All FTP Today data center partners are audited annually under SSAE-18 standards. Audit reports available upon request.

All infrastructure partners are certified under the international ISO 27001 standard.

Subscription plans that meet PCI-DSS cloud compliance requirements for the financial services industry.

HIPAA ready subscription plans are available with our signed BAA.

All data center partners are EU-US Privacy Shield Certified. Subscription plans noted are available with our signed GDPR DPA.

Noted plans will be hosted on a FedRAMP Moderate Authorized platform and infrastructure.

Noted plans will be hosted on a FISMA Moderate Authorized platform and infrastructure.

NIST SP 800-53 controls are the operational, technical, and management safeguards used by information systems to maintain the integrity, confidentiality, and security of federal information systems.

Noted plans are hosted in a cloud that meets all ITAR, EAR, DFARS, and NIST SP 800-171 requirements.

Noted plans are hosted in a cloud that meets all ITAR, EAR, DFARS, and NIST SP 800-171 requirements.

Noted plans are hosted in a cloud that meets all ITAR, EAR, DFARS, and NIST SP 800-171 requirements.

Noted plans will be hosted on a Department of Defense Authorized platform with the appropriate NIST 800-171 controls to meet CMMC Level 1 and Level 3.

Noted plans will be hosted on a Department of Defense Authorized platform.

Noted plans are hosted in a cloud that meets all ITAR, EAR, DFARS, and NIST SP 800-171 requirements.

Each of our private clouds is a Virtual Private Data Center, surrounded both externally and internally by two firewalls in an active-passive configuration.

All servers are protected by VMware High Availability and automatic VMotion to another host machine in the event of a failure.

Network and application scans are run routinely to assess and mitigate potential protocol or application vulnerabilities. Customers are also welcome to run their own vulnerability scans on their own site.

INDUSTRY EXCLUSIVE: FTP Today has developed proprietary rules that enable us to proactively block offending IP addresses within seconds by measuring various attack signatures. A master blacklist is shared across our entire network.

The FTP Cloud offers 7 days of offsite backups. The GOVFTP Cloud offers 30 days of onsite backups (plus offsite DR).

In addition to 30 days of onsite backups, every server on our GOVFTP platform is replicated in near real time to a Standby DR infrastructure hundreds of miles away in a second FedRAMP Authorized location.

A comprehensive suite of security features such as firewall capabilities, monitoring, alerts, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).

A Host-based Intrusion Detection Service (HIDS) monitors for and issues alerts for any unauthorized operating system changes.

Comprehensive real-time protection preventing viruses, spyware, and other Web threats to internal or external endpoints.

Every FTP Today customer site has a unique dedicated IP address. If your plan includes Standby Disaster Recovery, it includes two dedicated IP addresses.

INDUSTRY EXCLUSIVE: Allows you to limit logical access to specific countries (such as the U.S.) and block all other countries to prevent hacking or data exports.

All FTP Today cloud storage systems encrypt all data at rest using AES-256 cipher strength.

Encryption on all secure transmission protocols meets FIPS 140-2 requirements.

Proprietary FTP Today web application, used not only for administration, but also as a powerful browser-based file transfer client. No plugins required.

FTP and Explicit FTPS are supported on port 21. Implicit FTPS is supported on port 990. SFTP is supported on port 22. HTTPS is supported on port 443. Protocol(s) are easily disabled.

Point your own subdomain (such as sftp.yourdomain.com) with a CNAME to your FTP Today subdomain. We will install a new SSL certificate to match your subdomain rather than *.ftptoday.com or *.govftp.com at our expense.

Use our Admin API to add, change or remove users and folder permissions, retrieve logs and more!

The first line of defense is a good password.

Automated systems and SFTP software can use public SSH-key authentication instead of password.

Auto-suspend inactive users on a future calendar date, or based on the number of days since their last login.

Set password length and strength requirements.

Set password expiration and reset requirements.

Email system to invite users to choose their own initial password.

Users can be required to use 2FA and admins can restrict the OTP method allowed (Email, SMS or TOTP app) for each user.

Single sign-on support for Identity Providers (IdP) such as Azure AD, Okta, Duo, Auth0 and SAML. One integration included.

INDUSTRY EXCLUSIVE: Restrict each user by protocol and/or by their remote IP address for tight security.

Establish policies for temporary lockouts for failed logins.

INDUSTRY EXCLUSIVE: Require users to check a box and accept custom contract terms prior to login. Records date, timestamp and IP address for a legally binding clickwrap agreement.

The permission to enter or pass through a parent folder to reach a child folder, without seeing anything else in the parent.

The permission to view a folder's entire directory listing.

The permission to upload a file to a given folder. This includes permission to create a sub-folder.

The permission to download a file or a sub-folder from a given folder.

The permission to delete files or sub-folders from a given folder.

Unlimited, granular email notifications per folder triggered by Upload, Download, Delete events or by reaching a given Storage Threshold.

Purge files based on age, configurable on a per-folder basis or site wide.

Only those users allowed by the Administrator can create file sharing links.

When permitted, authenticated users can send files to non-authenticated guests by creating links to certain files.

When permitted, authenticated users can receive files from non-authenticated guests by creating links to certain folder locations.

Administrators can limit the number of days each link can be available before it automatically expires and can optionally allow users to override this limit.

Administrators can limit the number of times each link can be used before it automatically expires and can optionally allow users to override this limit.

Administrators can set whether a link will send a return receipt to the sender when the recipient uses the link, and can optionally allow users to override this limit.

Administrators can set whether a link will require a password from the link recipient, and can optionally allow users to override this setting.

A quick view of storage usage, currently connected users and their most recent activity. Also a place for recent announcements or messages from FTP Today.

Activity formatted in clean reports with the ability to drill down to specific time periods within the past 90 days. Results exportable to CSV.

Detailed log files allow you to review and audit activity for every user session in minute detail. Monthly log files kept available for the life of your account. Log files do not count against your storage pool quota.