The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
PCI DSS applies to all entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
Trend Micro Deep Security as a Service is certified as a PCI DSS level 1 service provider. Coalfire, a Qualified PCI Auditor, has certified Deep Security as a Service according to version 3.2 of the PCI Data Security Standard. The Attestation of Compliance is available on request. Deep Security as Service is hosted on AWS, which is also PCI certified.
For more information, see Meet PCI DSS requirements with Deep Security.
Common Criteria EAL2+
Common Criteria (CC) is an international standard for computer security certification. It provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard, and repeatable manner at a level that is commensurate with the target environment for use.
Trend Micro Deep Security provides, in both virtualised and physical environments, the combined functionality of a Common Criteria EAL2 validated Firewall, Anti-Virus, Deep Packet Inspection, Integrity Monitoring, Log Inspection, and support for multi-tenant virtual environments.
More information about how to configure and deploy Deep Security in a CC EAL2+ can be found at:
Deep Security Help Centre Common Criteria Configuration
Federal Information Processing Standard (FIPS) is a set of standards for cryptographic modules. For in-depth information about FIPS, see the National Institute of Standards and Technology (NIST) website.
Trend Micro Deep Security provides settings that enable cryptographic modules to run in a mode that is compliant with FIPS 140-2 standards. We have obtained certification for our Java crypto module and Native crypto module (OpenSSL).
For more information on configuration of Deep Security in FIPS mode, see:
FIPS 140-2 support