microCMS Features

Security

To help you run your CMS with confidence, microCMS maintains security standards suitable for large enterprises and financial institutions—from building information management systems to security audits, with meticulous attention at every level.

Contact Sign up free
ヒーローイメージ

Security (robustness)

We protect your data and keep the system resilient against unauthorized access and external attacks.
A comprehensive set of security measures helps you use microCMS with confidence.

Data protection through encryption

Data protection through encryption

All data is stored in encrypted form. Even if a malicious third party attempts to access it, the contents cannot be decrypted.

Two-factor authentication

Two-factor authentication

Two-factor authentication is available on all plans to strengthen login security.

*Mandatory 2FA as a service setting is available on the Enterprise plan. See the pricing page for details.

View feature detailsicon
Encrypted communication

Encrypted communication

All communication with microCMS is encrypted with TLS, helping prevent tampering and leakage of data in transit.

IP restriction (admin panel)

IP restriction (admin panel)

You can limit access to the microCMS admin panel to specific IP addresses. Once configured, the admin panel cannot be used from IP addresses outside the allowed range.

*IP restriction is available on Business and Enterprise plans. See the pricing page for details.

View feature detailsicon
IP restriction (API)

IP restriction (API)

You can restrict clients that call the microCMS API based on IP address, enabling safer API usage.

*IP restriction is available on Business and Enterprise plans. See the pricing page for details.

View feature detailsicon
WAF protection

WAF protection

A standard web application firewall (WAF) is included on all plans to help defend against malicious attacks.

Vulnerability assessments

Vulnerability assessments

We conduct regular vulnerability assessments through third-party organizations. If any issues are found, we respond promptly.

Role and permission management

Role and permission management

You can separate development-related settings and content publishing scope by role, helping prevent mistakes from unauthorized operations.

*Role and permission management is available on Business and Enterprise plans. See the pricing page for details.

View feature detailsicon
Content revision history

Content revision history

Content revision history is saved automatically when you publish, save as draft, or schedule content, and you can restore previous versions at any time.

*Restoring past versions from content revision history is available on Business and Enterprise plans. See the pricing page for details.

View feature detailsicon
Audit logs

Audit logs

You can review user actions on the service in chronological order—what was done, when, by whom, and from where. You can also filter by time range and export logs for use as audit evidence.

*Audit logs are available on the Enterprise plan. See the pricing page for details.

View feature detailsicon
Multiple environments (staging)

Multiple environments (staging)

When you are already running in production, multiple environments let you safely change API schemas and related settings.
You can add or update features without affecting the production environment.

*Multiple environments are available on Business and Enterprise plans. See the pricing page for details.

View feature detailsicon

Stability (infrastructure)

We build robust infrastructure to support stable system operation and maximize service availability and reliability.
We also maintain a response framework for incidents so users can rely on the service with confidence.

High availability and fault tolerance

High availability and fault tolerance

microCMS uses an AWS-based serverless architecture with high availability and fault tolerance for 24/7 operation.
*We will notify you separately during maintenance and similar events.

Data backup

Data backup

microCMS backs up all data for the past 35 days at an appropriate management level.

View backup detailsicon
REST API security

REST API security

You can instantly toggle GET/POST availability and update API keys immediately.

Service status and notifications

Service status and notifications

  • API operation status (GET, PUT, etc.)
  • Admin panel operation status for content editing

You can check these statuses and receive notifications (email, Slack, or RSS) when incidents occur.

Status pageicon How to check statusicon

External integrations

We prioritize integration with APIs and external systems, enabling flexible and scalable content operations while meeting security requirements.

Amazon S3 integration

Amazon S3 integration

You can switch media storage to your own Amazon S3 bucket.
Apply security settings aligned with your organization's policies, even for projects with strict requirements.

*Amazon S3 integration is available on the Enterprise plan. See the pricing page for details.

View feature detailsicon

ISO 27001 (ISMS) certified

ISMS certification
IS 763028 / ISO 27001

We obtained ISO 27001 (ISMS) certification on April 22, 2022.
Our ISMS committee regularly reviews and improves internal controls.

We continue to strengthen information security so you can use microCMS with confidence.

Information security policyicon

Security checklist

Security checklist

We provide two security checklists for security audit teams.

  • METI public
    「Cloud Service Level Checklist」
  • IPA public
    「Secure Website Checklist」

These checklists follow standard security guidelines in Japan.
Use them to evaluate whether microCMS meets your organization's security requirements.

Download (Japanese)
Try microCMS for free

Get started with microCMS at no cost.
Contact us if you have any questions.

Sign up free Contact sales