Skip to main content
MYID Self Verify
Platform Manage Protect Autopilot Analytics Compliance Contact Support
Support Book a Demo
Trust with evidence

Compliance support without badge theater.

MYID is designed with recognized security, privacy, and application assurance frameworks in mind. The standards and laws on this page guide assessment, control design, and customer deployment planning. Their inclusion does not mean MYID is certified, authorized, endorsed, or universally compliant.

Claim boundary
Applicability depends on the customer, data, configuration, operating environment, contracts, provider permissions, and supporting policies. MYID does not currently claim an independent SOC 2 report, ISO 27001 certificate, FedRAMP authorization, FIPS product validation, HIPAA certification, CJIS approval, or universal compliance with any law listed here.

How the claims are organized.

Assessment reference

Control and risk frameworks

NIST CSF, NIST SP 800 53, CIS Controls, OWASP ASVS, and OWASP MASVS inform control assessment and technical verification planning.

Customer assessment

Regulated deployments

HIPAA, Virginia SEC530, privacy laws, FERPA, GLBA, and CJIS require a customer and data specific review before a deployment claim is approved.

Independent objective

External assurance

SOC 2, ISO 27001, and FIPS validation require independent evidence or a validated module and operating environment. They are objectives, not current badges.

Framework references

Security and application assurance references

These sources help organize risk, controls, testing, and evidence. A completed control mapping is supplied only when it has been assessed for the specific release and deployment.

ReferenceCurrent MYID positionOfficial source
NIST Cybersecurity Framework 2.0 Used as a security risk and program assessment reference. No NIST certification or endorsement is claimed. NIST CSF
NIST SP 800 53 Revision 5 Included in the control mapping roadmap. Selected controls may be mapped only after evidence review. NIST control catalog
CIS Controls Version 8 Used as an operational safeguard assessment reference. No implementation group status is claimed. CIS Controls
OWASP ASVS Selected web and API security requirements can inform release testing. No OWASP verification level is claimed. OWASP ASVS
OWASP MASVS Selected mobile security requirements can inform iOS and Android verification. No OWASP certification is claimed. OWASP MASVS
Regulatory support

Customer and deployment specific assessment

MYID can provide identity, access, audit, response, and privacy capabilities that are relevant to these obligations. The product alone cannot make an organization compliant.

Law or standardSafe current positionOfficial source
HIPAA Security Rule Identity, authentication, audit, and security response capabilities may support applicable safeguards. A healthcare deployment is not approved for electronic protected health information until scope, risk analysis, safeguards, subprocessors, and required contract terms are complete. HHS Security Rule
Virginia SEC530 Available for customer specific control mapping against applicable Commonwealth requirements. VITA approval or blanket SEC530 compliance is not claimed. VITA SEC530
Virginia Consumer Data Protection Act Privacy practices and processor support are assessed where the law applies. Employee and commercial context exclusions must be evaluated before making a claim. Virginia law
General Data Protection Regulation Applicable deployments require documented roles, lawful instructions, rights handling, retention, deletion, security evidence, subprocessors, and a lawful transfer mechanism. Official GDPR text
California CCPA and CPRA Applicable privacy duties are assessed for qualifying businesses and processing. MYID does not sell personal information or use advertising trackers on this site. California privacy rules
FERPA Education deployments require school direction, authorized use, direct control, use limits, retention, and destruction terms. Education Department overview
Gramm Leach Bliley Safeguards Rule Identity, access, audit, and response capabilities may support a financial institution safeguards program. Service provider oversight and contract requirements remain customer responsibilities. FTC Safeguards Rule
FBI CJIS Security Policy Readiness must be assessed with the customer and its CJIS Systems Agency for any criminal justice information deployment. FBI approval or CJIS certification is not claimed. FBI CJIS policy
Independent assurance

Objectives that require external evidence

ObjectiveCurrent MYID positionOfficial source
SOC 2 The AICPA Trust Services Criteria can inform readiness work. MYID does not claim a Type I or Type II report unless an executed examination produces one. AICPA SOC information
ISO IEC 27001 Information security management alignment is an objective. No organizational certificate is currently claimed on this page. ISO standard overview
FIPS 140 3 Validation applies to a specific cryptographic module, version, environment, and approved mode. MYID does not claim product validation merely because standard encryption is used. NIST FIPS 140 3
Evidence available for review

What a customer assessment can examine

Product and release evidence

  • Architecture and data flow documentation
  • Tenant configuration and capability controls
  • Release test results and readiness checklist
  • Dependency and security scan results when available
  • Performance test and mobile telemetry summaries

Security and privacy evidence

  • W7 audit structure and capture completeness metadata
  • Secret redaction and protected logging rules
  • Data Processing Agreement and subprocessor schedule
  • Retention and deletion configuration for the deployment
  • Customer specific control mapping under appropriate confidentiality terms
Independent review is encouraged. Customers should test MYID in a representative nonproduction environment, validate every enabled identity action, review audit output, confirm provider permissions, and obtain their own legal and compliance advice before production approval.
Request a Compliance Review Security Disclosure Data Processing Agreement
MYID Self Verify

Mobile identity operations, user guided security response, tenant controls, truthful synchronization, and measurable performance around the systems your organization already owns.

mail public

Product

  • Platform
  • Manage
  • Protect
  • Autopilot
  • Analytics
  • Mobile App
  • Enterprise MFA
  • IBM Verify
  • Pricing

Trust

  • Security
  • Compliance
  • Data Processing
  • Subprocessors
  • Accessibility
  • Legal Center

Support

  • Support Center
  • Employee Guide
  • Administrator Guide
  • How Data Is Used
  • Privacy Request
  • Account Deletion
  • Contact Us

Company

  • Customer Results
  • SPS, Inc.
  • General Contact
  • Security Contact
  • Privacy Contact
© 2026 Software Productivity Strategists, Inc. MYID Self Verify is an SPS product.
Privacy Terms Cookies Cookie choices
Your analytics choice

We use optional first party analytics to understand when people visit, where they came from, which pages they use, and the general device category. We do not use advertising trackers or sell this information. Read our Cookie Notice.