Is uploading and downloading files to and from Dropbox NIST compliant?

osiabanis

Hi there, 

 

We are exploring the option of collaborating through Dropbox with our client. They have the requirement that the tool we use is NIST compliant. I saw on your website that Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES), which is NIST compliant. On the other hand, Dropbox files in transit use Secure Sockets Layer (SSL)/Transport Layer Security (TLS), and your SSL/TSL servers create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption, which is also NIST compliant (but some versions of SSL/TLS are not). Can you help me understand if uploading and downloading files to and from Dropbox is NIST compliant? 

 

Thanks! Your help is much appreciated.

Ourania

Hannah

Hey @osiabanis, thanks for taking the time to post here.

 

Dropbox is NIST 800-171 compliant, which means it should cover (or even exceed) the practical requirements customers have. 

 

The NIST SP 800-171 R2 report for Dropbox Standard, Advanced, Enterprise and Education is integrated into the SOC 2 report, which is available upon request through our sales team or (for existing Dropbox Team customers) support.

 

Note: Dropbox Paper is not included in the scope of the NIST SP 800-171 R2 report. 

 

Thanks!