Users

Department of Agriculture

Department of Commerce

Department of Health and Human Services

Department of Labor

Department of State

Department of Housing and Urban Development

Department of Energy

Department of Veterans Affairs

Government of the United Kingdom

State of New Jersey

University of Washington School of Medicine

Department of Defense

The White House

National Health Service (UK)

National Science Foundation

Department of Homeland Security

Links

Kiteworks for Government

FedRAMP Marketplace

On Carahsoft

Accreditations

Cyber Essentials Plus (UK)

Cyber Essentials Plus is a UK government-backed certification scheme aimed at helping organizations protect themselves against common cyber threats.

FedRAMP (Approved)

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

DoD-Wide (Approved)

DoD-Wide is a process sponsored by the U.S. Department of Defense to assess and authorize commercially-operated cloud services for use by the Department of Defense and its components. It provides a standardized approach for security assessment, authorization, and continuous monitoring based on the FedRAMP program.

ISO 27001

ISO 27001 is an international standard for information security management systems that provides a framework for organizations to establish, implement, maintain, and continually improve their information security practices.

ISO 27017

ISO 27017 is an international standard that specifically focuses on cloud security, providing guidelines and controls for cloud service providers and their customers to ensure the secure use of cloud computing services.

ISO 27018

ISO 27018 is an international standard that outlines privacy controls and guidelines for the protection of personally identifiable information (PII) in cloud computing environments, emphasizing the importance of data privacy and compliance with applicable data protection regulations.

SOC 2 Type II

SOC 2 Type II is a compliance framework that assesses and verifies the effectiveness of an organization's internal controls and security practices over a specified period, providing assurance regarding the security, availability, processing integrity, confidentiality, and privacy of customer data.

HIPAA

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that establishes privacy and security standards to protect the confidentiality and integrity of individuals' health information, while also ensuring the portability of health insurance coverage.

Standards

FIPS 140-2

FIPS 140-2 is a federal standard issued by the National Institute of Standards and Technology (NIST) that defines security requirements for cryptographic modules used to protect sensitive information, ensuring they meet specific security standards and capabilities. The information security community has occasionally disputed the efficacy of the standard due to concerns that the certification process may not always align with the latest security threats and that it can be slow to adapt to evolving cryptographic technologies.

NIST 800-171

NIST 800-171 is a set of security guidelines and controls designed by the National Institute of Standards and Technology (NIST) to enhance the protection of Controlled Unclassified Information (CUI) in non-federal systems and organizations.