Box Announces Department of Defense Level 4 Authorization and Launches Box KeySafe for Government


District of Columbia Government Chooses Box to Power Collaboration for 35,000-member Workforce

REDWOOD CITY, Calif.--(BUSINESS WIRE)-- Box, Inc. (NYSE: BOX), a leader in cloud content management, today announced that it has received Department of Defense SRG Impact Level 4 Authorization by the Defense Information Systems Agency (DISA), and is also currently undergoing work to achieve a FedRAMP High baseline assessment and authorization. In addition, the company announced the availability of Box KeySafe for Government delivered through its partnership with Amazon Web Services’ GovCloud and that the Office of the CTO for the District of Columbia Government has selected Box to manage sensitive information in the cloud and improve the speed and flexibility of its workforce collaboration.

“At Box, we’re continually focused on ways to provide the most secure and compliant cloud content management solution that enables government agencies to simplify every day workflows and effectively serve their constituents,” said Sonny Hashmi, Managing Director of Global Public Sector. “Our new DoD SRG Level 4 authorization, and our work to meet FedRAMP High baseline represent our continued commitment to meet the specialized security and compliance needs of the 6,500 government agencies that we serve world-wide.”

Department of Defense Level 4 Authorization

Box announced that the Department of Defense (DoD), Defense Information Systems Agency (DISA) has granted Box a Provisional Authority to Operate (P-ATO) at the DoD Cloud Computing SRG Impact Level 4 for Controlled Unclassified Information. With this authorization, Box continues to reinforce its commitment to offer products and services to support the DoD mission, allowing the Department to manage sensitive, unclassified data within its mission components. Using Box in an Impact Level 4 environment, DoD missions can automate and streamline logistics, acquisition planning, defense health information, and mobility support, allowing servicemen and women to access relevant mission data from within the DoD unclassified networks.

Box has already achieved certification to meet several industry specific compliance requirements, including FedRAMP Moderate, CJIS, IRS-1075, ITAR, HIPAA, PCI DSS 3.1, FINRA/SEC 17a-4, FISMA, ISO27001:2013, and ISO 27018.

FedRAMP High Baseline Assessment and Authorization

Box is also currently working towards an assessment and authorization process for high impact baseline. The newly released FedRAMP high baseline requires cloud service providers to meet additional security and compliance controls, required to manage the most highly sensitive non-classified data for Federal civilian agencies. Box is planning to complete the assessment within the coming months.

Box KeySafe with AWS GovCloud

Box KeySafe for Government enables government agencies and the organizations that work with the US government to gain independent control over their content encryption keys without sacrificing the ease of use or limiting the powerful collaboration features of Box. Box KeySafe leverages Amazon Web Services (AWS) Key Management Service (KMS) in the AWS GovCloud region, enabling Box to address the needs of US Government entities and other highly regulated customers with the highest security and compliance requirements. Using Box KeySafe with AWS GovCloud, agencies can ensure compliance as they move highly sensitive workloads into the cloud, including content that is subject to ITAR/EAR, CJIS and IRS-1075 requirements. This solution reduces the risk of insider threats in the cloud, improves agencies’ visibility into the security and compliance of cloud data, and allows for unprecedented control to meet law enforcement, national security sensitive, and export controlled information in the cloud.

The District of Columbia, Office of the Chief Technology Officer

The District of Columbia, Office of the Chief Technology Officer (OCTO) has selected Box to manage sensitive information in the cloud, allowing them to cost effectively improve mission outcomes. In partnership with Box, OCTO continues to invest in modern, innovative technology solutions to enable the District's 35,000-member workforce, allowing them to continually improve the services they provide to residents and visitors.

"OCTO's mission is to direct the strategy, deployment, and management of DC Government technology with an unwavering commitment to IT excellence, efficiency, and value,” said Archana Vemulapalli, Chief Technology Officer of the District of Columbia. “OCTO is excited to partner with Box to leverage the economies of scale of on-demand, cost effective and compliant cloud services, allowing us to focus on mission outcomes, rather than managing legacy IT activities.”

To learn more about Box for government, please visit

About Box

Box (NYSE:BOX) is the cloud content management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications. Founded in 2005, Box powers more than 71,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit

Source: Box, Inc.

Box PR

Ashley McClusky, 650-543-6926