Bluebeam on web and mobile security overview

Applies to:

  • Bluebeam on web and mobile

Jump to:

Introduction

This document provides an overview of technical elements concerning features and information that may be helpful in maintaining your security while using Bluebeam on web and mobile.

Access Bluebeam on web and mobile

With a Bluebeam subscription (Basics, Core, or Complete), users get access to Revu 21 (our subscription-based desktop application), Studio Sessions and Projects, and Bluebeam on web and mobile. Access to all these services requires authentication with a username and password associated with a Bluebeam ID (BBID).

To access Bluebeam on web and mobile, do one of the following:

For more information about compatible operating systems and browsers, click here.

Password Requirements

All BBID passwords must be between 8 and 32 characters with at least one uppercase letter, one lowercase letter, one number, and one special character, such as !@#$%^&*. Passwords are hashed prior to storage, using a strong one-way hash algorithm with cryptographic salting to further safeguard passwords in storage.

Accounts are locked if repeated failed authentication attempts are detected.

Studio Comparison

All Studio server connections are initiated by Revu clients. In Bluebeam on web and mobile, there are no system requirements for server to client communication. All communication and transmission of files, markups, other rich data, and all authentication is encrypted through HTTPS.

To compare Studio and Bluebeam on web and mobile for your project management needs, visit this guide.

Firewall Requirements

See Whitelist Bluebeam solutions by domains or IP addresses for the domains and ports used by Revu, Studio, and Bluebeam on web and mobile. If you are only accessing a specific region, allowlist only the necessary domains specific for that region along with the required global services.

Bluebeam Email Domains

We use the following domains to communicate with end users for support, licensing, and information related to Bluebeam on web and mobile. These emails are sent on our behalf by amazonses.com. Allowlisting these domains may be necessary to ensure successful email transmission.

US Environment

@bluebeam.com

@bluebeamops.com

@bluebeam-support.com

UK Environment

@bluebeamstudio.co.uk

AUS Environment

@bluebeamstudio.com.au

DE Environment

@bluebeamstudio.de

SE Environment

@bluebeamstudio.se

For more information about allowlisting Bluebeam solutions, visit this article. If you need to disable access to Bluebeam solutions for users, click here.

Data + System Security

Bluebeam has a comprehensive Information Security program based on industry-standard security frameworks. For more details about our organization security controls, including vulnerability management, physical and datacenter security, network security, and encryption, please click here.

SOC 2 Compliance

The Bluebeam System and Organization Controls (SOC) Report is an independent third-party examination report that demonstrates how Bluebeam achieves key compliance controls and objectives. Bluebeam undergoes an annual SOC 2 audit performed by an external and independent third-party assessor annually to verify the implementation and effectiveness of our security controls. Our report covers the SOC 2 Trust Services Criteria of Security and Availability.

If you would like to request a copy of the report, please contact your Bluebeam representative for more information. If you do not have a Bluebeam representative, contact us for further assistance.

Resources

Bluebeam on web and mobile

This page provides an overview of document and system security and access control for our web and mobile app solution, Bluebeam on web and mobile.