Fortify offers end-to-end application security solutions to help developers build secure software fast, find security issues early and fix at the speed of DevOps
We take seriously our responsibility to provide solutions that satisfy the business requirements of our customers while also maintaining a level of security consistent with the deployment environment and information protection needs. Accordingly, we received the following certifications to ensure our customers trust that their information is secure and stays confidential.
Fortify on Demand (FoD) is the first and leading application security as a service solution to be JAB authorized and FedRAMP certified. Fortify on Demand allows government agencies to perform security assessment of any application code and website/web services testing without requiring any additional software to install or manage.
The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Fortify is self-assessed for the Level 1 Cybersecurity Maturity Model Certification (CMMC) showing that it has the appropriate structure, policies and practices to ensure the confidentiality and integrity of data within its supply chain.
The CMMC is a unifying standard for the implementation on cybersecurity across the Defense Industrial Base (DIB). It ensures that DIB companies implement cybersecurity practices and processes to protect Federal Contract Information (FCI) and enhance the protection of Controlled Unclassified Information (CUI) within the supply chain.
Fortify demonstrates implementation and maintenance for the highest security standards controls in the secure delivery of its software products.
The ISO 27001 outlines a series of requirements for establishing, implementing, and continually improving an information security management system. The process is done through an independent expert assessment to ensure customers information is secure.
Fortify implements application security standard. It demonstrates proactive integration of security as part of the Micro Focus software development lifecycle.
The International Standard for Organizations (ISO) 27034-1 Certification ensures that organizations integrate security seamlessly in the software life cycle and that computer applications deliver the desired or necessary of security in support of the organization’s Information Security management System.
Fortify on Demand application security testing services operates from AWS GovCloud, furthering the ability to offer enhanced testing, vulnerability management, and support to critical federal agencies.
Amazon AWS GovCloud allows customers and the U.S government agencies to address compliance at every stage of their cloud journey relative to Controlled Unclassified Information (CUI), Personally Identifiable Information (PII), sensitive patient medical records and financial data.
Fortify on Demand leverages the NTT Datacenter which retains their own SOC II Report. You can access a copy of the report here.
The American Institute of Certified Public Accountant (AICPA) Service Organization Controls (SOC) report is based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. It is designed to prove the effectiveness of controls in place at a service organization as they relate to the retrieval, storage, availability, or processing integrity of the systema used to process customer data, or the confidentiality or privacy of that information.
