Security and Compliance for the US Public Sector's Most Important Workloads
Oracle Cloud Infrastructure's government cloud regions are purpose-built to provide the industry-leading performance, comprehensive security controls, and support for regulatory compliance efforts required by US public sector and Department of Defense (DoD) agencies as they shift mission-critical workloads to the cloud.
Security-First Architecture
Oracle provides powerful and easy-to-manage cloud security for every workload. Oracle's security approach is based on seven core pillars that enable public sector agencies to achieve the isolation, data protection, control, and visibility needed to support security and compliance requirements. The seven core pillars include:
Open all Close allCustomer Isolation
- Application and data assets are deployed in an environment that provides isolation from other tenants and Oracle’s staff, as well as isolation between the same tenant’s workloads. Oracle provides customer isolation through bare metal instances, virtual machine (VM) instances, virtual cloud networks (VCNs), and identity and access management (IAM) compartments.
Data Encryption
- Always-on encryption protects data at rest and in transit, helping public sector entities meet compliance requirements regarding data encryption, cryptographic algorithms, and key management. Oracle provides default storage encryption, database encryption, as well as key management services (KMS) that enable customers to encrypt information using keys they control.
Security Controls
- Effective and easy-to-use security management controls allow users to constrain access and segregate operational responsibilities. Oracle security controls cover networking, user authentication and authorization, and instance principals, and more.
Visibility
- Comprehensive log data and security analytics for auditing and monitoring data and application assets.
Highly Secure Hybrid Cloud
- Integrate existing on-premise security solutions with Oracle cloud security services using virtual private networks (VPNs). Oracle supports third-party security solutions and offers identity federation capabilities that enable organizations to use existing users and groups in the cloud.
High Availability
- Fault-tolerant data centers enable high-availability scale-out architectures and are resilient against network attacks, for constant uptime in the face of natural disasters and cybersecurity risks. Oracle offers end-to-end service level agreements (SLAs) that cover high availability, performance, and manageability.
Highly Secure Infrastructure
- Oracle demonstrates its adherence to strict security standards through third-party audits, certifications, and attestations—and helps public sector agencies demonstrate compliance readiness to internal security and compliance teams, auditors, regulators, and the general public.
A Culture of Security
Oracle embraces a culture of security that is evident in every aspect of the design, testing, and rollout of cloud infrastructure and services. Oracle's technology and product decisions, network architecture, and certifications are all focused on protecting sensitive data and providing core-to-edge security.
Support for Regulatory Compliance
Oracle Cloud Infrastructure has a comprehensive security compliance approach to build confidence with public sector organizations and can provide a broad spectrum of accreditations and capabilities designed to protect services, information, and data while preserving critical resources to support mission services.
- The US Federal Risk and Authorization Management Program (FedRAMP)
- The US DoD Information Assurance (DISA SRG impact level)
- The Health Insurance Portability and Accountability Act (HIPAA)
- ISO 27001
- SOC1, SOC2