Helping Federal Agencies Meet Executive Order Requirements with Verkada
Jon Andersen
Deputy Chief Information Security Officer, Federal
Modern, Cloud-Based Physical Security to Support Executive Order Requirements
Cloud technology is transforming how federal agencies approach physical security. A growing trend in Executive Orders from the White House and the Office of Management and Budget (OMB) emphasize secure, cloud-based solutions built on Zero Trust principles and proactive threat mitigation. These priorities reflect a broader shift across government: legacy systems can no longer keep up with the speed, complexity, and regulatory demands of today’s evolving risk environment.
Verkada helps government organizations meet these expectations with an integrated platform designed to operate smarter, safer, and more resilient buildings—built on five core pillars: Security, Privacy, Availability, Reliability, and Governance, Risk, and Compliance (GRC).
Security: Built on Zero Trust and Defense-in-Depth
Verkada applies a Zero Trust approach to cloud-managed IoT—assuming no user, device, or network is inherently trusted. Every layer of our platform is secured with least-privilege role-based access controls, time-bound customer consent for support access, and TLS 1.2+ encryption across all communications.
We minimize the attack surface through:
Hardened firmware and minimized OS builds
Outbound-only network calls to secure API gateways
Separation of product and corporate identity providers, each with MFA and hardware token requirements
Our automation-first security program uses configuration-as-code and policy-as-code to enforce consistent controls and apply patches automatically. Continuous monitoring and third-party security assessments—including a public bug bounty program—help ensure risks are detected and mitigated early.
Privacy: Customer-Controlled, Transparent by Design
Privacy is central to Verkada’s product development. We’ve designed our systems to give customers full ownership and control over the data they generate. That means:
Customers retain control over their data: they determine how long footage is stored, who can access it, and how it’s shared.
Role-based permissions and detailed audit logs support accountability
Features like People Analytics are off by default—enabling agencies to align settings with internal privacy policies.
We don’t sell customer data generated from using our products. We don’t use it to train models without consent. Rather, we support tools like Privacy Regions and Public Security & Privacy Disclosures to help organizations demonstrate how and where security features are being used.
Cloud-Native Infrastructure
Verkada’s platform is built to be available when agencies need it most. We commit to 99.99% uptime each month and back it with real-time system visibility at status.verkada.com.
With edge-based storage and automatic cloud backups, customers retain access to critical data even during network interruptions. For Verkada’s government-grade solutions, US government customers opt to run Command in AWS GovCloud for added security, scalability, and control—supporting high-security deployments across the federal landscape.
Reliability: Resilient by Design
To meet the demands of mission-critical environments, Verkada incorporates built-in redundancy, disaster recovery, and high durability through AWS S3. Our platform dynamically acquires resources to maintain service during unexpected events, with automated change management and failover protocols that prioritize continuity.
We also maintain business continuity and incident response plans—reviewed and tested annually—to minimize disruption and support rapid recovery in the event of a service issue or security event.
Supporting Governance, Risk, and Compliance (GRC)
Verkada’s security posture is grounded in strong internal governance and verified through regular third-party audits. Our compliance framework helps agencies align with federal mandates while streamlining procurement and accreditation workflows.
We support a wide range of certifications and standards, including:
FedRAMP In Process (Moderate Impact Level)
TAA and FY2019 NDAA Compliance
TX-RAMP Provisional Certification
GovRAMP (In Process)
SOC 2 Type 2, ISO 27001, 27017, 27018
Verkada products can help support an organization’s regulatory compliance efforts, for example, across healthcare (HIPAA) and privacy (GDPR, U.S. state privacy laws). Our visitor management system, Verkada Guest, is part of Command in GovCloud and offers integrated video security to streamline check-ins and strengthen oversight.
Supporting Mission-Driven Physical Security at Scale
Whether deployed at a courthouse, airbase, hospital, or remote energy site, Verkada enables proactive, real-time security monitoring with:
AI at the Edge deployments using Starlink, solar, and LTE connectivity
AI-powered analytics like license plate recognition and POI search
Native mobile access and low bandwidth utilization (20–50 Kbps per camera)
Real-time alerts and live link sharing for rapid collaboration with responders
From perimeter detection to audit-ready access logs, Verkada helps agencies modernize physical security without compromising compliance or usability.
Procurement-Ready for Federal, State, Local, and Education (SLED) Agencies
Verkada’s government-grade solutions are available through procurement channels including:
GSA Schedule
Carahsoft
NASA SEWP V
ITES-SW2
Socio-economic partner vehicles - SDVOSB, SBA 8(a), Alaska Native Corporations (ANCs), HUBZone, SBA Women Owned Small Business, OTA, TACFI, and DLA SOE TLS
OMNIA Partners (state & local)
We proudly serve federal agency customers across defense, energy, and administrative sectors.
Ready to Modernize?
Verkada’s platform empowers federal organizations to protect people, facilities, and operations—while staying aligned with evolving mandates. Backed by strong foundations in security, privacy, and compliance, our team is ready to support your mission.
Contact [email protected] to explore our government-grade solutions and procurement options.