Cloud Fortified Apps Program security requirements

The security requirements for Cloud Fortified Apps use established security programs.

To meet the security requirements, Cloud Fortified Apps must:

Fill out the Privacy and Security tab in the Marketplace app listing

To elevate the trust posture of Marketplace and increase visibility on security indicators, the Privacy and Security tab was introduced in the Marketplace listing UI for cloud apps. The Privacy and Security tab provides detailed information on the privacy, security, data handling, and compliance practices followed by the cloud apps. As the Security Self Assessment program(SSA) got deprecated on August 22, 2023, the Privacy and Security tab has replaced SSA as a Cloud Fortified requirement.

The tab includes a list of questions prepared based on customer research where customers indicated that the high-level information provided by partners to these questions would help them determine whether a more in-depth privacy and security review is required or not.

For Cloud Fortified Apps approval, the Privacy & Security tab needs to be completely filled out.

Participate in the Marketplace Security Bug Bounty Program and receive a Cloud Security Participant badge

The Marketplace Security Bug Bounty Program is hosted on Bugcrowd, a SaaS platform built to crowdsource vulnerability discovery from a global pool of talented security researchers. Marketplace Partners who join this program allow security researchers to test their applications for security vulnerabilities. These security researchers are then rewarded based on the severity of the vulnerability discovered. The result is a cost efficient solution for Marketplace Partners to discover and fix vulnerabilities in their apps on an ongoing basis that results in more secure apps for customers.

Marketplace apps that are participating in the Marketplace Bug Bounty Program are identifiable by the security badge on their Marketplace app listing.

For Cloud Fortified Apps approval, check whether your app has a green checkmark for "This app is part of the Marketplace Bug Bounty Program," as shown below. If it does, you can skip this section and attest to this in the approval checklist.