Announcing Akka 24.05: More Security. More Performance. More Efficiency. Watch the Webinar Replay
Support

Compliance

Akka is built according to internationally-recognized standards in a certified environment, with a safe and verified supply chain. This means:

  • Akka can handle your most sensitive processing and data.
  • The work required to meet your organization’s compliance requirements is substantially reduced.

NIST CyberSecurity Framework

Lightbend takes cybersecurity very seriously. We develop, maintain, and support our products in a secure environment according to detailed processes.

  • Framework for managing and mitigating cybersecurity risks.
  • Defines a proactive stance on cybersecurity with a widely recognized and respected set of guidelines.

SOC 2

  • Lightbend is audited annually against the AICPA SOC2 (Service Organization Control 2) standard validated against 76 distinct control points.
  • Ensures ]compliance with the standard, including an extensive penetration test.
  • The detailed report is available (under NDA) on request.

Additional Standards Compatibility

Lightbend is fully compatible with many other standards. We can help provide guidance and assistance to:

  • Ensure applications built are certified against standards such as ISO 27001/27002, NIST SP800-53A, HIPPA, European Health Standards, and many others.
  • Validate that your Akka applications conform to the Zero-Trust architecture principles outlined in NIST SP 800-207.
  • Achieve and maintain your FedRAMP ATO.

Using Akka enables your organization to save time and money on your own compliance work. Lightbend will manage some of the work and risk that would otherwise be entirely yours. This includes:

  • Legal indemnification and protection of your supply chain.
  • Ensuring the systems you build meet your organization’s requirements to protect you and your customer’s data.
  • Helping you prepare for the implementation of the EU CyberResiliance Act.

Vulnerability

As part of our commitment to these standards, we actively search for and address every vulnerability in Akka, both in our code and the code we depend on from other projects. We follow a detailed and urgent process as part of our support policy that reduces your risk, and we make sure every CVE is properly fixed.

For more on specific Akka security features visit our Security page.

Vulnerabilities and bugs are only fixed and patched in BSL-licensed versions of Akka. The current licensed version of Akka has the following vulnerabilities patched:

  • CVE-2022-42003
  • CVE-2020-36518
  • CVE-2022-42004
  • CVE-2022-42003
  • CVE-2022-22970
  • CVE-2022-22950
  • CVE-2022-22971
  • CVE-2022-22968
  • CVE-2020-13957
  • CVE-2021-37404
  • CVE-2022-25168
  • CVE-2022-26612
  • CVE-2020-9492
  • CVE-2017-15713
  • CVE-2021-22569
  • CVE-2023-29471
  • CVE-2023-31442
  • CVE-2023-33251
  • CVE-2022-41915
  • CVE-2022-3509
  • CVE-2022-3510
  • CVE-2022-3171
  • CVE-2023-44487
  • CVE-2023-45865
  • CVE-2022-3171
  • CVE-2023-2976
  • CVE-2022-3509
  • CVE-2022-3510
  • CVE-2023-34455
  • CVE-2022-36944
  • CVE-2019-20444
  • CVE-2019-20445
  • CVE-2019-16869
  • CVE-2021-37136
  • CVE-2021-37137
  • CVE-2023-20883
  • CVE-2023-4586
  • CVE-2023-6378
  • CVE-2024-1597
  • CVE-2023-6378
  • CVE-2023-39410
  • CVE-2023-46122
  • CVE-2021-46877
  • CVE-2020-15250



Lightbend is a SOC 2 compliant organization beginning with Akka v23.05 released April 25, 2023.

NOTE: Licensing Akka ensures organizations that the version of Akka they are running in production will have all of the latest known vulnerabilities patched and maintain compliance with the standards as listed below.

All earlier or open source versions prior to Akka v23.05 are NOT compliant. Visit Pricing for information on Akka development and production license packages.

SOC 2 standards

Relevant sections from the standards for running Akka in production:

SOC 2

Vendor Management Process, Vendor Compliance Review

  • CC1.4, CC3.2, CC3.4, CC9.2
  • Vendor's compliance must be verified annually

Patch Management

  • CC7.5

Vulnerability Scanning and Remediation

  • CC4.1, CC7.1, CC7.4

Software Development Lifecycle

  • CC8.1
  • Refers to OWASP standards and dependency check

Users of Akka Open Source

Lightbend has committed to patch Severity 1 / Critical vulnerabilities only in the final open source version of Akka (v2.6) until September 2023.

All other vulnerabilities and bugs are only fixed and patched in licensed versions of Akka. The current licensed version of Akka has the following vulnerabilities patched:

  • CVE-2017-15713
  • CVE-2019-16869
  • CVE-2019-20444
  • CVE-2019-20445
  • CVE-2020-13957
  • CVE-2020-36518
  • CVE-2020-9492
  • CVE-2021-22569
  • CVE-2021-37136
  • CVE-2021-37137
  • CVE-2021-37404
  • CVE-2022-22950
  • CVE-2022-22968
  • CVE-2022-22970
  • CVE-2022-22971
  • CVE-2022-25168
  • CVE-2022-26612
  • CVE-2022-3171
  • CVE-2022-3509
  • CVE-2022-3510
  • CVE-2022-36944
  • CVE-2022-41915
  • CVE 2022-42003
  • CVE-2022-42004
  • CVE-2022-42003
  • CVE-2023-20883
  • CVE-2023-2976
  • CVE-2023-29471
  • CVE-2023-31442
  • CVE-2023-33251
  • CVE-2023-34455
  • CVE-2023-44487
  • CVE-2023-4586
  • CVE-2023-45865

NOTE: Maintaining compliance with SOC 2 standards requires licensing and updating production systems to the latest version of Akka.

Visit Pricing for information on Akka development and production license packages.

Talk to an Expert

Tell us what you’re building, and we’ll
tell you how we can help.

Contact Us