BlueCross BlueShield
EE logo black

Federal organizations depend on Imperva SecureSphere Data Security solutions to discover, classify, and protect sensitive data, manage access rights, and mitigate risks of attacks on applications, files, and databases. SecureSphere establishes a repeatable data risk management process and provides a fast and cost-effective route to regulatory compliance.

Reduce the cost of FISMA compliance

Imperva solutions enable many of the controls required by FISMA as well as guidelines provided by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS) and the Department of Defense (DoD).

NIST SP 800-53

Imperva SecureSphere discovers, classifies, and protects sensitive data and manages access rights to satisfy the SP 800-53 guidelines.

NIST SP 800-137 ISCM

Imperva data security provide practical solutions to implement and continuously monitor security controls to demonstrate compliance with SP 800-137.


Imperva data security solutions perform assessments based on the DISA STIG and documents vulnerabilities that put databases at risk and configurations that deviate from defined standards.

IRS 1075

Imperva data security solutions address multiple sections of this guideline, including audit and security guidance to ensure that access to FTI (federal tax information) is limited to only those individuals who are authorized to access and have a need to know.

FIPS 140-2 Standard

Imperva database, file, and web security solutions implement the FIPS 140-2 standard. Imperva data security solutions meet the following two key government requirements: United States FIPS 140-2 Cryptographic Module Validation Authority (CMVA), set by the National Institute of Standards and Technology; and the Canadian FIPS 140-2 CMVA, set by the Communications Security Establishment (CSE).

Imperva SecureSphere is Common Criteria Certified

Imperva SecureSphere v11.5 for Web Application Firewall (WAF) and Database Audit and Protection (DAP) have achieved common criteria certification under the uncompromising National Information Assurance Partnership (NIAP) common criteria evaluation and validation scheme (CCEVS). The certified products are compliant with Protection Profile for Network Devices version 1.1.

For certification details, please visit https://www.niap-ccevs.org/st/Compliant.cfm?pid=10653

This certification applies to Imperva SecureSphere v11.5 Patch 5 Gateway Appliances: X1010, X10K, X2010, X2510, X4510, X6510, X8510 MX Management Server Appliances: M110, M160, and Virtual Appliances: V1000, V2500, V4500 (for Gateway), VM150 (for MX) and optionally a SecureSphere Operations Manager (SOM) Management Server Appliance M160 and Virtual Machine Appliance VM150.

The certification above builds upon the previous Common Criteria certification for Information Technology Security Evaluation, Version 3.1 (Revision 3) with Evaluation Assurance Level 2 (EAL2) that SecureSphere v9.0 received in 2012. The certificate was issued by the NIAP, and the EAL2 validation report is available at https://www.commoncriteriaportal.org/files/epfiles/st_vid10466-vr.pdf.

Imperva is GSA approved

Imperva is a GSA approved vendor. For more information on our contract, please contact sales@imperva.com.

Imperva is a Continuous Diagnostics and Mitigation (CDM) approved vendor

The CDM is a $6B funded program by the Department of Homeland Security (DHS) that provides any civilian federal agency the tools and integration needed to protect the cyber infrastructure of the .gov network environment. Imperva is one of only 17 approved CDM vendors. The GSA and DHS use the GSA IT Schedule 70 as the contract vehicle. DHS will pay for the cost of CDM tools and integration if you participate via a Continuous Monitoring as a Service (CMaaS) task order. Learn more about how Imperva provides CDM services here.

Comply with EU GDPR Requirements

Imperva data security solutions help your agency meet the EU GDPR data privacy and security requirements for handling EU resident and visitor data. Imperva SecureSphere identifies and appropriately classifies data, Imperva CounterBreach detects breaches, while Imperva Camouflage Data Masking pseudonymizes or anonymizes personal data.

Detect and block insider threats

Malicious, compromised, and careless insiders all have permission to access agency data. They pose the greatest risk and often go undetected until it’s too late. Imperva CounterBreach detects suspicious behavior by setting a baseline for ‘normal’ user behavior on databases, file servers, and SaaS applications, then automatically detects and flags suspicious data access events. You’ll spot the riskiest users and be able to stop insider data threats before they become breaches.

Stop application-level attacks

As agencies comply with the Digital Government Strategy to move online, they also create a massive attack surface for cyber criminals. Imperva WAF solutions stop application-level attacks and protect applications and the back-end data behind them. Imperva is the only web application firewall rated a leader for four years running in the Gartner Magic Quadrant for Web Application Firewalls report.

Stay one step ahead with Imperva threat intelligence

Imperva Threat Radar is an advance-warning system that stops emerging threats by collecting, comparing, and analyzing attack data from a variety of trusted sources, and provides SecureSphere web application and database firewalls with data on bad IPs, signatures, worms, and viruses. Global threat research from Imperva research team and community feeds from Imperva customers comprise the global threat intelligence updates that feed Imperva solutions.

Why choose Imperva for GDPR compliance?

Always-on data security solutions

Imperva SecureSphere, Imperva CounterBreach, and Imperva Threat Radar provide data protection solutions that automate data security and protect websites, applications, and databases wherever you deploy them.

Trusted by industry leaders

Thousands of customers worldwide, including government agencies, financial services firms, and healthcare companies, rely on Imperva to protect critical, sensitive data, and applications and ensure compliance.

GSA approved

Imperva is a GSA and CDM approved vendor.

Gartner Peer Insights The security features are the most comprehensive - especially on their DB Firewall - which is lightweight, yet powerful. On the WAF side, we like the fact that we could go with a cloud SaaS offering or an on-premises appliance. The vendor is easy to work with. Their product differentiates itself from the competitors in several ways. Their products are lightweight, yet powerful. Solutions Architect in the Government Industry (5-star rating on Gartner Peer Insights)

    Federal Agency Security Resources

    White paper

    Meeting NISC SP 800-53 Guidelines

    Find out how Imperva meets compliance requirements.

    Read whitepaper ›

    Cyberthreat Defense Report for Government


    See recent trends in government cyber defense.

    View infographic ›

    Fallout from Data Breaches is Growing for U.S. Government Agencies


    Learn how Imperva can help you mitigate risk.

    Read ebook ›