Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.
The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD specifically has defined additional cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud Service Providers (CSPs) supporting U.S. DoD customers are required to comply with these requirements.
The Salesforce Government Cloud and Government Cloud Plus has been granted a Provisional Authorization (PA) for Impact Level 2 (IL2) from Defense Information Systems Agency (DISA) leveraging Salesforce's FedRAMP Moderate and High ATOs. IL2 is for non-Controlled Unclassified Information (non-CUI), which includes all data cleared for public release, as well as some DoD private unclassified information not designated as CUI or critical mission data that requires some minimal level of access control. Additional information can be found at https://www.salesforce.com/solutions/industries/government/compliance/