MFT Security and Compliance

Is GoAnywhere Secure?

ga-managed-file-transfer-more-securitys

GoAnywhere MFT works within compliance frameworks, regulations, and standards to help you make the best decisions for your data security. GoAnywhere is ready to help you in your quest for compliance and assist you in processing your data in a secure manner. Whether you use GoAnywhere MFT on-premises or our MFTaaS SaaS solution, you get to make the choices on how to manage, monitor, and audit the controls surrounding your data.

Start Your Secure MFT Trial

Our Data Security Mission and Philosophy

Why do we care about security and compliance so much?

ga-security-compliance

As a software solution dedicated to protecting your sensitive data in motion and at rest, GoAnywhere MFT takes all aspects of data security seriously. We actively improve MFT security and compliance in GoAnywhere and maintain a roadmap to keep us moving forward. Whether you choose GoAnywhere MFT or our MFaaS solution, you will always be in the driver seat on your data security.

Meet all your IT security and compliance requirements with GoAnywhere MFT. GoAnywhere helps organizations and IT professionals alike comply with regulations, standards, and technologies by providing enterprise-level MFT security features.

Get the infographic: Meeting IT Security and Compliance Requirements with GoAnywhere

For more information, download our datasheet: Our Approach to Security & Compliance

Enabling Data Security Compliance with MFT

ga-security-compliance-regulations

Achieving compliance requires a holistic view and plan. With GoAnywhere MFT, you can secure your sensitive files and transmit data using the latest security standards to keep your data secure and comply with regulations, frameworks, and standards. GoAnywhere MFT addresses many controls in popular and widely-used security frameworks, standards, and regulations, including:

PCI DSS

  • Centralized controls and management
  • Role-based administration and permissions
  • Strong Key Management System (KMS)
  • Detailed audit logs and reporting
  • PCI Security Settings Audit Report

Learn More

The GDPR

  • File transfer encryption technologies (e.g. Open PGP, SSH, and TLS)
  • Integrity checks for successful file transfers
  • Detailed audit logs and reporting
  • Module for sending sensitive emails
  • Admin User Roles for auditors and security or data protection officers

Learn More

HIPAA & HITECH

  • File transfer monitoring
  • Detailed audit logs and reporting
  • Granular user permissions
  • Secure data exchange using SFTP, SCP, FTPS, and HTTPS

Learn More

FISMA & NIST

  • A FIPS 140-2 compliance mode for all file transfers
  • Detailed audit logs and reporting
  • Granular user permissions
  • Stringent security controls

Learn More

Australia's CDR

  • Role-based administration and permissions to access data
  • Detailed audit logs and reporting
  • File encryption technologies
  • MFT security settings for sending and receiving confidential emails

Learn More

PIPEDA

  • Stringent security controls and role-based user access
  • Data encryption technologies
  • Secure data exchange

Learn More

California Consumer Privacy Act

  • Detailed audit logs and reporting
  • Centralized controls and management
  • File transfer encryption technologies

Learn More

Singapore's PDPA

  • Limited data access based on user permissions
  • Data encryption at rest and in motion
  • Detailed audit logs and reporting

Learn More

Do you have specific requirements or risks you want to address? We will collaborate with you to help you understand how GoAnywhere can assist in your compliance efforts.

  • CIS
  • FISMA & NIST (800-53r4, CSF, PS 800-37r2 RMF)
  • ISO 27001 & 27002
  • SOC 2
  • SOX
  • Australia's CDR
  • PIPEDA
  • CCPA
  • Singapore's PDPA

Explore Compliance in Your Industry  

Security Features in GoAnywhere MFT

  • Generate full audit trails of all user events and file activity with reporting 
  • Generate reports of file transfer activity, user statistics, and completed jobs from within the console
  • Feed audit log messages to a central SYSLOG server
  • Use Domains to virtually segment a GoAnywhere installation into multiple security zones
  • Filter connections with IP blacklists and whitelists (Global and User level)
  • Block Brute-Force and Denial of Service (DoS) attacks with an automatic IP blacklist
  • Authenticate SFTP connections with passwords and/or SSH keys
  • Utilize only FIPS 140-2 certified encryption algorithms to meet U.S. Government (NIST) standards
  • Authenticate FTPS and HTTPS connections with passwords and/or SSL certificates
  • Automatically encrypt files on disk using AES 256 encryption
  • Ability to accept or reject files with certain extensions
  • Run services under non-standard port numbers
  • Create and manage SSL certificates, SSH keys, and Open PGP keys through integrated screens
  • Authenticate users against LDAP, Active Directory (AD), IBM i profiles, RADIUS, RSA SecurID, Google Authenticator, Duo Security, and other IAM (Identity and Access Management) solutions
  • Define administrator user permissions for separation of duties
  • SAML support for single sign-on and dual factor authentication
  • Restrict users to specific home directories and subfolders
  • Specify folder level permissions (upload, download, delete, rename, etc.) by user and group
  • Restrict user logins to certain days-of-week or times-of-day
  • Set password policies and expiration intervals
  • Authorize selected services (e.g. FTP, SFTP, FTPS, HTTPS and AS2) to certain users and groups
  • Disable user accounts after maximum login attempts
  • Disable user accounts automatically after a period of inactivity
  • Receive instant notifications on login failures
  • Disable anonymous login
  • View the active sessions for logged-in users with the ability to terminate (kick) sessions

Have a Feature Question? Ask an Expert

While many organizations still use multiple solutions for their secure file transfer needs, GoAnywhere gives organizations the opportunity to centralize their encryption processes within a single, affordable solution for the enterprise. Reduce your exposure with GoAnywhere’s cutting-edge encryption technologies for data in transit and at rest:

  • NIST-certified FIPS 140-2 crypto module
  • Strong cipher suites
  • Secure transmission protocols
  • Detailed audit logs
  • Role-based access control
  • Multi-factor authentication

End-users can also securely upload files from their own infrastructure, which mitigates organizational remote access compliance issues.

View all Encryption Technologies  

System Hardening

ga-security-compliance-encryption

System hardening is a process used to reduce IT vulnerabilities. It typically includes securing system configurations and strengthening internal operating procedures to reduce any available attack surface within an organization.

Fortra strives to apply security best practices in the design, development, and testing of GoAnywhere MFT. GoAnywhere MFT’s security resources, including our services team, are available to assist customers throughout the GoAnywhere MFT hardening process.

Interoperability

ga-security-compliance-interoperability

GoAnywhere MFT has the ability to interface with partners and external users via multiple protocols and advanced workflows. GoAnywhere is thoroughly tested for interoperability with enterprise-level operating systems, popular web browsers, and to meet commercial and federal compliance regulations. These features make GoAnywhere an excellent integrator at an affordable price. Organizations have used GoAnywhere to create multi-state interoperable systems with 24/7 functionality, meet Drummond requirements for AS2, and provide technical safeguards for file transfers between health organizations. 

Learn how organizations use GoAnywhere MFT. There are many ways to connect your GoAnywhere instance with servers, tools, and popular cloud and web apps. Learn about GoAnywhere’s connectivity features, our Cloud Connectors, ways to integrate GoAnywhere MFT with applications you use every day, or our Secure ICAP Gateway, with introduces deep content inspection engine, adaptive data redaction, and flexible policy settings to GoAnywhere MFT’s secure file transfer capabilities.

Contact Our Services Team 

Certifications & Partnerships

GoAnywhere has received the following certifications:

drummond-certified

AS2 Drummond Certified

GoAnywhere MFT is Drummond Certified™ for AS2 which ensures compliance and compatibility with other AS2 solutions. GoAnywhere is also certified for SHA-2, Multiple Attachments, Filename Preservation, and Chunked Transfer Encoding with AS2.

microsoft_logo

Certified for Windows Server 2012

The GoAnywhere products successfully completed the Certified for Windows Server 2012 requirements using the robust Microsoft Platform Ready tools.

ibm_business_partner

IBM Ready for Power Systems Software

GoAnywhere meets or exceeds IBM's criterion for integration with the Power Systems software stack for System Management, Energy, Security, Availability and Virtualization. Fortra is an IBM Business Partner and fully supports GoAnywhere on AIX, i, and Linux.

microsoft_azure

Microsoft Azure

The Azure Marketplace is an online store that offers applications and services either built or designed to integrate with Microsoft Azure. By obtaining a listing on the Marketplace, Microsoft has acknowledged that GoAnywhere MFT is certified and optimized to run on Azure.

vmware

VMware Ready

Secure Managed File Transfer is ready for virtual private cloud infrastructure when running GoAnywhere Managed File Transfer on vSphere from VMware.

Partnerships

Active involvement in the industries it serves keeps GoAnywhere MFT on the leading edge of secure file transfer services. Current professional partnerships include:

common_user_group
docker-partner
ibm_business_partner
silver-partner
open-pgp
oracle
red_hat
rsa-ready-technology-partner
vmware

LEARN MORE

What GoAnywhere Users Say

Move Files Securely with GoAnywhere Managed File Transfer

Obtain a personalized quote based on the features you need.

Request Pricing