Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on October 31, 2022
Published on October 03, 2022
Who is responsible for cybersecurity? Is it…
For those that answered D. “All of the above,” you’re correct and already aligned with this year’s Cybersecurity Awareness Month theme, “See Yourself in Cyber.” The theme reflects that cybersecurity is about all of us — it boils down to people, with the responsibility equally falling on both those that build technology and those using it.
That’s why we at Zoom strive to make security accessible for everyone. We’ve created a wide variety of easy-to-use features and tailored resources that can help you safeguard your information while maintaining the flexible, reliable Zoom experience. Here are a few recent ones:
Zoom Customer Managed Key (CMK): As our newest advanced security offering, CMK is designed to help you address stricter compliance requirements or other needs, equipping you with the ability to protect certain data stored at rest within the Zoom Cloud infrastructure using your own encryption keys.
End-to-end encryption for Zoom Phone and Breakout Rooms: Our optional end-to-encryption (E2EE) feature has recently expanded to Zoom Phone and is coming soon to Breakout Rooms.
Account Theft Protection: This feature helps us determine if the login and password used for your Zoom account may have been compromised on another service and if so, we send you a notification and prompt you to reset your password within one day. If the password is not reset in 24 hours, we will force a logout for your account in an effort to proactively prevent account takeovers. This helps prevent cybercriminals from potentially using your compromised credentials to access your Zoom account.
One-time password (OTP): If we detect a suspicious login — when you log in from a different location or device than usual — this feature asks you to enter a one-time password that is sent to your email address. This applies to those who use a work email to log in and do not have two-factor authentication enabled.
In addition to these recent features, we offer an aggregate of controls that you can use to add an extra layer of security to your Zoom experience. These include:
And many more.
Zoom Trust Center: Our Trust Center is a one-stop shop for assets about Zoom compliance, privacy, safety, and security. It includes compliance and corporate governance resources, a detailed privacy overview, privacy resources, security resources and certifications, a detailed trust and safety overview, trust and safety policies, and more.
Zoom Security Basics: On the Zoom Learning Center, you can take a free, interactive course to learn how to deploy immediate safety and security features to help protect participants on Zoom. By the end of this on-demand course, you'll be able to:
You shouldn’t use Zoom without security controls the same way you shouldn’t drive a car without a seatbelt. Speed and flexibility can’t come without safety, which is why we all must see ourselves in cyber.
It’s on all of us to make smart decisions, no matter what you do or where you are. At Zoom, we strive to complement new security innovation with relevant education so customers know how to use our platform to secure their communications effectively. When technology and awareness go hand-in-hand, we’re all in a better position to do our part in making the internet a safer place.
To learn more about Zoom’s approach to security and privacy, explore our Trust Center. And get more details on the National Cybersecurity Alliance, which Zoom supports as a Cybersecurity Awareness Month champion organization.