Users

Department of Defense

Department of Transportation

General Services Administration

Department of Agriculture

Department of Education

Department of Health and Human Services

Department of Labor

Kaiser Permanente

Department of Commerce

Links

FedRAMP Marketplace

On Carahsoft

SAM.gov Registration

Accreditations

FedRAMP (Approved)

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

DoD-Wide (Approved)

DoD-Wide is a process sponsored by the U.S. Department of Defense to assess and authorize commercially-operated cloud services for use by the Department of Defense and its components. It provides a standardized approach for security assessment, authorization, and continuous monitoring based on the FedRAMP program.

Cyber Essentials Plus (UK)

Cyber Essentials Plus is a UK government-backed certification scheme aimed at helping organizations protect themselves against common cyber threats.

StateRAMP (Approved)

StateRAMP is a state government led program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services based on the FedRAMP program.

SOC 2 Type II

SOC 2 Type II is a compliance framework that assesses and verifies the effectiveness of an organization's internal controls and security practices over a specified period, providing assurance regarding the security, availability, processing integrity, confidentiality, and privacy of customer data.

SOC 3

SOC 3 is a publicly available summary report that provides an overview of an organization's adherence to the SOC 2 framework, focusing on security, availability, processing integrity, confidentiality, and privacy controls, which can be shared with the public and potential customers to demonstrate compliance.

PCI DSS V3.2

PCI DSS Version 3.2 (Payment Card Industry Data Security Standard) is a comprehensive set of security requirements designed to protect cardholder data by establishing controls and best practices for organizations that handle payment card information.

HIPAA

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that establishes privacy and security standards to protect the confidentiality and integrity of individuals' health information, while also ensuring the portability of health insurance coverage.

Cloud Security Alliance: Level 1

The Cloud Security Alliance: Level 1 is a foundational set of guidelines and best practices for cloud security, offering essential recommendations to help organizations secure their cloud computing environments.

ISO 27001

ISO 27001 is an international standard for information security management systems that provides a framework for organizations to establish, implement, maintain, and continually improve their information security practices.

ISO 27017

ISO 27017 is an international standard that specifically focuses on cloud security, providing guidelines and controls for cloud service providers and their customers to ensure the secure use of cloud computing services.

ISO 27018

ISO 27018 is an international standard that outlines privacy controls and guidelines for the protection of personally identifiable information (PII) in cloud computing environments, emphasizing the importance of data privacy and compliance with applicable data protection regulations.

Standards

NIST 800-171

NIST 800-171 is a set of security guidelines and controls designed by the National Institute of Standards and Technology (NIST) to enhance the protection of Controlled Unclassified Information (CUI) in non-federal systems and organizations.

regulated.app

Appian