Trusted by Global Enterprises
Built for government. Without the trade-offs.
Most pre-authorized platforms force agencies to choose between compliance and customization. Liferay removes that trade-off — with a security foundation verified today and a defined H2 2026 roadmap for the full Government Rapid Authorization capability.
Liferay is built to meet and exceed the security standards that federal mandates require — with the flexibility to build exactly what your agency’s mission demands. GovReady gives agencies a proven path to ATO on their own terms: the certifications, compliance tooling, and platform flexibility to deploy what their mission actually requires.
Security foundation
SOC 2 Type 2, ISO 27001/27017/27018, ISO 42001, HIPAA readiness, CSA STAR Level 1 & 2, and Zero Trust support — all current, all independently verified. This is the foundation agencies use to begin their ATO process today.
Modular authorization
Authorize the Liferay DXP base platform once. Individual citizen-facing solutions or employee portals are authorized independently, each inheriting the core platform's security controls. Each subsequent service requires only delta assessment — no starting from scratch.
FIPS 140-3 ready
Liferay DXP binaries will be pre-configured to utilize FIPS 140-3 validated cryptographic modules, ensuring data at rest and in transit meet the current mandatory federal standard — the successor to the sunsetted FIPS 140-2.
The FIPS 140-3 validation is held by the cryptographic modules — not by Liferay DXP itself. Consistent with how major enterprise software delivers FIPS-compliant deployments.
OSCAL compatibility
Machine-readable security controls agencies can ingest directly into GRC tools like Telos Xacta and GovReady — replacing the manual SSP process with immediately actionable evidence. Built on NIST 800-53, covering both FedRAMP and GovRAMP.
FIPS 140-3 readiness and OSCAL compatibility arrive together in H2 2026 as Liferay's full Government Rapid Authorization capability.
Pre-configured authorization
-
Vendor controls the timeline — delays are outside your agency's control
-
Pre-authorized deployments can't be customized without breaking the authorization boundary
-
Every new service requires a full authorization cycle from scratch
-
FedRAMP 20x is evolving — GovReady is built on stable NIST 800-53 and OSCAL foundations that align with the program's direction
Liferay GovReady approach
-
Your agency achieves its own ATO — on your schedule, for your mission
-
Full customization preserved: portals, intranets, and integrations built as needed
-
Authorize once — each subsequent solution inherits core security controls, delta assessment only
-
Built on stable NIST 800-53 — independent of any single program's timeline
| Status | Certification / Milestone | Description |
|---|---|---|
| Current | SOC 2 Type 2 | Annual independent third-party audit of security, availability, and confidentiality controls |
| Current | ISO/IEC 27001, 27017, 27018 | Information security management, cloud security, and cloud data privacy certifications |
| Current | ISO 42001 | AI management certification supporting responsible AI use in government contexts |
| Current | HIPAA readiness | Platform meets HIPAA requirements for health data handling |
| Current | CSA STAR Level 1 & 2 | Cloud Security Alliance membership with active STAR assessments |
| Current | Zero Trust support | MFA, RBAC, audit logging, SSO, and continuous monitoring |
| H2 2026 | FIPS 140-3 ready | DXP binaries pre-configured to utilize FIPS 140-3 validated cryptographic modules — current federal standard, successor to sunsetted FIPS 140-2 |
| H2 2026 | OSCAL compatibility | Machine-readable security controls for direct GRC tool ingestion — built on NIST 800-53, covers FedRAMP and GovRAMP |
| Pursuing | GSA Multiple Award Schedule | Actively pursuing MAS listing to streamline federal and state procurement — expected late 2026 / Q1 2027. Contact the government solutions team for procurement guidance. |
Liferay's out-of-the-box capabilities provided nearly all the features required to support the city.
The ease with which Liferay works in the AWS environment and its system-friendly design has been a great help to us.
Capability
Liferay DXP
SharePoint
Still Evaluating Your Options?
Talk to our experts to determine the right platform based on your architecture and use cases.
Why Enterprises Choose Liferay DXP Over SharePoint
Organizations often need more than internal collaboration. They need a platform that supports integrated, scalable digital experiences across multiple audiences.
Lorem ipsum dolor sit amet.
Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Use Case Comparison: Where Each Platform Fits Best
Go Beyond Document Management
Support customer, partner, and employee experiences from one platform.
Reduce Complexity
Core capabilities such as integration, workflow, and personalization are built in. No need to rely on multiple tools.
Deploy on Your Terms
Choose SaaS, PaaS, Cloud-Native , or self-hosted deployments based on your requirements.
Built for Enterprise Scale
Manage multiple sites, audiences, and systems without increasing complexity.
Škoda Auto: Powering a Personalized Intranet for 40,000 Employees
Škoda Auto needed to replace a complex, costly intranet with a scalable platform capable of supporting diverse user needs and integrating hundreds of systems.
Not Sure Which Platform is Right for You?
Every organization is different. Some need simple collaboration. Others need integrated digital experiences across multiple systems and audiences.
We can help you evaluate the right approach based on your architecture and goals.
-
Evaluate whether your needs go beyond document management and intranets
-
Identify integration gaps across your current systems
-
Compare scalability, governance, and long-term flexibility
-
Get expert guidance tailored to your architecture and use cases
What agencies ask us.
GovReady gives agencies a verified, flexible path to ATO that meets the same security standards as the leading federal frameworks. Liferay’s current certification stack gives your security team an independently verified foundation to begin the ATO process today. In H2 2026, FIPS 140-3 readiness and OSCAL-compatible documentation complete the full Government Rapid Authorization capability. Our modular authorization architecture means you authorize the platform once and launch individual solutions independently from there.
Both are confirmed on our H2 2026 roadmap — arriving together as Liferay’s full Government Rapid Authorization capability. On FIPS: Liferay DXP will be pre-configured to utilize FIPS 140-3 validated cryptographic modules. The CMVP validation is held by the modules, not Liferay DXP itself. On OSCAL: agencies will be able to ingest Liferay’s security posture directly into GRC tools like Telos Xacta and GovReady, replacing the manual SSP process with machine-readable evidence built on NIST 800-53. Government procurement cycles typically run 12–18 months — agencies evaluating today will have both when they need them.
Yes. GovRAMP uses the same NIST 800-53 framework as FedRAMP. Liferay’s OSCAL documentation — arriving H2 2026 — is built on these universal controls, meaning the same evidence package will apply directly to GovRAMP High and Moderate requirements. One package, both frameworks covered.
Liferay’s modular authorization architecture is built for exactly this. Agencies authorize the base Liferay DXP platform once, and each individual solution — a grant portal, a benefits eligibility tool, an employee intranet — is authorized independently, inheriting the core platform’s security controls. Each subsequent service only requires assessment for its specific unique additions. No starting from scratch each time.
Agencies can engage through the Liferay government solutions team, who can advise on procurement vehicles and commercial structuring. Visit liferay.com/contact-sales to connect with the team. Liferay is also actively pursuing GSA Multiple Award Schedule listing — expected later in 2026 — which will further streamline procurement when confirmed.
Because the foundation agencies need to begin their ATO process is available today. Liferay’s current certification stack — SOC 2 Type 2, ISO 27001 family, ISO 42001, HIPAA readiness, CSA STAR Level 1 & 2, and Zero Trust support — provides independently verified security posture that agencies can build their ATO process on right now. The modular authorization architecture is also available today. FIPS 140-3 readiness and OSCAL compatibility complete the evidence chain, and both arrive in H2 2026 — on the timeline most procurement cycles close. Agencies that engage now will have everything they need by the time they are ready to deploy.
Two capabilities. First, FIPS 140-3 readiness: Liferay DXP binaries will be pre-configured to utilize FIPS 140-3 validated cryptographic modules. The FIPS 140-3 validation will be held by the cryptographic modules themselves — not by Liferay DXP — consistent with how major enterprise software delivers FIPS-compliant deployments. Second, OSCAL compatibility: agencies will be able to ingest Liferay’s security posture directly into GRC tools like Telos Xacta and GovReady, built on NIST 800-53 and covering both FedRAMP and GovRAMP requirements.
GovReady is built on the same NIST 800-53 foundation that underpins FedRAMP — and by H2 2026, will include OSCAL-compatible documentation that covers both FedRAMP and GovRAMP requirements. Liferay DXP is a highly flexible platform designed to be customized to meet specific mission needs. GovReady gives agencies the security rigor of the leading federal standards, with the deployment flexibility to shape the platform to their exact requirements and obtain their own ATO efficiently.
