GoAnywhere MFT: regulations and certifications 


The GoAnywhere Managed File Transfer solution has several recognised certifications attesting to the software’s compliance with numerous controls, standards and regulations.  

GoAnywhere MFT software is regularly tested for interoperability with the most popular enterprise operating systems and web browsers. 

AS2 and AS4 Drummond Certified 

AS2 remains one of the most widely adopted messaging standards in the world. Retailers, goods manufacturers, insurance companies, financial services, industry and government agencies have adopted AS2 to protect critical business information worth billions of dollars each year.  

Drummond certified products demonstrate to potential partners, customers and competitors that AS2, AS4 or ebXML solutions are compliant with industry standards and interoperable with other certified software solutions. Drummond’s certification program for AS2, AS4 and ebMS has been testing and certifying software solutions for over 20 years. 



Type 2 SOC 2 Assessment 

SOC (System and Organization Controls – formerly Service Organization Controls) audits provide an independent assessment of the risks associated with the use of service organizations and other third parties.  

They are essential to regulatory oversight, supplier management programmes, internal governance and risk management. 

A Service Organization Control (SOC 2) audit report provides detailed information and assurance on a service organization’s security, availability, processing integrity and confidentiality controls, based on its compliance with the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria (TSC).  

SOC 2 audits are an important part of regulatory oversight, vendor management programmes, internal governance and risk management. 


Microsoft Azure 

Azure Marketplace is an online shop offering applications and services designed to integrate with Microsoft Azure. By obtaining a listing on the Marketplace, Microsoft has recognised that GoAnywhere MFT software is certified and optimised to run on Azure.  

The Microsoft Azure Cloud Platform allows users to run Windows or Linux on virtual machines in the Cloud. Azure users can also use Windows SQL Server. GoAnywhere’s Azure FTPS server solution can help you ensure that your data is safe from vulnerabilities. 


Common Criteria 

The National Information Assurance Partnership (NIAP) is responsible for implementing Common Criteria in the United States, including managing NIAP’s validation body, the Common Criteria Evaluation and Validation Scheme (CCEVS).  NIAP is managing a national programme to develop protection profiles, evaluation methodologies and policies that will ensure that requirements are achievable, repeatable and testable.  In partnership with NIST, NIAP also approves Common Criteria testing laboratories to conduct these security assessments in private sector operations across the United States. 

The Common Criteria for Information Technology Security (CC) are the technical basis of an international agreement, the Common Criteria Recognition Arrangement (CCRA), which guarantees that : 

– Products can be assessed by accredited, competent and independent laboratories to determine whether they meet particular safety properties to a certain extent or with a certain level of assurance.   

– Supporting documents are used as part of the common criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies.   

– Certification of the security properties of an evaluated product can be issued by a number of Certificate Authorizing Schemes, based on the result of their evaluation.   

– These certificates are recognised by all ARCC signatories.



In addition to these certifications, GoAnywhere has a number of partnerships with IBM, Oracle, AWS, Docker Hub, Red Ha, Open PGP Alliance, RSA, Microsoft, etc., and complies with many global standards and regulations. The software therefore meets government requirements in terms of security and data protection. 

Here are three examples of well-known European laws and standards. 


PCI DSS standards and resources help protect the people, processes and technologies in the payments ecosystem to secure payments worldwide by : 

  •  Managing global payment security standards  
  • Validating and listing products and solutions that meet the standards and requirements of the PCI SSC programme  
  • Training, testing and qualifying security professionals and organisations  
  • Providing free resources on best practice and payment security 

Our publisher and partner Fortra participates in the Payment Card Industry Security Standards Council (PCI SSC). As a member, Fortra provides training and reviews of new and existing standards. 

PCI DSS is the Payment Card Industry’s Data Security Standard, created to strengthen controls over sensitive cardholder data and reduce fraud. It applies to any organisation that processes credit or debit cards. Although compliance with the PCI DSS has been shown to protect companies against data breaches, there is no guarantee that it will be implemented. 

Here are some PCI-compliant file transfer requirements:  

The PCI DSS standard currently includes 12 main requirements and over 200 sub-requirements. The main concerns of the standard are as follows:  

  • Encryption of data in transit and at rest 
  • Controlling access to cardholder data  
  • Maintaining secure systems and networks. 


The General Data Protection Regulation 

The GDPR is a regulation designed to strengthen the protection of personal data within the European Union.  

All public and private companies operating in Europe or holding personal data on individuals or companies in the EU are affected. 

This is where the MFT comes in. It enables :   

  • Secure the transmission of personal data through encryption 
  • Perform integrity checks on successful file transfers to protect data accuracy  
  • Demonstrate GDPR compliance with detailed audit trails and reports on each file transfer

ISO 27001 

“This standard, the world’s best-known for information security management, helps organisations secure their information assets, which is vital in an increasingly digitised world. 

To meet these cybersecurity challenges, organisations need to strengthen their resilience and implement efforts to mitigate cyberthreats. ISO/IEC 27001 is useful at a number of levels, including to:  

  • Securing information in all its forms, including paper, cloud-hosted and digital data  
  • Increasing resistance to cyberattacks   
  • Providing a centrally managed framework that secures all information in one place   
  • Provide enterprise-wide protection, particularly against technology risks and other threats  
  • Respond to evolving security threats   
  • Reduce costs and expenditure on ineffective defence technologies  
  • Protect data integrity, confidentiality and availability”. 

Do you have specific requirements or risks to consider ? Find out how GoAnywhere can help you with your compliance efforts. 

  • HIPAA  
  • CIS  
  • FISMA & NIST (800-53r4, CSF, PS 800-37r2 RMF)  
  • ISO 27001 & 27002  
  • SOC 2  
  • SOX  
  • Australia’s CDR  
  • Canadian Consumer Privacy Protection Act  
  • California Consumer Privacy Act  
  • PIPEDA  
  • Singapore’s PDPA  





événement client

Tech Coffee Break ☕ - Jeudi 16 novembre de 10:15 à 10:35

Découvrez toutes nos nouveautés IT en exclusivité !

Meet us in Sweden

Join us on May 22 and 23 at the Stockholm Tech Show, stand L:13.


Interested in attending conferences during the event? Ask for one of our free passes* and save 450€.