At GovPort, we understand the critical importance of data security for our clients, making it our top priority.
All of GovPort's infrastructure is hosted in FedRAMP moderate or higher environments in US zones only.
All customer data is encrypted at rest using a FIPS 140-2 encryption module.
All customer data, GovPort data, and customer support traffic is encrypted with TLS.
Zero-trust principles are applied to all employee and platform workflows. All internal communications, administrative or service-layer are authenticated and follow least privilege practices.
GovPort performs static analysis and vulnerability scanning throughout our software development process.
All data is stored encryption in transit and at rest using industry leading
AES-256 quantum resistant encryption.
GovPort was built from the beginning to be CMMC compliant, and we are in line to be one of the first companies assessed by a C3PAO when assessments kick off later this year.
GovPort is built and operated in the US, by US persons only. No external parties have access to your data or metadata. We do not employ contractors or other third parties for anything product related.
GovPort employees are only granted permissions to resources required to perform their roles. Employee accounts and device access are centrally managed. Programmatic and application credentials are rotated automatically on a regular basis and are independent from employee accounts.
