Security Highlights for Hosting with PortlandLabs


  • ISO 27001:2013 and FedRAMP Certified Hosting Environments (see us on the FedRAMP Marketplace!)

  • All data is encrypted at rest. Encryption status is monitored

  • All data is encrypted in transit using 2048/256bit keys and TLS 1.2 or greater security protocols.  HSTS is implemented. 

  • Infrastructure access is restricted to FIPS 140-2 compliant MFA

  • Customer Resources are protected by DNSSEC, traffic monitoring, Web Application Firewalls, DDOS protection, security groups, access control lists (ACLs), load balancers, and intrusion detection.  

  • 24/7 monitoring and alerting 

  • Bug bounty program

  • Monthly Network Vulnerability, Web Vulnerability, and DISA STIG scans

  • Annual Independent Penetration Testing

  • Annual Incident and Disaster Recovery Testing

  • Access for customer  site administrators and editors can be set up to use the customer’s IAM solution, including corporate or government smartcards such as PIV/CAC. 

  • Security and Privacy by design is incorporated into the PortlandLabs System Development Life Cycle

  • Robust, audited Security Program with annual Internal and external audits and quarterly access reviews also incorporates the following programs:

    • Risk Management, 

    • Incident Management, 

    • Continuous Monitoring,

    • Contingency Management (BCDR)


Securing your sites is a shared responsibility.  

When we host your site, we protect the confidentiality, integrity and availability of the data used in Liberta Server - concrete5.    You have to do your part and make sure that you use Liberta Server, use concrete5 (or another CMS) and design your sites in accordance with your company's security policies and with any regulations you have to adhere to. We are here to help you make your sites compliant.