Compliance for Government Cloud

Compliance for United States government agencies involves strict security measures, such as encryption, access controls, and regular audits. Compliance ensures the confidentiality, integrity, and availability of data stored in the cloud.

As governments adopt cloud technologies to store and manage data, Salesforce provides compliance with various security and privacy standards. As the primary compliance framework for computing systems, FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs) serving federal agencies.

CSPs undergo rigorous security assessments to obtain FedRAMP authorization to offer services to government agencies. By adhering to these standards, Government Cloud mitigates risks and maintains trust in the handling of sensitive information.

Government Cloud handles the critical aspects of modernizing government infrastructure while safeguarding sensitive data and maintaining public trust.

Compliance by Operating Zone

This baseline set of compliance standards enables the sharing of data, operations, and the use of Salesforce by government defense entities and contractors.

Salesforce Government Cloud Plus:

• FedRAMP High Provisional Authority to Operate (P-ATO)
• Department of Defense (DoD) Impact Level (IL) 2 Provisional Authority (PA) (via FedRAMP reciprocity)
• Internal Revenue Service (IRS) 1075 and National Institute of Standards and Technology (NIST) Special Publications (SP) 800-171 attestations

Salesforce Government Cloud Plus - Defense:

• FedRAMP High P-ATO from the FedRAMP Board
• DoD IL5 PA, IRS 1075
• NIST SP 800-171 attestations