Security Controls
Network Security
- Virtual Private Cloud (VPC) - All resources deployed within isolated VPCs
- Security Groups - Explicit allow-list firewall rules between tiers
- Access Control Lists (ACLs) - Network-level traffic filtering
- Private Subnets - Database and processing tiers not directly accessible from internet
Data Encryption
| Data State | Encryption Method |
|---|---|
| In Transit | TLS 1.2+ (256-bit) |
| At Rest | AES-256 |
| Backups | AES-256 with separate key management |
Access Controls
- Multi-Factor Authentication (MFA) - Required for all administrative access
- Role-Based Access Control (RBAC) - Permissions based on job function
- Just-In-Time Access - Temporary elevated privileges with automatic expiration
- Audit Logging - All access attempts logged and monitored
Monitoring and Detection
- Continuous Vulnerability Scanning - Automated security assessments
- Intrusion Detection - Real-time threat monitoring
- Log Aggregation - Centralized security event logging
- Anomaly Detection - ML-based identification of unusual patterns
AWS Compliance
Govly’s infrastructure runs on AWS, which maintains compliance with:- ISO 27001
- ISO 27017
- SSAE-18 SOC 1 and SOC 2
- FedRAMP Moderate
Data Residency
All Govly production systems are hosted in AWS US regions, ensuring:- Data remains within United States boundaries
- Compliance with federal data residency requirements
- Multi-availability zone redundancy for durability
Secure Enclave Services
The following services are available within the CMMC-compliant enclave:Secure Email Ingestion
Process procurement emails containing CUI:Secure Web Automation
Monitor procurement portals with data processed entirely within the enclave boundary.Secure API Access
Enterprise API endpoints for programmatic access to enclave-processed data.Getting Access
To use Govly’s Secure Enclave services:- Contact [email protected] to discuss your requirements
- Receive your organization’s secure endpoints and credentials