Print this page

FedRAMP - Customer Information Spillage - FAQ

Knowledge Article Number 000212977

The Federal Risk and Management Authorization Program (FedRAMP) provides a set of required security controls that must be implemented by Cloud Service Providers (CSPs) that would like to do business with the US Federal Government. Salesforce is currently compliant with FedRAMP controls.The FedRAMP baseline of controls was updated in June 2014, and now requires implementation of control IR-9, Information Spillage Response.


The Salesforce Government Cloud is a portion of Salesforce’s multi-tenant infrastructure, specifically isolated for use by U.S federal, state, and local government customers, U.S. government contractors, and Federally Funded Research and Development Centers (FFRDCs).


Customers using the Salesforce Government Cloud must ensure that the security categorization of information types collected, processed, or stored on the environment does not exceed the high-water mark of “Moderate” for confidentiality, integrity, and availability, specifically defined by the customer.


Customer agencies will be expected to perform a separate FIPS 199 data categorization analysis for their own data hosted on Salesforce’s cloud environment.

Frequently Asked Questions

1.  What is information spillage?

a.  Information spillage occurs when a user inputs information or sensitive data into a shared cloud infrastructure that is not authorized by regulations applicable to the Customer agency to be stored or processed on their org.


2.  Who is responsible for identifying information spillage?

a.  The customer is responsible for identifying information spillage within their Salesforce org and must also identify the specific data involved in the spill.
b.  Salesforce does not have insight into the type of data that customers have authorized for storage in their org, thus we cannot provide direct data management support. Salesforce Customer Support may assist administrators of the government org regarding instructions for deleting the content, managing permissions, and managing user rights.  


3.  What must I do once the information spillage is identified?

a.  After the information spillage has been identified, it is the customers’ responsibility to delete all data related to the information spillage from their Salesforce org.
b.  Customers should empty their Recycle Bin to ensure all related data is unrecoverable by their users.
c.  Administrators and users with the “Modify All Data” permission enabled would need to determine if access to certain fields should be restricted while the information spillage cleanup is underway.


4.  How do I delete the data from my org?  

a.  For help with deleting data, you can reference the “I have identified unwanted data in my system. How do I delete it?” Knowledge article in Help & Training.
b.  You can also reference the “Inserting, Updating, or Deleting Data Using Data Loader” Knowledge article in Help & Training.


5.  Which permissions must be enabled in order to delete the data?

a.  Administrators and users with the “Modify All Data” permission enabled have data deletion rights.

6.  Where can I find additional information?

a.  For additional questions, you can contact Customer Support by logging a case via the Help & Training portal.



promote demote