Users

Department of Commerce

Department of Justice

Department of Health and Human Services

Consumer Financial Protection Bureau

Department of Defense

Department of Veterans Affairs

Department of State

Federal Communications Commission

Federal Trade Commission

Department of Homeland Security

Office of Personnel Management

Department of Energy

Links

FedRAMP Marketplace (Moderate)

FedRAMP Marketplace (High)

On Carahsoft

Accreditations

FedRAMP (Approved)

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

DoD-Wide (Approved)

DoD-Wide is a process sponsored by the U.S. Department of Defense to assess and authorize commercially-operated cloud services for use by the Department of Defense and its components. It provides a standardized approach for security assessment, authorization, and continuous monitoring based on the FedRAMP program.

Cloud Security Alliance: Level 2

The Cloud Security Alliance: Level 1 is a foundational set of guidelines and best practices for cloud security, offering essential recommendations to help organizations secure their cloud computing environments.

ISO 27001

ISO 27001 is an international standard for information security management systems that provides a framework for organizations to establish, implement, maintain, and continually improve their information security practices.

ISO 27017

ISO 27017 is an international standard that specifically focuses on cloud security, providing guidelines and controls for cloud service providers and their customers to ensure the secure use of cloud computing services.

ISO 27018

ISO 27018 is an international standard that outlines privacy controls and guidelines for the protection of personally identifiable information (PII) in cloud computing environments, emphasizing the importance of data privacy and compliance with applicable data protection regulations.

HIPAA

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that establishes privacy and security standards to protect the confidentiality and integrity of individuals' health information, while also ensuring the portability of health insurance coverage.

SOC 2 Type II

SOC 2 Type II is a compliance framework that assesses and verifies the effectiveness of an organization's internal controls and security practices over a specified period, providing assurance regarding the security, availability, processing integrity, confidentiality, and privacy of customer data.

SOC 3

SOC 3 is a publicly available summary report that provides an overview of an organization's adherence to the SOC 2 framework, focusing on security, availability, processing integrity, confidentiality, and privacy controls, which can be shared with the public and potential customers to demonstrate compliance.

EU Cloud Code of Conduct: Level 2

The EU Cloud Code of Conduct: Level 2 is a set of guidelines and standards for cloud service providers operating in the European Union, focusing on data protection, security, and transparency to ensure compliance with EU data protection regulations.

PCI DSS V3.2

PCI DSS Version 3.2 (Payment Card Industry Data Security Standard) is a comprehensive set of security requirements designed to protect cardholder data by establishing controls and best practices for organizations that handle payment card information.

Standards

NIST 800-171

NIST 800-171 is a set of security guidelines and controls designed by the National Institute of Standards and Technology (NIST) to enhance the protection of Controlled Unclassified Information (CUI) in non-federal systems and organizations.

regulated.app

Okta