About IBM Cloud for Government compliance programs

Cybersecurity attacks are here to stay — so your security and compliance efforts must continuously evolve. IBM Cloud® for Government supports all major US government standards and regulations. Move applications to the cloud with confidence, backed by multiple, overlapping tiers of protection.

In addition to US government certifications and standards, IBM Cloud for Government data centers also adhere to global, industry and regional compliance programs.

US federal government

DoD DISA

The Defense Information Systems Agency (DISA) is an agency of the US Department of Defense (DoD), and provides the DoD Cloud Computing Security Requirements Guide (SRG). The SRG defines baseline security requirements for cloud services that host DoD information, systems and applications, and defines requirements for the use of cloud services by the DoD.

IBM Cloud for Government is DoD DISA Impact Level 2 authorized.

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

IBM Cloud for Government and IBM SmartCloud® for Government meet FedRAMP's high security requirements.

IBM Cloud for Government offerings with FedRAMP high authorization include:

Fortigate Security Appliance
Gateway Appliance
Hardware Dedicated Firewall
IBM Cloud Backup
IBM Cloud Bare Metal
IBM Cloud Block Storage
IBM Cloud Direct Link Connect
IBM Cloud Direct Link Dedicated
IBM Cloud Direct Link Dedicated Hosting
IBM Cloud File Storage
IBM Cloud Load Balancer (Dedicated options)
IBM Cloud Object Storage (IaaS)
IBM Cloud Virtual Servers

Open source database: 
MongoDB

Third party options:
Microsoft MySQL
Microsoft SQL Server
VMware 

FFIEC

To address emerging threats, the US Federal Financial Institutions Examination Council (FFIEC) requires financial organizations to continuously perform risk assessments, adjust control mechanisms as indicated, and implement a layered approach to security. IBM Cloud for Government identifies the controls that are required to meet the FFIEC guidance, identify and address emerging threats, and apply layered security to prevent client fraud.

FISMA

The Federal Information Security Management Act of 2002 (FISMA) ensures the security of data in the federal government. FISMA requires program and agency officials to conduct annual reviews of information security programs to minimize risks with improved speed, cost-effectiveness and efficiency.

IBM Cloud for Government is FISMA Impact Level High compliant. 

FISMA logo

ITAR

United States International Traffic in Arms Regulations (ITAR) controls the export of defense-related articles from the US. ITAR requires that no non-US person can have physical or logical access to the data stored in ITAR-compliant environments.

IBM Cloud platform provides both federal and commercial offerings that support ITAR.

ITAR logo