Whether your data is in transit to New Relic or at rest in our storage, we apply strong encryption measures to help prevent unauthorized access, threats, or theft. FIPS 140-2 compliant encryption standards (using validated cryptographic modules) are available in AWS US and AWS EU regions.
New Relic is authorized for Moderate Impact SaaS Services (FedRAMP Authorized Moderate) for accounts that meet specific criteria. As a cloud service provider, we are committed to ensuring our compliance with FedRAMP's requirements for the confidentiality, integrity, and availability of your data.
This document describes our data encryption methods, including who gets it, what data is encrypted, and how it works. For more information, see our security documentation and Security website, or contact your account representative.
Encryption in transit
All New Relic customers benefit from the security provided with data encryption in transit. TLS is required for all domains.
Encryption in transit | Comments |
|---|---|
Who gets it | Data encryption in transit is automatically included in all New Relic subscriptions. |
What data is encrypted | Encryption in transit applies to our agents and APIs. This also applies to any third-party telemetry sources that use TLS with New Relic, such as Prometheus OpenMetrics and other integrations. |
How it works | Uses industry-standard transport layer security (TLS). Our preferred protocol for all domains is TLS 1.3. For more information about data transmission, firewalls, hosting, and storage, see our data security documentation. |
Encryption at rest
New Relic provides additional security by encrypting all data at rest. FIPS 140-2 compliance is available, if requested.
Encryption at rest | Comments |
|---|---|
Who gets it | Free for all New Relic customers wherever data is stored |
What data is encrypted | Applicable data at rest |
How it works | New Relic applies encryption to the data stored. For example, data in AWS and Azure is encrypted using an AES-256 block cipher, which can be implemented in a FIPS-validated cryptographic hardware module. Encryption keys are generated using the hardware module and are unique to each instance storage device. All encryption keys are destroyed when the instance stops or terminates, and they cannot be recovered. As additional security measures:
|