Certifications and Compliance
We focus on security, compliance, and privacy to be your most trusted cybersecurity company
Trellix certifications and compliance
Common Criteria Certificate of EAL2+ for Trellix Endpoint Security
Common Criteria (ISO/IEC 15408) is an international framework for evaluating IT product security that provides independent, third-party verification of security, enabling buyers to select products based on certified, standardized, and reliable security claims.
DORA
The Digital Operational Resilience Act (DORA) is an EU regulation designed to increase cybersecurity and resilience across financial institutions and third-party service providers in the EU.
FedRAMP
Federal Risk and Authorization Management Program (FedRAMP) is a Federal Government-wide program that provides a standardized approach to the security assessment, authorization, and monitoring of cloud products and services.
IL5
Impact Level 5 (IL5) is a certification by the U.S. Department of Defense (DoD) that authorizes a cloud service provider to store and process some of their most sensitive data. Trellix EDR has been granted DoD IL5 certification.
ISO 27001
One of the highest internationally recognized standards for information security, ISO 27001 specifies requirements covering an information security management system (ISMS). Trellix was certified ISO 27001 compliant in 2022.
LAST ISSUE: December 17, 2024
ISO 27017
ISO 27017 covers the information security aspects of cloud computing, recommending cloud-specific information security controls that supplement ISO 27002 and ISO 27001. Trellix was certified ISO 27017 compliant in 2022.
LAST ISSUE: December 17, 2024
ISO 27018
ISO 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information (PII). Trellix was certified ISO 27018 compliant in 2022.
LAST ISSUE: December 17, 2024
ISO 27701
ISO 27701 specifies requirements for a Privacy Information Management System (PIMS) with guidance for managing and protecting personally identifiable information (PII). Trellix was certified ISO 27701 compliant in 2022.
LAST ISSUE: December 17, 2024
NCA Cybersecurity Controls of Saudi Arabia
The National Cybersecurity Authority (NCA) in Saudi Arabia plays a pivotal role in safeguarding the Kingdom’s critical infrastructure, businesses, and citizens from the growing threat of cyberattacks.
Get the Solution Brief (English) Get the Solution Brief (Arabic) Watch the On-Demand Webinar
NIS 2
The EU Network and Information Security Directive 2 (NIS 2) is designed to increase cybersecurity and resilience across the EU. Organizations must implement a wide range of risk management approaches and policies.
Qatar Information & Cyber Security Regulation for Payment Service Providers
The QCB Information & Cyber Security Regulation for PSPs establishes a mandatory cybersecurity baseline for all payment institutions operating in Qatar. It enforces measures to safeguard payment data, secure IT systems, and manage cyber risks.
Qatar National Information Assurance Standard (NIAS)
NIAS—also referred to as the NIA Standard—is a regulatory framework developed by the National Cyber Security Agency (NCSA) to ensure that all entities handling national or critical information assets follow a consistent and comprehensive set of cybersecurity practices.
SOC 2
Service Organization Control Type 2 (SOC 2) is a cybersecurity framework developed by the American Institute of Certified Public Accountants (AICPA) that evaluates an organization's ability to securely manage customer data.
TISAX
Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard ISA catalog based on key aspects of information security such as data protection and connection to third parties.