What is Cerbos?
Cerbos is an end-to-end enterprise authorization software designed for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across applications, APIs, AI agents, MCP servers, services, and workloads. The platform consists of an open-source Policy Decision Point (PDP), Enforcement Point SDKs, and a centrally managed Policy Administration Point (Cerbos Hub) that coordinates unified policy-based authorization across your entire architecture.
The software enables organizations to implement RBAC, ABAC, and PBAC models to enforce least-privilege authorization across all identities. It provides comprehensive audit logs for compliance with standards like GDPR, SOC 2, HIPAA, and ISO 27001. Cerbos supports deployment in cloud, self-hosted, on-premise, and air-gapped environments, offering flexibility for various security and compliance requirements.
Features
- Policy Decision Point: Open-source authorization engine that evaluates and applies fine-grained, contextual access control
- Policy Administration Point: Central control plane for policy management, testing, deployment and compliance visibility
- Policy Enforcement Point: Native SDKs for real-time access decisions with seamless in-app enforcement
- Compliance Ready Audit Logs: Ensure Zero Trust, compliance and audit readiness for various regulatory standards
- Flexible Deployment: Deploy to containers, serverless, edge, or multi-region clusters in cloud or on-premise environments
- Multiple Authorization Models: Implement RBAC, ABAC, PBAC models to enforce least-privilege authorization
- AI System Security: Secures AI agents, RAG pipelines, and MCP servers with precise, contextual access control
- Programmatic Policy Management: Create, update and manage policies using CLI or API from applications
Use Cases
- Enterprise application permissions management
- Multi-tenant SaaS access control
- AI system and agent security
- RAG pipeline authorization
- MCP server access control
- Non-human identity authorization
- Compliance and audit logging for regulatory requirements
- Zero Trust security implementation
FAQs
-
What is a Monthly Active Principal (MAP)?
A Monthly Active Principal is the number of unique principals (users or services) that are authorized during one calendar month. This includes both human users and non-human identities like applications, services, or bots that access your system. -
Can I deploy Cerbos in on-premise or air-gapped environments?
Yes, Cerbos supports deployment in various environments including cloud, self-hosted, on-premise, and air-gapped setups to meet different security, compliance, and isolation requirements. -
What programming languages are supported by Cerbos SDKs?
Cerbos provides SDKs for multiple programming languages including JavaScript, Python, Java, .NET, PHP, Rust, Go, and Ruby, enabling integration with diverse technology stacks. -
What compliance standards does Cerbos support?
Cerbos supports compliance with various regulatory standards including FedRAMP, SOC 2, SOC 3, ISO 27001, HIPAA, PCI DSS, and GDPR through its comprehensive audit logging and authorization features. -
Can I switch from Cerbos Hub back to the open source PDP solution?
Yes, you can switch back to using the open source Cerbos PDP solution by hosting your own policy files and changing your PDPs' configuration to point at them instead of Cerbos Hub.
