Customers benefit from Zscaler's compliance excellence by inheriting specific Zscaler's platform compliance attributes and by leveraging Zscaler’s technology against compliance requirements.
CISA’s Zero Trust Maturity Model helps agencies develop zero trust strategies and implementation plans.
DoD Zero Trust Strategy
The DoD Zero Trust Strategy helps align strategies, efforts, and resources to accelerate adoption of zero trust.
NIST 800-53 / FedRAMP
NIST 800-53 addresses cloud security risks for a wide range of federal information systems, while FedRAMP applies to CSPs supporting federal agencies.
CMMC / NIST 800-171 / CUI Protection
Controlled Unclassified Information (CUI) is government data that requires protection and controlled dissemination, but is not classified national security information.
ITAR
International Traffic in Arms Regulations (ITAR) controlled data is information related to military technologies, defense, and national security.
CJIS
Criminal Justice Information Services (CJIS) standards mandate how CJI (e.g., criminal records, fingerprints, arrest data) must be handled to ensure confidentiality, integrity, and availability.
IRS 1075
IRS 1075 is intended to minimize the risk of loss, breach, or misuse of Federal Tax Information (FTI) held by external government agencies.
HECVAT
The Higher Education Cloud Vendor Assessment Toolkit (HECVAT) helps higher education institutions evaluate the security and privacy of cloud services from potential vendors.
GLBA
The Gramm-Leach-Bliley Act (GLBA) mandates how financial institutions must protect the privacy and security of customers' non-public personal data as well as disclose their data sharing practices.
FERPA
The Family Educational Rights and Privacy Act (FERPA) protects students' education records and privacy. It applies to most public and private schools as well as other federally funded institutions.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) requires entities handling protected health information (PHI) to implement safeguards to ensure its privacy and confidentiality.
FAFSA
The Free Application for Federal Student Aid (FAFSA) is protected by laws and security measures to safeguard student data.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) mandates how entities handling credit card data must store, process, and transmit cardholder data to protect against data breaches and fraud.
Programs
CDM
The Continuous Diagnostics and Mitigation (CDM) program provides tools, integration services, and dashboards to help continuously monitor and mitigate cyber risks across federal agencies.
SLCGP
CISA’s State and Local Cybersecurity Grant Program (SLGCP) program provides funding to help state, local, and tribal governments improve cybersecurity to address risks and threats to their critical infrastructure.
FCC K-12
The K-12 Cybersecurity Pilot Program provides funding to help schools and libraries protect their networks and data from cyberthreats. The program is funded by telecommunication fees through the Universal Service Fund.
