SolutionsNetskope for government

Netskope for federal, state and local government

Enabling government agencies and organizations to protect mission-critical data and personnel by securing usage of cloud managed and unmanaged applications (Shadow IT), across all networks, locations, and devices, essentially the new perimeter.

Netskope is FedRAMP authorized

We never stop delivering on the latest government requirements and needs, the toughest problems, and the best way to help our customers secure their mission in the cloud and on the web. TIC 3.0 will help to assure your compliance as we provide a full featured security stack built in the cloud, and for the cloud, where our customers can turn on the features they desire when they need them.

 

Netskope’s Security Cloud Platform meets the Federal Risk and Authorization Management Program (FedRAMP) requirements and has achieved FedRAMP Authorization.

 

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Government

Compliance

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

 

To request for a copy of our SOC 2 Report, please contact us.

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

 

To request for a copy of our SOC 3 Report, please contact us.

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

 

Click here to learn more about Netskope’s Authorization.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

To request the ISO 27001 certification, please contact us.

ISO 27018

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

To request the ISO 27018 certification, please contact us.

CSA STAR

The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

Click here to view our CSA STAR Level II Certification.

Privacy Shield

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

TRUSTe

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks within the context of the German Government’s “Security Recommendations for Cloud Providers”.

To request the C5 copy please contact us.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Data Processing Addendum

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact us at [email protected].

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

 

To request for a copy of our SOC 2 Report, please contact us.

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

 

To request for a copy of our SOC 3 Report, please contact us.

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

 

Click here to learn more about Netskope’s Authorization.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

To request the ISO 27001 certification, please contact us.

ISO 27018

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

To request the ISO 27018 certification, please contact us.

CSA STAR

The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

Click here to view our CSA STAR Level II Certification.

Privacy Shield

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

TRUSTe

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks within the context of the German Government’s “Security Recommendations for Cloud Providers”.

To request the C5 copy please contact us.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Data Processing Addendum

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact us at [email protected].

Trusted Internet Connection (TIC)
Use Cases

Netskope meets CDM, TIC 3.0 and provides capabilities to adopt a zero-trust architecture adhering to NIST SP 800-207 principles. TIC 3.0 expands upon the original program to drive security standards and leverage advances in technology as agencies adopt mobile and cloud environments. The goal of TIC 3.0 is to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

The granular access you need

01

Assess risk

Understand and manage the risks associated with your growing cloud and web usage.

Read more
02

Secure data

Identify and protect sensitive data stored in the cloud, as well as control data being uploaded, downloaded, and shared.

Read more
03

Protect against advanced threats

Inspects traffic that other security solutions cannot, such as sync clients, mobile apps, TLS-encrypted cloud services and websites to identify and address threats.

Read more
04

Audit, investigate and report

Create a granular, contextual audit trail of all your cloud activities for your forensic investigations, auditing and compliance reporting purposes. Map your cloud security and visibility from Netskope to the NIST controls framework.

Read more
05

Adapt access controls and policies

Carve out risky activities in sanctioned and unsanctioned services and websites, with granular policies that take into account user, service, device, location, activity, and content.

Read more

Security is all about enabling the mission. For us, it’s crucial that we do that as we move out on the integrated health record, the digital transformation [and] the modernization efforts… It’s very easy to go off on the CDM ‘path’ unilaterally, it has to be part of a holistic front.

—Gary Stevens, Deputy CIO and Director of Cyber Strategy, Department of Veterans Affairs

Trusted by the largest government agencies

Resources

Reimagine your perimeter.