Trust | Compliance

Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

NIST SP 800-171

In October 2016, the U.S. Department of Defense (DoD) updated acquisition requirements for government contractors to provide more specific guidance in light of their continued use of cloud computing services as it relates to the transmission, storage, and processing of DoD controlled unclassified information (CUI). When cloud services containing CUI are part of a system operated on behalf of the U.S. Government, those cloud services must comply with the requirements defined in the DoD Cloud Computing Security Requirements Guide (SRG). When cloud services are part of a system not operated on behalf of the U.S. Government, those cloud services are expected to comply with the Moderate Impact requirements defined by the Federal Risk and Authorization Management Program (FedRAMP).

Since May 2014, Salesforce has maintained an agency FedRAMP authorization at the Moderate Impact level for the Salesforce Government Cloud. Further, as of January 2017, Salesforce was granted a Provisional Authorization for the Salesforce Government Cloud at Information Impact Level 4 (IL4) by the Defense Information Systems Agency (DISA).

In May 2020, Salesforce Government Cloud Plus received U.S. Government authorizations (as detailed at that may assist DoD mission owners and authorized contractors in their management of CUI, including Personal Identifiable Information (PII), Protected Health Information (PHI), and other mission-critical data requiring protection from unauthorized disclosure. Additional information can be found at

NIST SP 800-171

Applicable documents by service


© Copyright 2021, inc. All rights reserved.