Security

Data security is our top priority

At GovPort, we understand the critical importance of data security for our clients, making it our top priority.

Data Protection

FedRAMP Hosting

All of GovPort's infrastructure is hosted in FedRAMP high environments within US zones only.

Data at Rest

All customer data is encrypted at rest using a FIPS 140-2 encryption module.

Data in Transit

All customer data, GovPort data, and customer support traffic is encrypted with TLS.

Platform Security

Zero-Trust

Zero-trust principles are applied to all employee and platform workflows. All internal communications, administrative or service-layer are authenticated and follow least privilege practices.

Vulnerability Scanning

GovPort performs static analysis and vulnerability scanning throughout our software development process.

Data Encryption

All data is stored encryption in transit and at rest using industry leading
AES-256 quantum resistant encryption.

Corporate Security

CMMC Compliance

GovPort was built from the beginning to be CMMC compliant, and we are in line to be one of the first companies assessed by a C3PAO when assessments kick off in Summer 2025.

ITAR & CUI

GovPort is built and operated in the US, by US persons only. No external parties have access to your data or metadata. We do not employ contractors or other third parties for anything product related.

Access Controls

GovPort employees are only granted permissions to resources required to perform their roles. Employee accounts and device access are centrally managed. Programmatic and application credentials are rotated automatically on a regular basis and are independent from employee accounts.