I’m a long time Asana user - I have recently joined a DoD contractor that is subject to NIST SP 800-171
Are there any organizations out there where you are subject to NIST SP 800-171 and able to use asana without restrictions?
My reach out to Asana directly was less than helpful
We are not DFARS compliant at this time, but we are confident and proud of what we do to protect our customer’s data and, as such, have taken measures to make sure every customer has the information they need to determine exactly how Asana can be trusted. You can find the documents mentioned below in our trust.asana.com page.
To that end, we are sharing our SOC 3 report , which is a summary of our SOC 2 Type II certification produced by 3rd Party auditing firm, The Cadence Group. That document details the scope of their audit and their findings as they measured Asana practices and policies against the SOC 2 Type II criteria. The most important part of that report is that we have been affirmatively certified against those requirements. Additionally, we are sharing our ISO 27001 Compliance Certification. The Cadence Group has assessed Asana’s conformity with the defined requirements of the standard in regards to its Information Security Management Systems.