Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on June 23, 2022
Published on June 15, 2022
To address complex threats in today’s cybersecurity landscape, we’ve taken a comprehensive approach to securing the Zoom platform. This includes staffing up our offensive and defensive security teams and building out robust education and training resources on our Trust Center and Learning Center.
To complement those efforts, Zoom recently partnered with MITRE Engenuity, MITRE’s tech foundation for public good, to better understand the most common and critical weaknesses that affect online video collaboration tools. As a part of this research, the Engenuity team in 2021 reviewed Zoom’s core source code, which includes our Zoom for Government offering.
A few key aspects of the review process included:
As a byproduct of this partnership, Zoom was able to strengthen its security posture and correct a number of weaknesses that had been previously unknown.
If proper testing is not conducted (e.g., automated static code analysis and manual code inspection), then a variety of software weakness types will persist past development and exist within a given video collaboration tool’s codebase.
Zoom proactively focused on their security and engaged with a neutral collaborator in the cybersecurity industry such as MITRE Engenuity; this is something we recommend for others to pursue.Drew Buttner, Principal Cybersecurity Engineer, MITRE Engenuity
MITRE Engenuity’s research is in the public interest and does not qualify as an endorsement of any third-party technology.
At Zoom, we’re always focused on new ways to raise the bar for our platform’s security and the Zoom experience as a whole.
To learn more about Zoom privacy and security, explore our Trust Center.