Certifications and Compliance

The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond FedRAMP. Skyhigh Security has been granted a DoD Impact Level 2 (IL2) Provisional Authorization from DISA, leveraging Skyhigh's FedRAMP Moderate ATO. DoD IL2 covers non-Controlled Unclassified Information. Skyhigh is actively pursuing DoD IL4, which covers CUI including PII, PHI, SSN, Credit Card Information, Export Controls, FOUO and Law Enforcement Sensitive material.

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring for Cloud Service Providers (CSP). Skyhigh Cloud Access Security Broker (CASB), Skyhigh Secure Web Gateway (SWG) for Cloud, DLP and Advanced DLP have all been granted FedRAMP High Authorization, supporting U.S. government customers in processing, storing, and transmitting government data.

The GDPR was designed to harmonize data protection rules across the European Union and provides rules relating to the protection of individuals with regard to the processing of personal data and the free movement of personal data of data subjects in the EU. Skyhigh Security implements appropriate technical and organizational measures to protect personal data in full conformity with GDPR requirements.

SOC 2 Type II report attests that controls are in place to meet the AICPA's Trust Services Criteria (TSC), confirmed by an independent CPA firm. The five trust service principles are: Security (protected against unauthorized access), Availability (system available for operation as committed), Processing Integrity (complete, accurate, and authorized), Confidentiality (confidential information protected per policy), and Privacy (personal information handled per AICPA principles).

Skyhigh Security was the first Cloud Access Security Broker to attain ISO 27001 Certification, demonstrating leadership and maturity of information security controls and practices. ISO 27001's best-practice approach helps organizations manage their information security by addressing people, processes, and technology holistically.

The Information Security Registered Assessor Program (IRAP) was developed by the Australia Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) to support Commonwealth government entities in maintaining security assurance and risk management. Skyhigh SSE completed an IRAP assessment at the PROTECTED security classification level in 2023. The 2026 assessment continues to provide assurance to public sector organizations that Skyhigh's data-aware cloud security technology has appropriate and effective security controls in place for Australian government agencies.

The BSI C5 (Cloud Computing Compliance Criteria Catalogue) was developed by Germany's Bundesamt für Sicherheit in der Informationstechnik (BSI) to define a trusted benchmark for cloud service security, particularly for regulated sectors including healthcare, finance, and German public sector IT. Skyhigh Security is bringing the full stack of the Skyhigh SSE Portfolio to the German market under the BSI C5 framework, enabling organizations handling highly sensitive data to adopt cloud security with full regulatory assurance and confidence in data sovereignty.

The CSA STAR (Security, Trust, and Assurance Registry) certification provides assurance that certified organizations adhere to rigorous security measures, privacy protections, and regulatory compliance frameworks specifically designed for cloud environments. Skyhigh Security's CSA STAR Certification reinforces its leadership in cloud security and delivers peace of mind to customers seeking secure, compliant cloud solutions.

The DPDPA defines obligations for organizations handling personal data including security, transparency, and accountability. Skyhigh Security's SSE platform and CASB address DPDPA requirements through data encryption, access controls, real-time monitoring, and cross-border data transfer compliance. Skyhigh Security's solutions empower organizations to mitigate risks associated with personal data breaches and ensure compliance with DPDPA's cross-border data transfer rules.

DORA establishes a unified regulatory framework to enhance the security and resilience of financial entities across the EU, mandating strict requirements for managing ICT risks and ensuring operational continuity. Skyhigh Security's SSE platform and CASB help financial institutions meet DORA's requirements through threat detection, incident response, continuous monitoring, and operational risk mitigation.