MFT Security and Compliance

Is GoAnywhere Secure?


GoAnywhere MFT works within compliance frameworks, regulations, and standards to help you make the best decisions for your data security. GoAnywhere is ready to help you in your quest for compliance and assist you in processing your data in a secure manner. Whether you use GoAnywhere MFT on-premises or our MFTaaS SaaS solution, you get to make the choices on how to manage, monitor, and audit the controls surrounding your data.


Start Your Secure MFT Trial

Our Data Security Mission and Philosophy


Why do we care about security and compliance so much?

Because you care

Because it affects your business

Because it's the right thing to do

As a software solution dedicated to protecting your sensitive data in motion and at rest, GoAnywhere MFT takes all aspects of data security seriously. We actively improve MFT security and compliance in GoAnywhere and maintain a roadmap to keep us moving forward. Whether you choose GoAnywhere MFT or our MFaaS solution, you will always be in the driver seat on your data security.

Meet all your IT security and compliance requirements with GoAnywhere MFT. GoAnywhere helps organizations and IT professionals alike comply with regulations, standards, and technologies by providing enterprise-level MFT security features.

Get the infographic: Meeting IT Security and Compliance Requirements with GoAnywhere

For more information, download our datasheet: Our Approach to Security & Compliance

Enabling Data Security Compliance with MFT


Achieving compliance requires a holistic view and plan. With GoAnywhere MFT, you can secure your sensitive files and transmit data using the latest security standards to keep your data secure and comply with regulations, frameworks, and standards. GoAnywhere MFT addresses many controls in popular and widely-used security frameworks, standards, and regulations, including:


  • Centralized controls and management
  • Role-based administration and permissions
  • Strong Key Management System (KMS)
  • Detailed audit logs and reporting
  • PCI Security Settings Audit Report

Learn More


  • File transfer encryption technologies (e.g. Open PGP, SSH, and TLS)
  • Integrity checks for successful file transfers
  • Detailed audit logs and reporting
  • Module for sending sensitive emails
  • Admin User Roles for auditors and security or data protection officers

Learn More


  • File transfer monitoring
  • Detailed audit logs and reporting
  • Granular user permissions
  • Secure data exchange using SFTP, SCP, FTPS, and HTTPS

Learn More


  • A FIPS 140-2 compliance mode for all file transfers
  • Detailed audit logs and reporting
  • Granular user permissions
  • Stringent security controls

Learn More

Australia's CDR

  • Role-based administration and permissions to access data
  • Detailed audit logs and reporting
  • File encryption technologies
  • MFT security settings for sending and receiving confidential emails

Learn More


  • Stringent security controls and role-based user access
  • Data encryption technologies
  • Secure data exchange

Learn More

California Consumer Privacy Act

  • Detailed audit logs and reporting
  • Centralized controls and management
  • File transfer encryption technologies

Learn More

Singapore's PDPA

  • Limited data access based on user permissions
  • Data encryption at rest and in motion
  • Detailed audit logs and reporting

Learn More


Do you have specific requirements or risks you want to address? We will collaborate with you to help you understand how GoAnywhere can assist in your compliance efforts.

  • CIS
  • FISMA & NIST (800-53r4, CSF, PS 800-37r2 RMF)
  • ISO 27001 & 27002
  • SOC 2
  • SOX
  • Australia's CDR
  • CCPA
  • Singapore's PDPA

Explore Compliance in Your Industry  

Security Features in GoAnywhere MFT

Auditing & Reporting

  • Generate full audit trails of all user events and file activity with reporting
  • Generate reports of file transfer activity, user statistics, and completed jobs from within the console

Feed audit log messages to a central SYSLOG server

Authentication & Encryption

  • Use Domains to virtually segment a GoAnywhere installation into multiple security zones
  • Filter connections with IP blacklists and whitelists (Global and User level)
  • Block Brute-Force and Denial of Service (DoS) attacks with an automatic IP blacklist
  • Authenticate SFTP connections with passwords and/or SSH keys
  • Utilize only FIPS 140-2 certified encryption algorithms to meet U.S. Government (NIST) standards
  • Authenticate FTPS and HTTPS connections with passwords and/or SSL certificates
  • Automatically encrypt files on disk using AES 256 encryption
  • Ability to accept or reject files with certain extensions
  • Run services under non-standard port numbers
  • Create and manage SSL certificates, SSH keys, and Open PGP keys through integrated screens

User Access & Controls

  • Authenticate users against LDAP, Active Directory (AD), IBM i profiles, RADIUS, RSA SecurID, Google Authenticator, Duo Security, and other IAM (Identity and Access Management) solutions
  • Define administrator user permissions for separation of duties
  • SAML support for single sign-on and dual factor authentication
  • Restrict users to specific home directories and subfolders
  • Specify folder level permissions (upload, download, delete, rename, etc.) by user and group
  • Restrict user logins to certain days-of-week or times-of-day
  • Set password policies and expiration intervals

Have a Feature Question? Ask an Expert

  • Authorize selected services (e.g. FTP, SFTP, FTPS, HTTPS and AS2) to certain users and groups
  • Disable user accounts after maximum login attempts
  • Disable user accounts automatically after a period of inactivity
  • Receive instant notifications on login failures
  • Disable anonymous login
  • View the active sessions for logged-in users with the ability to terminate (kick) sessions

Data Encryption Methods & Technologies


While many organizations still use multiple solutions for their secure file transfer needs, GoAnywhere gives organizations the opportunity to centralize their encryption processes within a single, affordable solution for the enterprise. Reduce your exposure with GoAnywhere’s cutting-edge encryption technologies for data in transit and at rest:

  • NIST-certified FIPS 140-2 crypto module
  • Strong cipher suites
  • Secure transmission protocols
  • Detailed audit logs
  • Role-based access control
  • Multi-factor authentication

End-users can also securely upload files from their own infrastructure, which mitigates organizational remote access compliance issues.

View all Encryption Technologies  

System Hardening


System hardening is a process used to reduce IT vulnerabilities. It typically includes securing system configurations and strengthening internal operating procedures to reduce any available attack surface within an organization.

Fortra strives to apply security best practices in the design, development, and testing of GoAnywhere MFT. GoAnywhere MFT’s security resources, including our services team, are available to assist customers throughout the GoAnywhere MFT hardening process.

Contact Our Services Team  



GoAnywhere MFT has the ability to interface with partners and external users via multiple protocols and advanced workflows. GoAnywhere is thoroughly tested for interoperability with enterprise-level operating systems, popular web browsers, and to meet commercial and federal compliance regulations. These features make GoAnywhere an excellent integrator at an affordable price.

Organizations have used GoAnywhere to create multi-state interoperable systems with 24/7 functionality, meet Drummond requirements for AS2, and provide technical safeguards for file transfers between health organizations. Learn how organizations use GoAnywhere MFT.

There are many ways to connect your GoAnywhere instance with servers, tools, and popular cloud and web apps. Learn about GoAnywhere’s connectivity features, our Cloud Connectors, ways to integrate GoAnywhere MFT with applications you use every day, or our Secure ICAP Gateway, with introduces deep content inspection engine, adaptive data redaction, and flexible policy settings to GoAnywhere MFT’s secure file transfer capabilities.

GoAnywhere MFT Meets Common Criteria, NIAP Standards for NSS Procurement


Fortra’s GoAnywhere MFT is available for National Security System (NSS) Procurement, per the Committee on National Security Systems Policy #11. The Validation Report and Security Target are posted on the NIAP Product Compliant List. This milestone recognizes that GoAnywhere has met the rigorous security standards, including Common Criteria certification required for federal government buyers and other security-forward organizations.

Certifications & Partnerships


GoAnywhere has received the following certifications:


Common Criteria Certified

GoAnywhere MFT is the only MFT solution included on the Product Compliant List of the National Information Assurance Partnership’s Common Criteria Evaluation and Validation Scheme (NIAP-CCEVS). This milestone recognizes that GoAnywhere has met the rigorous security standards for NIAP, the resource required for federal government buyers and other security-forward organizations.


AS2 Drummond Certified

GoAnywhere MFT is Drummond Certified™ for AS2 which ensures compliance and compatibility with other AS2 solutions. GoAnywhere is also certified for SHA-2, Multiple Attachments, Filename Preservation, and Chunked Transfer Encoding with AS2.


Certified for Windows Server 2012

The GoAnywhere products successfully completed the Certified for Windows Server 2012 requirements using the robust Microsoft Platform Ready tools.


IBM Ready for Power Systems Software

GoAnywhere meets or exceeds IBM's criterion for integration with the Power Systems software stack for System Management, Energy, Security, Availability and Virtualization. Fortra is an IBM Business Partner and fully supports GoAnywhere on AIX, i, and Linux.


Microsoft Azure

The Azure Marketplace is an online store that offers applications and services either built or designed to integrate with Microsoft Azure. By obtaining a listing on the Marketplace, Microsoft has acknowledged that GoAnywhere MFT is certified and optimized to run on Azure.


VMware Ready

Secure Managed File Transfer is ready for virtual private cloud infrastructure when running GoAnywhere Managed File Transfer on vSphere from VMware.



Active involvement in the industries it serves keeps GoAnywhere MFT on the leading edge of secure file transfer services. Current professional partnerships include:

IBM Business Partner
Microsoft Partner
Open PGP
Red Hat ISV Partner
VMware Partner


Learn More

What GoAnywhere Users Say

Move Files Securely with GoAnywhere Managed File Transfer

Obtain a personalized quote based on the features you need.


Request Pricing