At ID.me, one of our top priorities is the security of user information. The systems that process and store user information are covered by security controls such as encryption, access controls, intrusion detection, and many others that are continuously monitored for effectiveness by our dedicated security team.
Our commitment to security is demonstrated by our compliance with security frameworks such as ISO27001, FedRAMP, Kantara, and SOC2 Trust Services Criteria. Our strict adherence to Federal data handling guidelines qualifies us as compliant with the National Institute of Standards and Technology (NIST) requirements , as well as a FedRAMP Moderate authorized entity by the Government Accountability Office (GAO). ID.me engages certified independent third-parties to assess conformance with our security controls, conduct annual penetration testing and assess our ongoing vulnerability exposure.