Trust & Compliance Center

Update 09/11/2023

SavvyMoney has chosen to continue support for the ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher suite, which is frequently utilized by the legacy Windows Server 2012. Please be advised that Microsoft's Extended Support for Windows Server 2012 and its R2 variant is set to conclude on October 10th, 2023.

For our partners' convenience and preparation, SavvyMoney will maintain support for ECDHE_RSA_WITH_AES_256_CBC_SHA384 only up to December 31st, 2023. We urge our partners to use this time to facilitate necessary upgrades.

SavvyMoney Security Team

Dear Valued Partner,

We're excited to inform you of essential security upgrades that we have undertaken to enhance the protection of your data.

Enhanced Security Measures: In our commitment to provide exceptional security and align with industry standards, we have integrated new security ciphers in line with SOC2 and the latest PCI 4.0 compliance. These ciphers represent the cutting-edge in data protection, ensuring your data's encryption, integrity, and overall security are of the highest caliber.

Transition Details: The older ciphers, once pivotal for safeguarding your transactions and data, will now be phased out. Our systems will solely rely on the updated security ciphers, guaranteeing your information's utmost confidentiality, integrity, and authenticity.

Reason for the Change: Our decision to embrace the new security ciphers stems from our unwavering pledge to ensure the pinnacle of security for your sensitive data. Adhering to SOC2 and PCI 4.0 standards means we consistently assess and refine our security measures in response to the ever-evolving landscape of threats.

Your Next Steps: Should your organization possess specific security configurations that this transition might impact, we urge you to revisit your security guidelines to confirm compatibility with our newly supported ciphers. Our dedicated support team stands ready to guide and assist you with any queries or concerns.

Our Newly Supported Ciphers: ECDHE-ARIA128-GCM-SHA256 ECDHE-ARIA256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-PSK-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305

For further assistance or to obtain more details, you can reach our security team at security@savvymoney.com. We hold your partnership in high esteem and are here to back you every step of the journey.

Warm regards,

SavvyMoney Security Team

Exciting updates!

1. The Cloud Security Alliance CAIQ (Consensus Assessments Initiative Questionnaire) is now available for download. This questionnaire is a valuable tool for assessing the security of cloud providers.

2. We've also posted our most recent Certificate of Insurance for your reference.

If you would like to send: security@savvymoney.com an Encrypted Signed Message. Our Public PGP key is below.

-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEZM2XnhYJKwYBBAHaRw8BAQdAp/sI8WUhaY6jq16IAv/3EHhJkNStXKc8 IbDvWSHNckDNMlNhdnZ5TW9uZXkgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlA c2F2dnltb25leS5jb20+wowEEBYKAD4FgmTNl54ECwkHCAmQXIXC9KjPnuwD FQgKBBYAAgECGQECmwMCHgEWIQRtBahtcb2qS77/BpdchcL0qM+e7AAAHf0A /RXGWO49p0Ejqt4SiZohRo6RoHqRRUs1q8RFOsGE3iX5AQDwYxSH3JLdo5ib KWKGj6M2P6SMauF05zpYHo83nWUrAs44BGTNl54SCisGAQQBl1UBBQEBB0DH 2S3P1mqvAGhXTSPvSaNcR6ZM0nxomIX+CXh21pmXIgMBCAfCeAQYFggAKgWC ZM2XngmQXIXC9KjPnuwCmwwWIQRtBahtcb2qS77/BpdchcL0qM+e7AAAS3cB AM6xeAKgKzaisQsOI77AdM5GjNQD8fT+zwGpOJmGHVvrAP40om5uCpMrML/o DkdhlZ0gQptYUoFU0oAHVHLfrU87AA== =03Sr -----END PGP PUBLIC KEY BLOCK-----

SavvyMoney and AWS are aware of CVE-2023-20593, otherwise known as "Zenbleed," and can confirm this issue affected AMD "Zen 2", also known as "Rome," CPUs that power the C5a, C5ad, G4ad, and G5 instance families. Because of the design of the EC2 Nitro hypervisor, there is no risk of cross-instance data access. The updated microcode from AMD has been applied to all C5a, C5ad, G4ad, and G5 instances. SavvyMoney has already confirmed all remediations by AWS for any instances using the Zen 2 architecture.

SavvyMoney wants to assure our valued customers that our systems remain unaffected by the MoveIT vulnerability. In light of recent concerns, we understand the importance of addressing potential security risks promptly.

Rest assured, SavvyMoney has taken proactive measures to ensure the security and privacy of our client's information. We do not utilize MoveIT within our infrastructure. Our robust security measures, including firewalls, encryption protocols, and regular security audits, help protect against potential threats.

That's why we want to highlight the joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), which provides valuable insights into the MoveIT vulnerability. You can find the joint advisory on CISA's website. We encourage you to review the advisory to stay informed about the risks associated with the vulnerability.

We remain committed to maintaining a secure environment for our customer's data and will continue to invest in the necessary resources to uphold the highest security standards.

Don't hesitate to contact our dedicated customer support team for any questions or concerns. We value your trust in SavvyMoney and are here to provide you with a secure and reliable financial experience.