HiveMQ Achieves SOC 2 Type II Compliance: A Milestone in Security and Trust
HiveMQ achieves SOC 2 Type II compliance, demonstrating top-notch security, processing integrity, confidentiality, & privacy for its trusted MQTT platform.
Blog
Skip to content 
HiveMQ Security and Trust
Ensure Safe and Secure Enterprise IoT Deployments
We care about your data, so HiveMQ is designed from the ground up with maximum security in mind. Advanced security features are essential for mission-critical IoT scenarios, and HiveMQ gives you the flexibility to enable the specific security features that your individual use case requires.
Compliance at HiveMQ
HiveMQ is committed to using the highest information security and risk management standards to protect and handle customer data with the optimum level of trust and compliance.
GDPR
The collection and processing of personal data is made in accordance with relevant data protection regulations and safeguards for confidential information. Contact us for GDPR DPA and TOMs.
ISO/IEC 27001: 2022
The globally-recognized ISO/IEC 27001: 2022 certification signifies HiveMQ meets the high standard of excellence for information security management systems. Read more in our press release.
SOC 2 Type I
Being SOC 2 Type 1 certified ensures that our systems and controls are designed to meet rigorous security, availability, processing integrity, confidentiality, and privacy standards. Learn more from AICPA.
SOC 2 Type II
HiveMQ is now SOC 2 Type II compliant across all five trust criteria: security, availability, processing integrity, confidentiality, and privacy. Read more on our blog.
CSA STAR Registry
HiveMQ Cloud is listed on the Security, Trust, Assurance, and Risk (STAR) Registry which documents the security and privacy controls provided by cloud computing offerings.
HiveMQ Platform Core Security Features
Secure Comms
Secure communication between HiveMQ and MQTT clients
Secure communication between HiveMQ cluster nodes
Encryption
Native TLS/SSL support for increased performance
Encryption at Transport Layer vs Encryption at Application Layer
Authentication and Authorization
Configurable via custom security extensions
Support from simple username/password to fine-grained RBAC.
Java Key Stores
Support for Java Key and Trust Stores
Dynamic loading and run time
OCSP stapling
Allows an OCSP responder to determine the revocation status of an SSL certificate
Reduces network traffic
Tracing and Logging
Configurable access log for MQTT clients
Audit log for Control Center actions
HiveMQ Security Architecture
Security Resources
Top recommended blogs and other resources to help you keep your IoT deployments secure.
Implementing Authentication in HiveMQ Without Active Directory Schema Changes
A step-by-step guide to implement access control management and authentication inside of HiveMQ Broker without active directory schema changes.
Blog
Stopping the Scam: Anomaly Detection and Fraud Prevention with MQTT
Learn how MQTT & HiveMQ platform help provide deeper insights into IoT/IIoT data, detect anomalies as they occur, & safeguard against fraudulent activities.
Blog
Securing MQTT Devices with OIDC Authentication, HiveMQ, and Microsoft Entra
A step-by-step guide to secure MQTT devices and your IoT ecosystem with OIDC authentication, HiveMQ control center, and Microsoft Entra.
Blog
Authenticating MQTT Devices with HiveMQ and Microsoft Entra
Looking to authenticating MQTT Devices? Explore how to use HiveMQ Enterprise Security Extension for MQTT client authentication using Microsoft Entra ID.
Blog
Understanding HiveMQ’s ISO/IEC 27001 Certification for Information Security Management
Explore why & how HiveMQ adopted ISO/IEC 27001 information security management standard to protect data, intellectual property, & consumer information.
Blog
