About IBM Cloud for Government compliance programs

Cybersecurity attacks are here to stay — so your security and compliance efforts must continuously evolve. IBM Cloud™ for Government supports all major US government standards and regulations. Move applications to the cloud with confidence, backed by multiple, overlapping tiers of protection.

In addition to US Government certifications and standards, IBM Cloud for Government data centers also adhere to global, industry and regional compliance programs.

US Federal Government


The Criminal Justice Information Systems (CJIS) division of the FBI publishes a security policy that contains minimum information security requirements to protect law enforcement and criminal justice agencies. These policies are designed to protect information throughout the data lifecycle.

CJIS logo


The Defense Information Systems Agency (DISA) is an agency of the US Department of Defense (DoD), and provides the DoD Cloud Computing Security Requirements Guide (SRG). The SRG defines baseline security requirements for cloud services that host DoD information, systems and applications, and defines requirements for the use of cloud services by the DoD.

IBM Cloud for Government is DoD DISA Impact Level 2 authorized.


FedRAMP (the Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

IBM Cloud for Government and IBM SmartCloud® for Government meet FedRAMP's high security requirements.


To address emerging threats, the US Federal Financial Institutions Examination Council (FFIEC) requires financial organizations to continuously perform risk assessments, adjust control mechanisms as indicated, and implement a layered approach to security. IBM Cloud for Government identifies the controls that are required to meet the FFIEC guidance, identify and address emerging threats, and apply layered security to prevent client fraud.


The Federal Information Security Management Act of 2002 (FISMA) ensures the security of data in the federal government. FISMA requires program and agency officials to conduct annual reviews of information security programs to minimize risks with improved speed, cost-effectiveness and efficiency.

IBM Cloud for Government is FISMA Impact Level High compliant. 

FISMA logo


United States International Traffic in Arms Regulations (ITAR) controls the export of defense-related articles from the US. ITAR requires that no non-US person can have physical or logical access to the data stored in ITAR-compliant environments.

IBM Cloud platform provides both federal and commercial offerings that support ITAR.

ITAR logo