Standards - FISMA, FedRAMP, FIPS 140
Fully compliant
International standards
HyperCloud’s proven technology is in use in highly sensitive environments across Australia, the United States and other NATO countries. It operates in accordance with the Australian Government’s Defence Security Principle Framework (DSPF) and Information Security Manual (ISM), and has been designed to work with Five Eyes nations, the NATO Federated Mission network, as well as other secure frameworks.
The software foundation in HyperCloud is based on a lineage of intellectual property developed and designed for FISMA Systems at the “High” level, including equivalent evaluations such as FedRAMP High and DoD SRG IL-5. In addition, HyperCloud relies on FIPS-140 compatible cryptographic modules.
Principles
For almost a decade SoftIron has been a trusted vendor to government and defense organizations, and the principles we have based our business upon reflect the same principles that security partnerships like AUKUS and the Quad use to control and design critical technologies.
These principles include:
- Technology vendors should be secure, trustworthy and transparent
- Technology supply chains should be resilient, secure and diverse
- Technology and the standards that govern it must enhance the dignity and privacy of individuals, and not be used for coercive or un-democratic ends
SoftIron is uniquely positioned to meet the cloud and digital transformation needs of AUKUS, the Quad and allied partners due to its secure by design principles that require ‘Zero Trust’ due to the unique provenance of both the software and hardware.
Featured standards
FISMA High compliance
The Federal Information Security Management Act (FISMA) is a United States federal law that was enacted in 2002 to strengthen information security systems and protect government information and operations. It is one of the most important regulations for U.S. federal data security standards and guidelines.
FISMA High is the highest level of compliance and provides the strictest level of controls to ensure protection of more critical or sensitive data that would have a severe or catastrophic effect on an organization should it be lost.
HyperCloud has been designed to meet FISMA High compliance standards and is already used in the executive and legislative branches of the US federal government, Defense, and by the contractors and other organizations that support them.
FedRAMP High
FedRAMP is the Federal Risk and Authorization Management Program. It was developed in 2011 to support the United States’ “Cloud-first” mandate and to give guidance for security in the cloud.
FedRAMP high impact level is the standard for security necessary to protect some of the U.S. federal government’s most sensitive unclassified data.
HyperCloud has been accredited to FedRAMP High.
Department of Defense (DoD) SRG IL-5
HyperCloud has been accredited to DoD SRG IL-5. IL-5 information covers controlled unclassified information across a number of sectors including defense, critical infrastructure, finance, law enforcement, intelligence and others.
IL-5 also covers National Security Systems and can provide services to any agency involved in intelligence activities, cryptologic activities related to national security, command and control of military forces and weapons systems.
FIPS 140
Validation against the FIPS 140 standard is required for all U.S. federal government agencies that use cryptography-based security systems—hardware, firmware, software, or a combination—to protect sensitive but unclassified information stored digitally.
SoftIron maintains an active commitment to meeting the FIPS 140 requirements.
Common Vulnerabilities and Exposures (CVE)
SoftIron actively participates in the Common Vulnerabilities and Exposures (CVE) program, contributing to a global effort to identify and address cybersecurity vulnerabilities. Through rapid detection, assessment, and remediation of vulnerabilities, SoftIron strengthens its cyber defenses, ensuring resilience against emerging threats and maintaining the security of its digital infrastructure.
SoftIron is a CVE Naming Authority (CNA).
Defense Industry Security Program (DISP)
As a member of the Defense Industry Security Program (DISP), SoftIron upholds stringent security standards to protect sensitive defense-related information. DISP provides essential guidelines and measures to ensure the integrity of defense contracts and safeguard critical assets. SoftIron’s adherence to DISP standards underscores its dedication to maintaining the highest levels of security within the defense industry, fostering trust and reliability in its operations.
Cyber Essentials
SoftIron is a proud member of Cyber Essentials, a UK government-backed initiative aimed at enhancing cybersecurity measures. By adhering to Cyber Essentials’ guidelines, SoftIron fortifies its digital defenses, providing assurance to customers, particularly those in government sectors, of its commitment to proactive cybersecurity practices.