Regulation Active now
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Thales helps Federal Government agencies and their suppliers meet these FedRAMP compliance standards. Read the white paper
According to FedRamp.Gov the goals of the program are as follows:
Also according to FedRamp.Gov, FedRAMP authorizes cloud systems in a three step process:
Core Thales capabilities that help meet FedRAMP compliance standards include:
Thales products help Federal Government agencies and their suppliers with FedRAMP compliance and encryption.
The Vormetric Data Security Platform from Thales is the only solution with a single extensible framework for protecting data-at-rest under the diverse requirements of Federal Agencies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is low total cost of ownership, as well as simple, efficient deployment and operation.
Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.
Vormetric Key Management from Thales enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.
Vormetric Data Security Intelligence from Thales provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.
Vormetric Application Encryption enables agencies to easily build encryption capabilities into internal applications at the field and column level.
Vormetric Tokenization with Dynamic Masking from Thales lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, you can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.