Contact Free trial Login

Security in Government Cloud

Government Cloud meets the security requirements of FedRAMP (Federal Risk and Authorization Management Program) and other security protocols.

FedRAMP Compliance

Government Cloud meets all FedRAMP security and compliance standards. FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by the U.S. government.

The following Mule 4 connectors are FIPS compliant:

The following modules are FIPS compliant:

A Third-Party Assessment Organization (3PAO) performs the security assessments following guidance in the National Institute of Standards and Technology (NIST) 800-37 publication. The security assessment validates management, operational, and technical security controls used to protect the confidentiality, integrity, and availability of Government Cloud and the data it stores, transmits, and processes.

MuleSoft obtained the FedRAMP Agency Authority to Operate (ATO) at the Moderate Impact Risk level.

Security Protocols

In addition to FedRAMP compliance, Government Cloud adheres to these security protocols:

  • Federal Information Processing Standards (FIPS 140-2)

    Complies with hardware and software encryption standards for all data at rest (stored data).

    You must configure Mule runtime engine to run in FIPS-compliant mode. See FIPS 140-2 Compliance Support.

  • Transport Layer Security (TLS) 1.2 encryption

    Implements encryption for all external and internal data transmission to block “man in the middle” attacks.

  • NIST 800-53

    Enhances physical and logical security.

  • CIS benchmarks

    Hardens instances to address the Center for Internet Security checklists.

Secure Hosting Platform

Government Cloud is hosted in Amazon Web Services (AWS) High Authorized GovCloud.

AWS GovCloud:

  • Supports compliance with United States International Traffic in Arms Regulations (ITAR)

  • Has achieved Department of Defense (DoD) Provisional Authorization at IL (Impact Level) 2, 4, and 5

Cloud Security and Data

Government Cloud provides a highly secure environment for government entities to perform sensitive data manipulations.

Mule runtime engine transmits but does not inspect, permanently store, or otherwise interact directly with government data. Government agencies always maintain control over their data, configuration, and workers.

Support and Maintenance

MuleSoft supports Government Cloud with dedicated support personnel located in the United States. MuleSoft provides continuous monitoring services to protect confidentiality, integrity, and availability of government data managed in Government Cloud.

The MuleSoft Compliance and Information Security teams:

  • Work directly with FedRAMP agencies to address all vulnerabilities as required by FedRAMP ATO standards.

  • Follow industry best practices for security, including password enforcement, multi-factor authentication (MFA), and user education.

  • Maintain security policies related to operations, data security, passwords and credentials, facilities and network security, and secure connectivity.

  • Perform internal security audits to ensure compliance with security policies.

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.