We take security seriously

A cloud security solution is a critical component of your IT infrastructure. It controls how employees, contractors, partners, and customers gain access to cloud services. McAfee MVISION Cloud is designed from the ground up to help you meet your security and compliance needs and be the enterprise-grade service you can trust.

McAfee has invested heavily to provide an enterprise-grade service. Those investments include:

  • SOC2 Type II
  • FedRAMP
  • ISO 27001
  • ISO 27017
  • ISO 27018
  • FIPS 140-2
  • IRAP
  • Transparency of Controls & Compliance
  • Operations & Data
  • Security Expertise & Oversight
  • Independent Penetration & Vulnerability Testing


The following section gives an overview of the third-party and industry standard certifications that have been completed or are in progress for the MVISION Cloud’s product suite.

SOC2 Type II

SOC 2 Type II report is an attestation for the management of MVISION Cloud organization assertion that certain controls are in place to meet the AICPA’s SOC 2 Trust Services Criteria (TSC).

The Trust Services Criteria are noted below:

  • Security —The system is protected against unauthorized access (both physical and logical).
  • Availability — The system is available for operation and use as committed or agreed.
  • Processing Integrity — System processing is complete, accurate, and authorized.
  • Confidentiality — Information that is designated “confidential” is protected according to policy or agreement.
  • Privacy — Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA.

The report contains an opinion from a CPA firm that states whether the CPA firm agrees with management’s assertion. The opinion states that the appropriate controls are in place to address the selected TSCs and the controls are designed (Type I report) or designed and operating effectively (Type II report).

SOC2 Type II


MVISION Cloud has received the Federal Risk and Authorization Management Program (FedRAMP) certification and can enable agencies to meet the US Government’s Cloud policy by enabling them to adopt Software as a Service (SaaS) solutions (e.g. Office 365) while seamlessly enforcing their security, compliance, and governance policies. This certification requires cloud providers to pass rigorous security requirements that are mandatory for all federal agencies. Skyhigh (now MVISION Cloud) is the first Cloud Access Security Broker (CASB) to be designated a “FedRAMP Compliant System”.


ISO 27001

ISO 27001 is one of the most robust certifications a cloud provider can attain. Attaining ISO certification is a reflection of MVISION Cloud’s commitment to security across multiple functions. Skyhigh (now MVISION Cloud) is proud to be the first CASB to attain this certification and join the 4% of cloud providers who have gone through this extensive validation process. Conforming to ISO 27001 includes mandatory training and testing of all employees around general IT security issues and online threats. MVISION Cloud has obtained ISO 27001 certification after engaging with the British Standards Institute (BSI), demonstrating its commitment to open standards and controls as well as the maturity of its controls and practices in place.

ISO 27001

ISO 27017

ISO 27017 is an additional ISO standard that provides additional information security controls implementation guidance specific to cloud service providers. MVISION Cloud is one of the first CASBs to attain the ISO 27017 certification in the United States. This International Standard provides guidelines supporting the implementation of information security controls for cloud service customers, who implement the controls, and cloud service providers to support the implementations of those controls. It also assigns accountability on the part of both the cloud service provider and the cloud service customer. This certification, like 27018, further enables customers to meet their own privacy obligations as required by local and industry regulations.

ISO 27018

ISO 27018 is the first international standard focusing on the protection of personal data in the public cloud and establishes controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) stored in the public cloud. Skyhigh (now MVISION Cloud) is not only the first CASB to attain the ISO 27018 certification but is also among the first major cloud service providers to achieve this certification in the United States. This certification confirms that MVISION Cloud has built in the security controls to protect customer PII. It ensures that MVISION Cloud processes PII in accordance to customer instructions, maintains transparency on how information is stored, deleted and accessed, does not use customer data for advertising, and will disclose to the customer any law enforcement requests for their data. This certification further enables customers to meet their own privacy obligations as required by local and industry regulations.

ISO 27018

FIPS 140-2

MVISION Cloud is FIPS certified. FIPS 140-2 has also become the de facto standard for encryption beyond the federal government and is recognized as an important security standard outside the United States. The FIPS 140-2 certification provides assurance that MVISION Cloud’s encryption has undergone rigorous third-party testing and can provide the highest level of protection to enterprises.


CSA STAR is a security assurance program for cloud providers, established by Cloud Security Alliance (CSA), a recognized authority on cloud security. STAR encompasses key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring based on CSA’s Cloud Controls Matrix (CCM). CSA’s CCM is a set of cloud-specific security controls mapped to leading standards, best practices, and regulations. MVISION Cloud is CSA STAR self-assessed, which confirms its alignment with cloud security best practices and validates the security posture of its cloud offering. MVISION Cloud ‘s Consensus Assessments Initiative Questionnaire (CAIQ) is available at https://cloudsecurityalliance.org/star/registry/mcafee/.



McAfee MVISION Cloud is the first Cloud Access Security Broker (CASB) platform to receive certification under the Australian Information Security Registered Assessors Program (IRAP) at a PROTECTED security classification level.

IRAP is an initiative led by the Australian Signals Directorate (ASD) to provide high-quality information and communications technology (ICT) security assessment services to the Australian Federal Government.

Based on the completion of this Cloud Security Assessment, the McAfee MVISION Cloud is now certified to meet the control and security objectives defined through the Australian Cybersecurity Centre’s (ACSC) Cloud Security Assessment and Authorization Framework. Attaining an IRAP accreditation under a protected security classification level means McAfee is now authorized to secure highly sensitive data and infrastructures for the Australian government.


Transparency of Controls & Compliance

McAfee has been awarded the TRUSTe Privacy Seal signifying that our privacy policy and practices meet their TRUSTed Cloud Program Requirements and compliance certification for EU Safe Harbor requirements. Our controls have also been submitted for inclusion in the Cloud Security Alliance Security, Trust and Assurance Registry.

Operations & Data

McAfee Operations partners with trusted industry leaders like AWS and XO communications to provide a secure, performant, highly available infrastructure. Access to infrastructure is closely controlled and limited to trusted senior team members. Two-factor authentication and IPSec Virtual Private Networks (VPNs) ensure strong authentication and encryption of data.

Security Expertise & Oversight

Our service was built by a team with a proven track record in enterprise security. Prior to founding Skyhigh, the team was responsible at Cisco for products that enable customers to administer, enforce, and audit standards-based, consistent access policies across the IT stack. The team delivered the Identity Services Engine, a product that won the coveted Pioneer Award in Cisco and is considered to be a game-changer for Cisco.

Independent Penetration & Vulnerability Testing

While we audit ourselves continually, we remember Richard Feynman’s principle: “You must not fool yourself, and you are the easiest person to fool.” Accordingly, major software releases are heavily audited by Kratos, a 3rd party, at least four times a year.

Free Demo


Cloud Audit

Get Started