Security in Government Cloud
Government Cloud meets the security requirements of FedRAMP (Federal Risk and Authorization Management Program) and other security protocols.
Government Cloud meets all FedRAMP security and compliance standards. FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by the U.S. government.
The following Mule 4 connectors are FIPS compliant:
The following modules are FIPS compliant:
A Third-Party Assessment Organization (3PAO) performs the security assessments following guidance in the National Institute of Standards and Technology (NIST) 800-37 publication. The security assessment validates management, operational, and technical security controls used to protect the confidentiality, integrity, and availability of Government Cloud and the data it stores, transmits, and processes.
MuleSoft obtained the FedRAMP Agency Authority to Operate (ATO) at the Moderate Impact Risk level.
In addition to FedRAMP compliance, Government Cloud adheres to these security protocols:
Federal Information Processing Standards (FIPS 140-2)
Complies with hardware and software encryption standards for all data at rest (stored data).
You must configure Mule runtime engine to run in FIPS-compliant mode. See FIPS 140-2 Compliance Support.
Transport Layer Security (TLS) 1.2 encryption
Implements encryption for all external and internal data transmission to block “man in the middle” attacks.
Enhances physical and logical security.
Hardens instances to address the Center for Internet Security checklists.
Government Cloud is hosted in Amazon Web Services (AWS) High Authorized GovCloud.
AWS GovCloud provides:
ITAR (International Traffic in Arms Regulations) compliance
Department of Defense (DoD) Provisional Authorization at IL (Impact Level) 2, 4, and 5
Government Cloud provides a highly secure environment for government entities to perform sensitive data manipulations.
Mule runtime engine transmits but does not inspect, permanently store, or otherwise interact directly with government data. Government agencies always maintain control over their data, configuration, and workers.
MuleSoft supports Government Cloud with dedicated support personnel located in the United States. MuleSoft provides continuous monitoring services to protect confidentiality, integrity, and availability of government data managed in Government Cloud.
The MuleSoft Compliance and Information Security teams:
Work directly with FedRAMP agencies to address all vulnerabilities as required by FedRAMP ATO standards.
Follow industry best practices for security, including password enforcement, multi-factor authentication (MFA), and user education.
Maintain security policies related to operations, data security, passwords and credentials, facilities and network security, and secure connectivity.
Perform internal security audits to ensure compliance with security policies.