U.S. Federal Procurement FAQ

Is Mattermost FedRAMP authorized (High or Moderate)?

Yes. Mattermost is currently FedRAMP High authorized via partner FedHIVE and listed on the FedRAMP Marketplace.

Has it been granted a DoD ATO (Authority to Operate)?

Yes. Mattermost has received a Certificate to Field under Platform One’s Continuous Authority to Operate (CATO).

What IL level (IL4/IL5/IL6) has Mattermost been deployed at?

Mattermost has been deployed in IL4, IL5, and IL6 environments, as well as in JWICS and other classified IC networks.

Are there any export restrictions (e.g., ITAR, EAR) that would limit sharing with foreign partners?

Our software is classified as ECCN 5D002 with License Exception ENC. Additional export compliance details are available. As of July 21, 2025, no export-control limitations affect sharing the Mattermost Professional, Enterprise, or Enterprise Advanced software with foreign entities.

Can external partner users be added under a U.S. license (i.e., shared licensing model)?

Yes. External partners can be added as guest or standard end user accounts. They count towards licensing and are billed at the standard end user rate under the buyer’s subscription.

Does it support FOIA and records compliance (e.g., message retention, audit logs, eDiscovery)?

Yes. Mattermost supports configurable retention policies, audit logs, legal hold, and eDiscovery tools, enabling compliance with FOIA and records management requirements. Full capabilities depend on configuration. Please visit the Compliance page online for more details.

Do you support air-gapped or self-hosted deployments?

Yes. Mattermost can be deployed on-premises, in private clouds, or air-gapped networks, ensuring data sovereignty and control. See the server deployment planning guide for more information.

Is CAC/SAML/LDAP integration available?

Yes. Mattermost supports SAML 2.0 (compatible with Okta, ADFS, OneLogin, Azure AD, PingFederate, etc.), CAC via SAML integration (configuration details may vary), and AD/LDAP integration for centralized identity, user provisioning, and group sync in Enterprise editions.

Can it be used securely on BYOD mobile?

Yes. Mattermost supports mobile security controls like restricting file downloads, screen capture, and external sharing.

Can it be used securely on mobile with MDM controls?

Yes. Mattermost supports mobile device management (MDM) policies, while also including mobile security controls like restricting file downloads, screen capture, and external sharing.

Do you have existing STIGs or documentation to support RMF/ATO efforts?

Yes, available after confirmation of appropriate governmental use. Please contact us.

Are you listed on the GSA?

Yes, you can find more information via Carasoft.

Are there other contract vehicles for purchasing Mattermost for other Federal, State and Local and Educational purposes?

Yes, you can find more information here.

What is the entity name, address and CAGE code for Mattermost, Inc.?

• Entity Name: Mattermost, Inc.

• Address: 2100 Geng Road, Suite 210, Office 243, Palo Alto, CA, 94303, USA

• CAGE Code: 7ZTZ9

What is the entity name, address and CAGE code Mattermost Federal, Inc?

• Entity Name: Mattermost Federal, Inc.

• Address: 1900 Reston Metro Plaza, Suite #613, Reston, VA, 20190-5952, USA

• CAGE Code: 9TG37

What is my question is not answered here?

For any questions you have not answered here, please contact us.