Register for our upcoming GenAI Webinar - Learn More
Upcoming Webinar: From Data Silos to Insights Register Now
Our commitment is to meet and exceed the stringent technical specifications our government customers require
You take the security and protection of your information seriously, and so do we. Authorium builds our software, support, and operations based on stringent standards. We hold SOC-2 Type II certification and StateRAMP Moderate Authorization. We use NIST 800-53 based security controls, with active programs to achieve FedRAMP authorization and compliance with HIPPA requirements.
While many companies host application data in standard commercial data centers, Authorium stores your data in AWS GovCloud data centers, which meet the highest Federal, Military, and DoD standards for data protection, business continuity, disaster recovery, infrastructure control, and physical security.
All of the information that we transmit and store is encrypted using advanced algorithms that meet or exceed FIPS 140-2 standards – the bar that the Federal Government uses to approve cryptographic modules for their use.
Access to your data is strictly controlled by you, through our innovative organization, project, document, and even section-level role-based access control (RBAC) model.
All of your data is securely replicated to multiple data centers, which allows us to quickly enact point-in-time recovery when a disaster or security incident occurs.
Security and encryption keys are always stored securely in hardware security modules (HSM) based Key Management Services that also meet NIST and FIPS 140-2 controls.
Authorium connects with your Identity Provider (IdP) in Azure Active Directory (Entra) so that you can control the password policy and multi-factor authentication requirements and provide seamless onboarding/offboarding controls to meet your own security requirements.
Our enterprise solution can also optionally provide non-Active Directory username/password accounts when you need external collaborators outside your organization. These accounts are always under your control and can be removed anytime.
Your data is always immediately accessible and can be exported at any time. In the event of contract termination, we will delete all copies of your data after 60 days.
We will never use your data without your agreement. And when we have your agreement, your data is only used for support purposes. Authorium defends your data using well-established policies designed to handle incidents or vulnerabilities quickly.
Authorium’s production systems are protected by Intrusion Detection and Prevention systems, including advanced Web Application Firewalls and Secure Network Routing. We employ the principle of least privilege for all systems and infrastructure to limit access privileges to the minimum necessary to perform assigned tasks.
Our continuous monitoring and Security Information and Event Management (SIEM) systems provide 24×7 protection against malicious behavior – such as data breaches, external attacks, or ransomware.
We hire US-based employees and contractors after a complete set of criminal, education, and employment background checks in line with the federal requirements to ensure you can trust our team. Everyone undergoes security awareness training and accepts our information security policies.
Authorium partners with AWS GovCloud to provide us with the flexibility to architect secure cloud solutions for government customers that comply with the FedRAMP High baseline; the DOJ’s Criminal Justice Information Systems (CJIS) Security Policy; U.S. International Traffic in Arms Regulations (ITAR); Export Administration Regulations (EAR); Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4 and 5; FIPS 140-2; IRS-1075; and other compliance regimes.
AWS GovCloud is operated by employees who are U.S. citizens on U.S. soil. AWS GovCloud (US) is only accessible to U.S. entities and root account holders who pass a screening process.
As required by StateRAMP and NIST-171, a System Security Plan (SSP) is available upon request.
Authorium is hosted within the AWS GovCloud regions in the United States. AWS GovCloud (US) is FedRAMP High, DoD IL2, 4, 5 and only allows access to US citizens.
The Authorium platform can integrate with your Identity Provider (IdP) in Azure Active Directory (Entra) or through our application authentication. Application authentication uses credentials that meet NIST standards and are one-way hashed per the OWASP recommendations.
As the California State Administration Manual (SAM) requires, Authorium maintains a Technology Recovery Plan (TRP) available upon request.
The Authorium platform and APIs utilize redundant data centers and servers to provide our customers with maximum uptime. Our published availability is 99.9%, exceeding this target for the last year.
Authorium has designed failover to support several scenarios:
For additional information and the ability to request security artifacts, please visit our Trust Center.
Get our newsletter
@ 2024 Authorium, Inc. All rights reserved.
All of the information that we transmit and store is encrypted using advanced algorithms that meet or exceed FIPS 140-2 standards – the bar that the Federal Government uses to approve cryptographic modules for their use.
Access to your data is strictly controlled by you, through our innovative organization, project, document, and even section-level role-based access control (RBAC) model.
All of your data is securely replicated to multiple data centers, which allows us to quickly enact point-in-time recovery when a disaster or security incident occurs.
Security and encryption keys are always securely kept in hardware security modules (HSM) based Key Management Services that also meet NIST and FIPS 140-2 controls.
Authorium connects with your Identity Provider (IdP) in Azure Active Directory (Entra) so that you can control the password policy and multi-factor authentication requirements and provide seamless onboarding/offboarding controls to meet your own security requirements.
Our enterprise solution can also optionally provide non-Active Directory username/password accounts when you need external collaborators outside your organization. These accounts are always under your control and can be removed anytime.
Your data is always immediately accessible and can be exported at any time. In the event of contract termination, we will delete all copies of your data after 60 days.
We will never use your data without your agreement. And when we have your agreement, your data is only used for support purposes. Authorium defends your data using well-established policies designed to handle incidents or vulnerabilities quickly.
Authorium’s production systems surround Intrusion Detection and Prevention systems, including advanced Web Application Firewalls and Secure Network Routing. We employ the principle of least privilege for all systems and infrastructure to control access tightly only when needed.
Our continuous monitoring and Security Information and Event Management (SIEM) systems provide 24×7 protection against malicious behavior – such as data breaches, external attacks, or ransomware.
We hire US-based employees and contractors after a complete set of criminal, education, and employment background checks in line with the federal requirements to ensure you can trust our team. Everyone undergoes security awareness training and accepts our information security policies.
Authorium partners with AWS GovCloud for secure cloud solutions to give our government customers the flexibility to architect secure cloud solutions that comply with the FedRAMP High baseline; the DOJ’s Criminal Justice Information Systems (CJIS) Security Policy; U.S. International Traffic in Arms Regulations (ITAR); Export Administration Regulations (EAR); Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4 and 5; FIPS 140-2; IRS-1075; and other compliance regimes.
AWS GovCloud is operated by employees who are U.S. citizens on U.S. soil. AWS GovCloud (US) is only accessible to U.S. entities and root account holders who pass a screening process.
As required by NIST-171, a System Security Plan (SSP) is available upon request.
Authorium is hosted within the AWS GovCloud regions in the United States. AWS GovCloud (US) is FedRAMP High, DoD IL2, 4, 5 and only allows access to US citizens.
The Authorium platform can integrate with your agency’s Azure Active Directory Single Sign On or through our application authentication. Application authentication uses credentials that meet NIST standards and are one-way hashed per the OWASP recommendations.
As the California State Administration Manual (SAM) requires, Authorium maintains a Technology Recovery Plan (TRP) available upon request.
The Authorium platform and APIs utilize redundant data centers and servers to provide our customers with maximum uptime. Our published availability is 99.9%, exceeding this target for the last year.
Authorium has designed failover to support several scenarios:
