4 Things You Should Know About Zoom for Government

As part of the normal course of business, U.S. Federal Government employees need to collaborate online while safeguarding crucial information and mitigating risk. To address these requirements, Zoom has a separate platform called Zoom for Government that’s designed to support the security controls and certifications required by the U.S. government.

Here are four key things you should know about Zoom for Government:

Zoom is a proud American company, founded and based in San Jose, Calif. To support federal departments and agencies, we created the Zoom for Government solution, which leverages the U.S.- based GovCloud infrastructure and is 100% maintained within continental U.S.- based data centers. 

Zoom source code is stored and versioned in the United States and deployed and managed only by teams in the United States. Our U.S.-based teams conduct multi-layered code reviews across the secure development lifecycle, performing activities such as static and dynamic application security testing, malware and vulnerability scanning, and behavior analysis. 

Since 2019, Zoom for Government has obtained continuous authorization and approval from FedRAMP, a federal program that evaluates the security of solutions and provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP approval enables agencies to evolve from legacy infrastructures to mission-critical, secure, and cost-effective cloud technology. 

Zoom for Government resides on the AWS GovCloud, which is also subject to FedRAMP controls and continuous compliance monitoring. As part of these compliance monitoring requirements, our government-focused platform reports monthly to FedRAMP and DISA (DoD) all Plan of Action and Milestone (POAM) items. Most recently, our AI capabilities were reviewed and also approved by FedRAMP and DoD.

Since 2019, we have earned numerous other independent certifications and attestations  including:

• HIPAA attestation (2021)
• FBI Criminal Justice Information Services (CJIS) attestation (2022)
• StateRAMP authorization (2022)
• DoD Provisional Authorization and Impact Level 4 (2022)

Zoom for Government has maintained—without interruption—the rigorous standards and accreditations of these programs since their initial authorizations.

It’s more than just meetings

While Zoom for Government users leverage Zoom Meetings to collaborate in real-time, the  platform extends beyond meetings. In fact, Zoom Webinars, Zoom Rooms, Zoom Phone, Zoom Team Chat, Zoom Contact Center, Zoom Whiteboard, Zoom AI Companion (Meeting Summary), Workplace Reservation, Zoom Mesh, Zoom Events and Zoom Sessions are FedRAMP authorized and meet the other certifications and authorizations.

Zoom for Government was designed for agencies across the three branches of government, national public institutions, branches of the U.S. Armed Forces, state and local governments, and approved contractors that collaborate with federal agencies. Most commercial organizations don’t require the certifications and authorizations native to Zoom for Government. The commercial Zoom platform, however, includes the same strong 256-bit AES-GCM encryption as Zoom for Government and is built with a security-first architecture that helps keep all organizations safe. 

Our Zoom for Government platform offers a similar experience as the commercial Zoom platform, but operates in a dedicated, U.S.-based GovCloud infrastructure designed to meet the requirements of FedRAMP Moderate baseline and DoD Impact Level 4. Both Zoom for Government and commercial Zoom use the same codebase, but Zoom for Government updates are generally released on a separate schedule, which can be up to several weeks after the changes are made on the commercial Zoom platform allowing for compliance review for Zoom for Government.

Security, privacy, and safety are top priorities for us at Zoom, which is why Zoom for Government was specifically created to meet security requirements established by the Federal Government. We hold ourselves to the highest standards, maintain industry best practices, and continually enhance our policies, procedures, and platform to safeguard our customers and their information. We have a robust and multilayered security organization, including teams that work to prevent, identify, and remediate vulnerabilities, along with world-class external security experts. In recent years we have also invested considerable time and resources to build an industry-leading insider risk mitigation program. 

Our work platform was designed with security in mind and leverages Zoom’s 256-bit AES-GCM encryption. This ensures federal employees can safely deploy specific applications necessary for their job function and protect the exchange of crucial data.

Some of our security initiatives and programs include: 

• The Bug Bounty program, which leverages hundreds of the world’s leading security researchers and third-party researchers to identify vulnerabilities.
• Engaging MITRE Engenuity (in 2021), to conduct a third-party review of Zoom’s source code, which includes our Zoom for Government offering. The review results were overwhelmingly favorable and we further enhanced our security based on the findings.

Experience Zoom for Government 

Whether you’re a federal employee or an everyday professional, all versions of Zoom are designed to enable seamless and secure collaboration, while prioritizing users’ privacy, security, and experience, all in one work platform. 

 To learn more about Zoom for Government, get details on our Zoom for Government page, find us on the FedRAMP Marketplace, or email fedramp@zoom.us.

Editor’s note: This blog post was edited on February 7, 2025, to include the most up-to-date information on Zoom for Government features.

 Other helpful links:

• Legal Compliance
• Security White Paper
• Zoom AI Companion Security and Privacy Whitepaper
• An Introduction to AI Safety and Security
• Zoom Security and Compliance FAQ
• Using end-to-end encryption (E2EE) in Zoom meetings