announcing sift’s $42M series b funding. read more.
Sift is built with security at its core — compliant with NIST SP 800-171 and ITAR to protect sensitive data across every layer, from infrastructure to privacy.
Sift meets all 110 security controls of NIST SP 800-171, protecting Controlled Unclassified Information (CUI) across access control, configuration management, and incident response. Compliance is documented in the DoD's SPRS system, supporting Sift's path to CMMC Level 2 certification.
Sift is ITAR-compliant, adhering to U.S. Department of State regulations that protect defense-related data and technologies. This includes strict access controls, data security, and licensing requirements — ensuring secure operation within the federal supply chain and supporting U.S. national security.
.svg)
Sift is in the SOC 2 Type II audit phase, ensuring compliance with AICPA standards for security, availability, and confidentiality. This assessment validates Sift’s controls for data protection, access management, and system integrity, reinforcing its commitment to enterprise security.
.svg)
Sift supports multiple deployment methods, including AWS GovCloud (US) — a secure, isolated environment designed for sensitive and regulated data. GovCloud meets stringent U.S. government standards, ensuring federal compliance and robust data protection.
Sift ensures reliability, compliance, and the highest standards of data protection. Below is an overview of our security measures.
Sift restricts access to production systems and data to authorized personnel using unique credentials, multi-factor authentication, and encrypted connections. Network segmentation, firewalls, and strict access controls protect customer data, with clear procedures for onboarding, revoking access, and ensuring compliance. For more information, contact Sift directly.
Sift enforces security through background checks, annual training, asset inventories, and mobile device management. Visitor procedures and secure media disposal are standard, with anti-malware protections and password policies ensuring compliance.
Sift ensures product security through encryption of sensitive data at rest and in transit, regular penetration testing, and continuous vulnerability management. Annual control assessments and system monitoring ensure policies are effective and updated as needed.
Sift has internal security measures in place, including Business Continuity and Disaster Recovery plans, risk assessments, and vendor management programs. Change management, configuration consistency, and a formal development lifecycle ensure operational stability, while access to sensitive systems and data centers is tightly controlled and reviewed regularly. Incident response plans are documented, tested annually, and communicated effectively, alongside policies for vulnerability management and risk mitigation.
Sift upholds strict data retention and classification policies to safeguard customer information. Data is securely retained and disposed of according to formal procedures, while a classification policy ensures confidential data is protected and accessible only to authorized personnel.
