The OPAQ Cloud – the hyperscale network and integrated security technologies – built with components that meet rigorous certification criteria including:

The OPAQ Cloud

OPAQ is currently in process for SOC 2, Type 2. Report is expected in the 4th Quarter of 2019.

Palo Alto Networks

Common Criteria: Certification under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) for its Next-Generation Firewall and VPN Gateway — core components of the OPAQ Cloud.

SOC 2: Quality and comprehensiveness of security controls put in place to manage the data sent to Wildfire, Aperture, Cortex XDR, Cortex Data Lake, GlobalProtect cloud service, Evident, and Traps management service.

FIPS 140-2, Level 2: The following certificates have been issued by the National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) — certificate numbers 2799, 2797, 2800, 2802, 2787, 2637, 2616, 2620, 2617, 2453.

DoDIN APL (formerly UC APL): The system meets the requirements of the Unified Capabilities Requirements (UCR) 2013 and is certified for joint use as a Data Firewall (DFW), Intrusion Protection System and Intrusion Detection System (IPDS) and Virtual Private Network (VPN) with no conditions.

Commercial Solutions for Classified (CSfC): Eligible to be used as a Traffic Filtering Firewall and VPN Gateway component in a National Security Agency (NSA) CSfC solution.

Additional Certifications: USGV6, ICSA, NEBS, NCSC Foundation Grade, ANSII top-level. Want more information? click here.

Data Centers

The certifications for the data centers OPAQ uses are too many to list. A common cross-section includes:

SOC: SOC 1 Type 2 and SOC 2 Type 2 reviews of all data centers. The reports provide assurance of corporate controls, including security and environmental compliance.

International Organization for Standardization Certification (ISO 27001): One of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities.

Federal Information Security Management Act (FISMA): Security compliance standard based on National Institute of Standards and Technology (NIST) SP 800-53 R4 and Risk Management Framework (RMF).

Payment Card Industry (PCI) Data Security Standard (DSS): A comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes.

Health insurance portability and Accountability Act (HIPAA) Compliant: Validation alerts that the information security program governing the colocation services implements applicable control guidance in HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health (HITECH) Act requirements.

Cloudflare

Payment Card Industry (PCI) Data Security Standard (DSS): A comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes.

For more information, click here.