Compliance at Menlo Security

We encourage you to inspect and verify our security and privacy practices and operations. Our team is continually working on expanding coverage. The more compliant we are, the better equipped we are to help organizations meet their compliance needs.
three people in a business setting looking at a laptop
fedramp logo

FedRAMP® Authorized for Cloud Security Platform

Menlo Security is FedRAMP Authorized for our Cloud Security Platform powered by Isolation Core.™ FedRAMP Authorized solutions meet a higher level of security standards, are rigorously tested and must be continuously tested to maintain the FedRAMP status in order to continue to do business with government agencies.

tx-ramp logo


Menlo Security is TX-RAMP certified (TX-RAMP number TX1009298).

iso 27001 certification logo

ISO 27001, 27017 and 27018

ISO 27001 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes. Menlo is additionally certified for ISO 27017 (Cloud Services) and ISO 27018 (Protection of Personally Identifiable Information (PII).

vpat 508 compliant logo


Menlo Security has a Voluntary Product Accessibility Template (VPAT™) report on file. This documentation explains how our products and solutions meet the 508 standards for IT accessibility. You can request a copy by filling out the form at the link below.

cybergrx logo


Menlo Security has completed the CyberGRX assessment. This assessment has been independently validated by CyberGRX partners, Deloitte, and KPMG. Customers can access Menlo Security’s CyberCRX assessment report to understand details of our compliance with industry standards and the security protocols built into our infrastructure.


SOC 2 Type 2 Report

System and Organization Controls (SOC) reports are independent third-party examination reports that demonstrate how Menlo Security achieve key compliance controls and objectives. The purpose of this reports is to help you and your auditors understand the Menlo Security controls established to support operations and compliance. Menlo Security has engaged with A-LIGN to ensure SOC2 Type II compliance. Please click the button below to request the Menlo Security SOC2 Type II Report.

tisax logo


The ENX Association supports with TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA the common acceptance of Information Security Assessments in the automotive industry. The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public.

Menlo Security is a TISAX participant, 2 locations have been assessed against the assessment objective ‘Information with Very High Protection’ label under the definition of TISAX. Menlo Security follows the question catalogue of information security of the German Association of the Automotive Industry (VDA ISA). TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. The result is exclusively retrievable over the ENX Portal.

The Scope ID is SFC3L and Assessment ID is A83VG4-1 respectively.

The following locations have been assessed under the ‘Information with Very High Protection Needs’ label:
Menlo Security Limited, Bracknell, United Kingdom
Menlo Security Inc, Mountain View, California, United States of America

Our approach to customer compliance

We help our customers stay secure by meeting their compliance measures.
NIST cybersecurity framework diagram

Aligned with the NIST Cybersecurity Framework

Menlo Security Cloud Platform helps organizations achieve NIST Cybersecurity Framework Compliance by providing enterprise-grade security capabilities that correspond to Zero Trust and NIST 800-53 Guidelines. These include:

  • Data Loss Prevention
  • Threat Insights & Risk Scoring
  • Cloud Access Security Broker (CASB)
  • Secure Browser Isolation
  • Secure Web Gateway, SSL Inspection
  • Private Access
  • Firewall-as-a-Service
TIC 3.0 logo

Menlo Security provides security-first TIC 3.0 solutions

Menlo Security’s Cloud Security Platform powered by an Isolation Core™ is designed to meet the aggressive requirements of the TIC 3.0 security objectives.

mitre att&ck logo

Preventing threats at the initial access of the MITRE ATT&CK® framework

To better understand how threat actors operate, many security leaders look to the MITRE ATT&CK® framework. See Menlo Security’s approach to this framework when it comes to helping you prevent HEAT (Highly Evasive Adaptive Threats) attacks at the point of entry.

essential 8 diagram

Building a cybersecurity strategy based on ASD’s essential eight recommendations

Menlo Security’s remote browser isolation solutions can be used to help achieve the same results intended by ASD’s Essential Eight recommendations, without adding complexity and cost to an organization’s security stack.

illustration of lock and cloud labeled ISMAP

Menlo Security ISMAP

The Information System Security Management and Assessment Program (ISMAP) is a framework to evaluate cloud services in Japan ensuring that they meet the security requirements of the Japanese government. Menlo Security is now ISMAP Certified.

Cloud Service Provider (CSP) Safety Assessment

Menlo Security Korea announced on the 15th July 2024 that it has successfully completed the cloud service provider (CSP) safety assessment conducted by the Financial Security Service.

In accordance with the Electronic Financial Supervisory Regulations, the Financial Security Service is entrusted with conducting CSP safety assessments required by domestic financial institutions when introducing commercial cloud computing services.