Virtru Security Certifications and Standards

Virtru complies with the Service Organization Control (SOC) Type 2 framework, validating our ability to safeguard customer data in the cloud. Customers can request access to our SOC 2 audit reports for review against their internal security practices.

Virtru solutions are FIPS 140-2 Validated. For a cryptographic module to be FIPS validated, it must undergo an independent examination by a National Institute of Standards and Technology (NIST) accredited lab. Validated modules are issued certificates, which can be viewed on the Cryptographic Modules Validation Program (CMVP) website.

Virtru is FedRAMP authorized at the moderate impact level. As a part of our FedRAMP Authorization to Operate (ATO) compliance program, we adhere to the security controls defined in the NIST SP 800-53 to ensure integrity of federal information systems. This control baseline closely aligns with the controls required by compliance programs such as NIST SP 800-171, CJIS, and CMMC. Learn more here.

Virtru is certified by The French National Cybersecurity Agency (ANSSI) with the CSPN First Level Security Certification for cyber security. To best support the growing IoT and cloud solutions spaces, Virtru is committed to deliver products that resist cyber attacks and uphold high data security standards to comply with French government mandates and the growing global need for data protection. Learn more here.

Virtru is accepted and approved as part of the G-Cloud 13 Framework, the latest version of the U.K. Government’s procurement platform for suppliers of cloud hosting, software and support services to the public sector. Learn more here.

Virtru is a registered vendor on the Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR). Encompassing the key principles of transparency, rigorous auditing and harmonization of standards, CSA STAR consists of three levels of assurance. Learn more here.