Security is the heart of what we do. Securing our customers starts with our own security and compliance posture.
All of GovSky’s infrastructure is hosted in FedRAMP moderate or higher environments in US zones only.
All customer data is encrypted at rest using a FIPS 140-2 validated encryption module. Customer files are encrypted with company-specific keys before general encryption at rest.
All data is encrypted in transit. Customer data, internal communication, and inter-service traffic are all encrypted with TLS for security.
Zero-trust principles are applied to all employee and application workflows. All internal communications, administrative or service-layer, are authenticated and follow least privilege practices.
GovSky performs static analysis and vulnerability scanning throughout our software development process. In addition, vulnerability and security scans are conducted automatically to detect emerging threats.
All data encryption keys are stored separately from data and are routinely, automatically rotated using root keys stored in a Hardware Security Module (HSM).
GovSky was built from the beginning to be CMMC compliant, and we are in line to be one of the first companies assessed by a C3PAO when assessments kick off this year.
GovSky is built and operated in the US, by US persons only. No external parties have access to your data or metadata. We do not employ contractors or other third parties for anything product related.
GovSky employees are only granted permissions to resources required to perform their roles. Employee accounts and device access are centrally managed. Programmatic and application credentials are rotated automatically on a regular basis and are independent from employee accounts.
Subscribe to our newsletter for the latest security and compliance news.
Built and operated by U.S. persons only to support ITAR and export control requirements.
Exeter, New Hampshire