CyberGRX provides an independent third party assessment of Zoom’s security posture. The assessment details Zoom’s compliance with industry standards and frameworks and covers the following Zoom products: Zoom Meetings, Zoom Phone, Zoom Team Chat, Zoom Webinars, and Zoom Rooms.
Zoom’s CyberGRX Assessment
CyberGRX’s assessment of Zoom covers more than 200 controls. It has been independently validated and integrates Zoom’s responses with analytics, threat intelligence, and risk models. CyberGRX’s Framework Mapper allows for the mapping of Zoom’s assessment to over 20 different commonly used industry frameworks and standards, such as NIST SP 800-53, NIST CSF, ISO 27001, PCI-DSS, HIPAA, CMMC, SOC 2, CSA STAR, NY-DFS, FFIEC, etc. Additionally, CyberGRX risk analytics platform and assessment questions are mapped to the MITRE ATT&CK framework and taxonomy. This enables customers to discover the controls that can mitigate the threats applicable for their industry, and the supporting controls that indirectly affect the efficacy of the attack techniques.
The Zoom CyberGRX report is available to all customers free of cost. Customers can request access to the report by completing an access request form, available on the Zoom CyberGRX page.