NIST SP 800-171
In October 2016, the U.S. Department of Defense (DoD) updated acquisition requirements for government contractors to provide more specific guidance in light of their continued use of cloud computing services as it relates to the transmission, storage, and processing of DoD controlled unclassified information (CUI). When cloud services containing CUI are part of a system operated on behalf of the U.S. Government, those cloud services must comply with the requirements defined in the DoD Cloud Computing Security Requirements Guide (SRG). When cloud services are part of a system not operated on behalf of the U.S. Government, those cloud services are expected to comply with the Moderate Impact requirements defined by the Federal Risk and Authorization Management Program (FedRAMP).
Since May 2014, Salesforce has maintained an agency FedRAMP authorization at the Moderate Impact level for the Salesforce Government Cloud. Further, as of January 2017, Salesforce was granted a Provisional Authorization for the Salesforce Government Cloud at Information Impact Level 4 (IL4) by the Defense Information Systems Agency (DISA).
In May 2020, Salesforce Government Cloud Plus received U.S. Government authorizations (as detailed at https://compliance.salesforce.com/en/services/government-cloud-plus) that may assist DoD mission owners and authorized contractors in their management of CUI, including Personal Identifiable Information (PII), Protected Health Information (PHI), and other mission-critical data requiring protection from unauthorized disclosure. Additional information can be found at https://www.salesforce.com/solutions/industries/government/overview/.
Applicable documents by service
|Sort by: |
|Sort by: |
|Infrastructure||Sort by: |