Salesforce Government Cloud Plus: Scale and secure apps on a FedRAMP High-authorized government cloud

At Salesforce, we understand the importance of adopting industry-leading security practices and technology needed to protect customers’ data. Our security practices are embedded across all of our technology, programs, and processes. Our customers rely on us to deliver high levels of data integrity, confidentiality, and availability. For more than two decades, we have partnered with organizations in highly regulated industries, such as government, financial services, healthcare, and utilities – each customer willing to trust Salesforce with securing their data.

In this paper, we provide an overview of our commitment to securing data and privacy for our U.S. federal, state, local government customers and government contractors using Salesforce Government Cloud Plus. Built on AWS GovCloud (US), Government Cloud Plus has security and privacy controls to support FedRAMP High, DoD IL4 and additional compliance frameworks, such as: IRS 1075, NIST SP 800-171, and DoD Privacy Overlays.

1This paper is written primarily in the context of the Federal Risk and Authorization Management Program (FedRAMP) and the Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG). Subsequent sections introduce the security and privacy features inherent to Salesforce Government Cloud Plus that customers can use to build and secure their applications and customer data.