XQ Message Comprehensive FAQ

General Company Information

What is XQ Message?

XQ is a US-based cybersecurity company that provides Zero Trust Data Governance solutions. The company secures sensitive data with Zero Trust technology, making encryption, access control, and auditability portable and persistent across cloud, edge, and hybrid systems.

What is XQ's mission?

XQ's mission is to safeguard data everywhere, empowering businesses to drive agility and innovation while protecting their reputation, customer trust, and compliance. They aim to make data self-defending across all environments while simplifying compliance and reducing risk.

What are XQ's core values?

  • Making Data Security Easier: XQ's platform simplifies the job of protecting data

  • Automate Governance: XQ automates understanding what data an organization has and who can access it

What is XQ's vision?

XQ envisions a world where businesses can innovate without compromising security, powered by a platform that enables real-time data classification and protection.

Zero Trust Data Platform

What is Zero Trust Data?

Zero Trust Data is XQ's approach to data security that assumes no implicit trust and continuously validates every transaction. It unifies security and compliance across environments with the ability to switch data access on and off remotely with a "control leash" to automatically stop cyber attacks and provide compliance.

What are the main components of XQ's platform?

  • Data Access Governance (DAG): Real-time data governance controls

  • Sovereign Data Access Control (DAC): Record-level and geo-access controls

  • Sensitive Data Discovery & Traceability: Secure chain of custody monitoring

  • Data Loss Prevention (DLP): Control leash enforced by zero trust data encryption

What environments does XQ protect?

XQ protects data across:

  • Cloud environments

  • Edge systems

  • Hybrid infrastructures

  • Email systems

  • Databases

  • File sharing platforms

  • VPN replacement solutions

Key Features and Capabilities

What is Data Rights Management?

XQ provides Data Rights Management at the record level everywhere data goes, with 74% improvement in data control capabilities through attribute-based tagging, role-based access control, encryption, and geo-restriction in one unified platform.

How does XQ's encryption work?

XQ uses zero knowledge encryption where even cloud-managed services cannot access data secured by XQ. Local key custodians within each jurisdiction enforce geofenced access, ensuring sensitive data is only available within authorized regions.

What is Attribute-Based Access Control (ABAC)?

Attribute-Based Access Control (ABAC) determines access to data based on the contents , tags, classification and environment of the data itself. ABAC and Data Rights Management at the record level helps maintain Context-Based Access Control and Compliance, providing traceability and secure chain of custody from the source.

What is XQ's "control leash"?

The control leash is XQ's remote enforcement capability that allows organizations to switch data access on and off remotely, automatically stopping cyber attacks and ensuring compliance through zero knowledge encryption and policies for each individual data object.

Compliance and Regulations

What compliance standards does XQ support?

  • CMMC (Cybersecurity Maturity Model Certification)

  • GDPR (General Data Protection Regulation)

  • HIPAA (Health Insurance Portability and Accountability Act)

  • FINRA (Financial Industry Regulatory Authority)

  • ITAR (International Traffic in Arms Regulations)

  • IEC 62443 (Industrial cybersecurity standards)

How does XQ help with CMMC certification?

XQ enables CMMC certification without requiring organizations to move to GCC High (Government Community Cloud High). The platform provides the necessary data protection and compliance controls while maintaining flexibility in cloud deployment.

How does XQ ensure GDPR compliance?

XQ prevents GDPR infractions and fines by:

  • Restricting all 3rd party data access and exfiltration to non-GDPR compliant regions

  • Enabling clients to encrypt all cloud data while storing keys within on-premises European infrastructure

  • Ensuring data cannot be accessed by US authorities via subpoena without client knowledge and consent

  • Leveraging global data localization requirements per the SHREMS II ruling

What is XQ's approach to data sovereignty?

XQ provides cloud-managed services that cannot access secured data, with local key custodians within each jurisdiction enforcing geofenced access. This ensures sensitive data remains only within authorized regions and prevents unauthorized international data transfers.

AWS Partnership

What is XQ's relationship with AWS?

XQ is part of AWS's Zero Trust for Government Partnership. The solution aligns to the NIST Zero Trust Framework with XQ fulfilling the Zero Trust Data component specifically for government applications.

Use Cases and Solutions

What industries does XQ serve?

  • Government and Defense

  • Healthcare (HIPAA compliance)

  • Financial Services (FINRA compliance)

  • Industrial/Manufacturing (IEC 62443)

  • Any organization requiring GDPR compliance

How does XQ protect against ransomware?

XQ protects files from ransomware extortion through its Zero Trust Data Security approach, preventing insider threat data exfiltration and stopping what they call the "Snowden Effect" of unauthorized data access. By separating data and network control XQ allows for remote access control of data. This remote access control allows exfiltrated data tyo be turned into 'digital dust', removing the attackers ability to extort the victim.

How does XQ enhance Microsoft Purview?

Integrating XQ's Zero Trust Data Platform significantly enhances Microsoft Purview's capabilities by adding advanced data protection, encryption, and access control features.

What is the XQ Vault solution?

XQ Vault is a quantum-resistant file storage solution that works with S3 and Azure Blob storage, providing enhanced security for data analytics, particularly in government and defense applications.

Technical Resources and Support

Where can I find technical support?

For technical issues and general inquiries, visit the XQ Help Center.

Where is the management portal?

The XQ Zero Trust Data Protection Platform management portal is available at https://manage.xqmsg.com/.

Where can I find the community forum?

XQ maintains a community forum at https://docs.xqmsg.com/ for user discussions and support.

Blog and Resources

What topics does XQ cover in their blog?

Recent blog articles cover:

  • Data Sovereignty Governance for Secure Cloud Adoption

  • How Zero Trust Data Meets IEC 62443 Regulations

  • Ransomware Protection and Zero Trust Data Security

  • Enhancing Microsoft Purview with XQ's Platform

  • AI Analytics for Government & Defense

  • Industrial Security and the Purdue Model

  • Cybersecurity Gap Analysis in Data Protection

  • Creating Zero Trust Data Privacy and Security Programs

Where can I access XQ's blog?

The XQ blog is available at https://xqmsg.co/xq-blog.

Contact and Social Media

How can I contact XQ?

What can I learn during a contact inquiry?

When contacting XQ, you can:

  • Learn how to protect your data, team, and customers

  • Get pricing information

  • Explore use cases specific to your industry

Platform Integration and Deployment

What cloud platforms does XQ integrate with?

  • AWS (with special Zero Trust Government Partnership)

  • Microsoft Azure (including Azure Blob storage)

  • Amazon S3 storage

Can XQ replace existing security solutions?

XQ can serve as a VPN replacement and enhance existing security infrastructure rather than requiring complete replacement. It integrates with existing systems to add Zero Trust Data capabilities.

Is XQ quantum-resistant?

Yes, XQ offers quantum-resistant encryption capabilities, particularly in their Vault solution for long-term data protection.

Data Protection Capabilities

What types of data can XQ protect?

  • Email communications

  • File sharing and storage

  • Database records

  • Form data

  • Cloud storage contents

  • Any digital data asset across hybrid environments

How does XQ monitor data usage?

XQ provides:

  • Real-time monitoring of data access and movement

  • Secure chain of custody tracking

  • Data provenance and residency reporting

  • Compliance reporting across all environments

What makes XQ's approach unique?

XQ's unique differentiators include:

  • Record-level data rights management

  • Geographic access controls (geo-fencing)

  • Remote data access control ("control leash")

  • Zero knowledge encryption where even cloud providers cannot access data

  • Unified platform combining multiple security and compliance functions

What is XQ?

XQ is a data‑centric Zero Trust security and governance platform that protects sensitive data at the data layer itself—independent of network location, application, cloud provider, or endpoint. XQ enforces encryption, access control, policy, and audit directly on the data, ensuring that data remains protected even when it moves, is shared, or is stored across untrusted environments.

Unlike perimeter‑based or identity‑only security models, XQ assumes breach and enforces continuous, policy‑driven control over data access and use.

What problem does XQ solve?

Organizations struggle to securely share and govern sensitive data across:

  • Multi‑cloud and hybrid environments

  • Third‑party vendors and contractors

  • BYOD and unmanaged devices

  • Disconnected, edge, and tactical environments

  • AI, analytics, and data fabric architectures

Traditional tools (DLP, IAM, CASB, network segmentation) do not travel with the data. Once data leaves a trusted boundary, security and governance are lost.

XQ solves this by making the data itself the control plane.

How is XQ different from encryption at rest or in transit?

Standard encryption protects data only:

  • At rest (storage‑level encryption)

  • In transit (TLS)

Once decrypted for use, data is exposed.

XQ provides persistent, object‑level encryption with:

  • Externalized key management

  • Policy‑based decryption

  • Continuous access validation

  • Real‑time revocation

Data remains encrypted before, during, and after use, and access is granted only when policy conditions are met.

What is Zero Trust Data Security?

Zero Trust Data Security applies Zero Trust principles directly to data:

  • Never trust implicit access

  • Always verify context and policy

  • Enforce least privilege at the data layer

  • Assume breach at all times

XQ operationalizes the DoD Zero Trust Data Pillar by enforcing security, governance, and audit at the data object level rather than relying on perimeter controls.

How does XQ protect databases?

XQ provides Zero Trust, data-layer protection for structured data and databases, enforcing security directly on database records, tables, or objects rather than relying solely on perimeter controls, network segmentation, or database-native security features.

Key database protection capabilities include:

Persistent Encryption at the Data Layer

  • Data is encrypted before being written to the database

  • Encryption persists outside the database engine

  • Stolen backups, replicas, or exports remain unreadable

Externalized Key Management

  • Encryption keys are never stored with the data

  • Customer-controlled or sovereign key stores

  • Immediate access revocation without data migration

Policy-Based Access Control

  • Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC)

  • Policies enforced at query, record, or object level

  • Context-aware decisions (user, role, purpose, location, device, mission)

Zero Trust for Analytics and Queries

  • No implicit trust for applications, users, or services

  • Continuous validation for every access request

  • Works with analytics engines, data warehouses, and BI tools

Protection Across Database Types

XQ supports database protection for:

  • Relational databases (PostgreSQL, MySQL, SQL Server, Oracle)

  • Cloud-native databases and warehouses

  • Distributed and federated data architectures

  • Data fabrics and data mesh environments

Compliance-Ready Database Security

XQ helps organizations meet database-related compliance requirements including:

  • NIST 800-53 / 800-171 controls for data protection

  • DoD Zero Trust Data Pillar requirements

  • HIPAA safeguards for PHI

  • GDPR data minimization and access control

  • PCI DSS protection of cardholder data

Secure Database Sharing and Replication

  • Safe sharing with third parties and contractors

  • Controlled access to replicas and read-only datasets

  • Protection for cross-border and multi-cloud deployments

By enforcing security at the data object level, XQ ensures databases remain protected even when credentials are compromised, perimeter defenses fail, or data is copied outside approved systems.

What industries use XQ?

XQ supports highly regulated and data‑sensitive industries, including:

Government & Defense

  • Controlled Unclassified Information (CUI)

  • Classified and coalition data sharing

  • Disconnected and tactical environments

  • DoD Zero Trust Architecture alignment

  • IL4/IL5/IL6 cloud environments

Healthcare & Life Sciences

  • HIPAA and HITECH compliance

  • Patient data sharing across providers

  • Secure research collaboration

  • Genomics and medical device data protection

  • Right to Be Forgotten enforcement

Financial Services

  • PCI DSS and GLBA compliance

  • Secure client communications

  • Fraud‑resistant data sharing

  • Vendor and partner access control

Legal & Professional Services

  • Attorney‑client privilege protection

  • Secure file sharing and retention

  • Breach prevention for law firms

  • Reputation risk mitigation

Energy, Utilities & Critical Infrastructure

XQ enables secure data sharing and governance across highly distributed, operationally sensitive energy environments.

Key use cases include:

  • Protection of OT, SCADA, and sensor data

  • Secure IT/OT data exchange without expanding attack surfaces

  • Controlled sharing with regulators, suppliers, and service providers

  • Data sovereignty for cross-border energy operations

  • Resilience for disconnected, remote, and field-based systems

How does XQ support compliance?

XQ simplifies compliance by enforcing technical controls directly on data, not just process controls.

Supported compliance and regulatory frameworks include:

  • DoD Zero Trust (Data Pillar)

  • NIST 800‑53, 800‑171, 800‑207

  • FISMA High

  • HIPAA / HITECH

  • GDPR and data sovereignty requirements

  • CJIS

  • PCI DSS

  • FedRAMP (via deployment environment)

XQ provides cryptographic enforcement, immutable audit logs, and policy‑based access controls required for continuous compliance.

How does XQ enable data sovereignty?

XQ enables cryptographic data sovereignty by:

  • Separating data from encryption keys

  • Allowing customer‑controlled, external key stores

  • Enforcing geographic, jurisdictional, and attribute‑based access rules

Data can reside anywhere, but access is governed by sovereign policy, not cloud provider location.

Can XQ work across multiple clouds and environments?

Yes. XQ is cloud‑agnostic and supports:

  • AWS, Azure, and GCP

  • Hybrid and on‑prem environments

  • Edge and disconnected systems

  • SaaS, PaaS, and custom applications

Security policies remain consistent regardless of where data is stored or processed.

How does XQ integrate with existing security tools?

XQ complements—not replaces—existing investments such as:

  • IAM / IdP platforms

  • SIEM and SOAR tools

  • DLP and CASB solutions

  • Cloud security posture management (CSPM)

XQ adds a missing data‑layer control plane that these tools cannot provide.

Does XQ support data labeling and governance?

Yes. XQ supports:

  • Data labeling and classification

  • Attribute‑Based Access Control (ABAC)

  • Role‑Based Access Control (RBAC)

  • Policy‑driven access enforcement

Labels and attributes are enforced cryptographically, not just as metadata, ensuring they cannot be bypassed.

How does XQ support secure data sharing?

XQ enables secure data sharing by:

  • Encrypting data before it leaves the owner

  • Enforcing recipient‑specific access policies

  • Allowing time‑bound, revocable access

  • Preventing unauthorized redistribution

Even if data is copied, forwarded, or stolen, it remains unreadable without policy‑approved access.

How does XQ protect IoT and device-generated data?

XQ provides Zero Trust protection for IoT, OT, and device-generated data, securing data produced by sensors, machines, medical devices, vehicles, and industrial systems—often operating in untrusted, bandwidth-constrained, or disconnected environments.

Key IoT and device protection capabilities include:

Data-Centric Security for Untrusted Devices

  • Protects data regardless of device security posture

  • No implicit trust in firmware, network, or endpoint

  • Data remains encrypted even if devices are compromised

Secure Data at the Edge

  • Encrypts data at or near the point of creation

  • Supports intermittent connectivity and offline operation

  • Prevents exposure during transmission to cloud or analytics platforms

Policy-Based Device and Mission Access

  • Attribute-based policies tied to device type, mission, location, and role

  • Limits downstream use of IoT data based on purpose and authorization

  • Enables revocation without recalling or deleting data

OT / IT Boundary Protection

  • Securely bridges operational technology and IT environments

  • Prevents lateral data exposure across networks

  • Enables controlled sharing with vendors, regulators, and partners

Compliance and Critical Infrastructure Alignment

XQ supports IoT and device data compliance for:

  • NIST 800-53 and 800-171

  • DoD Zero Trust Data Pillar

  • CJIS and public safety systems

  • HIPAA-regulated medical devices

  • Critical infrastructure protection requirements

By securing the data itself, XQ eliminates the need to fully trust IoT devices, networks, or gateways.

Can XQ protect data used by AI and analytics?

Yes. XQ enables secure AI and analytics by:

  • Protecting training and inference data

  • Enforcing usage policies on sensitive datasets

  • Preventing data leakage during model development

  • Supporting data fabrics and lakehouse architectures

XQ ensures AI systems only access data they are authorized to use.

How is XQ deployed?

XQ can be deployed as:

  • A platform integrated into applications

  • A secure data vault for files and objects

  • Secure web gateway

  • A database proxy

  • An API‑driven data protection layer

  • A containerized server dpeloyment

Deployment models support enterprise, government, and mission‑critical environments.

What makes XQ DLP different from Network data loss prevention (DLP)?

DLP focuses on detecting and blocking movement of data.

XQ focuses on controlling the data itself.

Even if data leaves the organization, XQ ensures it remains encrypted, governed, and unusable without authorization.

Why is XQ critical for Zero Trust initiatives?

Most Zero Trust programs fail because they stop at identity, network, or device controls.

XQ completes Zero Trust by:

  • Making data the ultimate enforcement point

  • Eliminating implicit trust based on location

  • Enabling continuous, adaptive access decisions

Without data‑level control, Zero Trust remains incomplete.

How do I get started with XQ?

Organizations typically start with:

  • High‑risk data sharing use cases

  • Compliance‑driven workloads

  • Third‑party or contractor access

  • Cloud and data fabric initiatives

XQ can be evaluated incrementally without disrupting existing infrastructure.

NERC CIP and Energy Sector Grid Compliance

Multiple blog posts cover compliance with AESO / NERC CIP and related power grid controls, focusing on governing industrial data and meeting energy reliability standards through Zero Trust data policies.

Potential new FAQ topics:

  • How does XQ support NERC CIP compliance for electric utilities?

  • What industrial control system (ICS / SCADA) data protections does XQ provide to meet CIP standards?

  • How does Zero Trust Data help energy operators demonstrate compliance to regulators?

Industrial Standards (IEC 62443 / ACP 240)

The blog includes posts about how XQ applies Zero Trust Data to IEC 62443 and related industrial requirements like ACP 240.

Potential new FAQ topics:

  • Does XQ help meet IEC 62443 and industrial cybersecurity standards?

  • How does Zero Trust Data complement existing ICS security frameworks?

ITAR Compliance Implementation Plans

There are blog posts specifically about ITAR implementation with XQ. These provide structured compliance guidance that could be reflected as FAQ content.

Potential new FAQ topics:

  • How does XQ support ITAR compliance for defense and aerospace data?

  • Can XQ enforce access controls for ITAR-regulated content across cloud and edge environments?

CMMC Guidance and Implementation

Multiple posts discuss CMMC compliance, including:

  • Using GCC Moderate + XQ for CUI governance and simplified CMMC alignment.

  • Why Zero Trust Data aligns with future DoD Zero Trust CMMC requirements.

  • How MSPs can streamline compliance with XQ policies.

Potential new FAQ topics:

  • Can XQ reduce manual work in a CMMC audit?

  • How does XQ integrate with Microsoft GCC Moderate for CMMC compliance?

Executive Order 14028 and Federal Cybersecurity

Blog content explains how XQ helps streamline compliance with EO 14028, including secure software practices and Zero Trust data goals for federal agencies.

Potential new FAQ topics:

  • How does XQ support compliance with Executive Order 14028?

  • Does XQ help federal agencies adopt Zero Trust software and data practices as required by EO 14028?

Ransomware Protection and Data Extortion

There are technical posts on how XQ protects files against ransomware exfiltration and extortion attacks through encryption and revocation.

Potential new FAQ topics:

  • Does XQ provide ransomware protection at the data layer?

  • How does XQ prevent exfiltrated data from being usable by attackers?

Quantum-Safe Encryption

A blog post covers quantum-safe encryption, a high-value security topic in enterprise and defense contexts.

Potential new FAQ topics:

  • What is quantum-safe encryption and how does XQ implement it?

  • Does XQ’s encryption future-proof data protection against quantum threats?

Zero Trust AI Security

Multiple posts discuss Zero Trust for AI, including classified AI data protection, AI model governance, SCADA AI systems, and general AI trust crisis issues.

Potential new FAQ topics:

  • How does XQ secure AI training and inference data?

  • Can XQ govern AI model access and outputs in Zero Trust environments?

Data Sovereignty & Right to Be Forgotten (GDPR)

There’s blog-specific content on data residency and the right to be forgotten that goes beyond basic GDPR mention, including geo-restrictive key custody.

Potential new FAQ topics:

  • How does XQ enable GDPR Right to Be Forgotten enforcement?

  • What data residency and geofencing capabilities does XQ provide?

Public Sector Zero Trust Procurement

Posts about AWS Marketplace / Carahsoft Zero Trust storefronts highlight ease of acquisition for government agencies.

Potential new FAQ topics:

  • Can government agencies procure XQ through AWS Marketplace or public sector contracts?

  • Is XQ available through zero trust accelerators or contract vehicles for public sector?