audits include:
- SOC2 Type 2 audit: Reviews New Relic's implementation and maintenance of controls for the previous 12 months. The annual audit spans August 1 of the previous year through July 31 of the current year (for example, August 1, 2019 through July 31, 2020).
- FedRAMP Agency (Moderate): Reviews New Relic's implementation and maintenance of NIST 800-53 rev. 4 controls for the previous 12 months. The annual audit spans November 28 of the previous year through November 28 of the current year (for example, November 28, 2019 through November 28, 2020).
- ISO 27001: Reviews New Relic’s implementation of information security standards that ensures office sites, development centers, support centers and data centers are security managed. The certification spans 3 years (renewal audits) beginning 2021 and has annual touch point audits (surveillance audits). The scope of certification covered the Company’s locations in Portland, Oregon; San Francisco, California; Barcelona, Spain; Dublin, Ireland; Atlanta, Georgia; and London, United Kingdom.
Services in Scope by compliance program
The following table describes New Relic's Services in Scope of New Relic's assurance programs.
- A check indicates that this service in scope of the most recent assessment and current reports.
- A caution icon indicates the service is on the roadmap for regulatory framework compliance at a time frame to be determined.
New Relic service | SOC2 | FedRAMP Moderate | HIPAA-enabled capabilities |
---|---|---|---|
Alerts | |||
AWS Metric Streams | |||
Errors inbox | |||
Incident Intelligence (Applied Intelligence) | |||
Infrastructure agent (and associated on-host integrations) | |||
Cloud integrations (AWS, Azure, and GCP) | |||
Insights | |||
Logs (with exception of log patterns) | |||
Network Performance Monitoring | |||
Pixie: Community Cloud for Pixie Community Cloud for Pixie has completed a SOC 2 Type 1 audit. | |||
Pixie: Auto-telemetry with Pixie | |||
Plugins | |||
Proactive Detection (Applied Intelligence) | |||
Serverless | |||
Synthetic monitoring | |||
Note: "HIPAA Enabled Capabilities" is also the same Services that are currently undergoing "HITRUST CSF" review.
Customer risk management
All New Relic services are intended to be covered by our compliance programs. However, a new service may not be covered by one or more of our compliance programs at any given time throughout the year. This is primarily dependent on the timing when the service achieved General Availability (GA) status and the timing of the specific compliance program's annual authorization, certification, or assessment.
You can use any New Relic service regardless of its compliance program status. However, if a service is not yet in scope of our compliance programs, we encourage you to consider your risk appetite in the decision to use the specific New Relic product or service.
If you choose to use New Relic services that are not yet in our compliance program scope, you assume the responsibility to review, understand, and risk-manage your security controls as you deem appropriate. You also have the option to wait for New Relic to authorize these services before you use them.
その他のヘルプ
さらに支援が必要な場合は、これらのサポートと学習リソースを確認してください:
- Explorers Hubでは、コミュニティからのサポートを受けたり、ディスカッションに参加したりすることができます。
- 当社サイトで答えを見つけて、サポートポータルの使用方法を確認してください。
- Linux、Windows、およびmacOS向けトラブルシューティングツールであるNew Relic Diagnosticsを実行してください。
- New Relicの とandドキュメント をご確認ください。