## Privacy & Security

Slingshot’s security and privacy framework combines commercial best practices with formally-assessed government-grade rigor. We follow a zero-trust approach, maintain industry-standard security and encryption practices, and are continuously monitoring our systems to protect against emerging threats.

Whether you’re a commercial operator, researcher, or federal mission partner, Slingshot provides a secure foundation for confident decision-making.

### Data Protection

-  FIPS 140-2 Validated encryption at key external and internal boundaries
-  Accredited CMMC/NIST Information Security Programs
-  Configurable data retention and deletion capabilities to suit customer needs

### Identity & Access Management

-  Secure authentication with Okta SSO and multi-factor authentication (MFA)
-  Least-Privilege Principle Role-Based Access Control (RBAC)
-  Continuous activity logging and deviation detection

### Privacy Governance

-  Adherence to GDPR, CCPA, and U.S. federal data protection standards
-  Transparent data-handling and audit reporting
-  Active GRC Programs with annual security control reviews

### Secure Development & Operations

-  Security integrated across our DevSecOps lifecycle
-  Code scanning, dependency audits
-  Continuous vulnerability management and patch automation

### Monitoring & Support

-  24/7 system monitoring through SIEM and automated alerting
-  Incident response procedures aligned with NIST 800-61
-  Real-time threat detection and anomaly response

### Government Compliant

-  CMMC Final Level 2 (C3PAO) Certified 110/110
-  FedRAMP Moderate Cloud Storage Providers
-  NIST SP 800-171 R2 Aligned
-  Support GDPR / CCPA
-  ITAR / EAR Awareness Controls