The OPAQ Cloud – the network backbone and integrated security technologies – meet rigorous certification criteria including:

Common Criteria

Common Criteria (CC) certification for its Next-Generation Firewalls and VPN Gateway under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS)

Service Organization Control 2 (SOC2)

SOC2 Type II certification for the global cloud; SOC2 is a reporting standard defined by the American Institute of Certified Public Accountants (AICPA).

FIPS 140-2

FIPS 140-2, a certification focused on cryptographic functionality. The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) issued the following certifications:

  • Certificate No. 2799
  • Certificate No. 2797
  • Certificate No. 2800
  • Certificate No. 2802
  • Certificate No. 2787
  • Certificate No. 2637
  • Certificate No. 2616
  • Certificate No. 2620
  • Certificate No. 2617
  • Certificate No. 2453


Evaluated by the Department of Defense (DoD) Unified Capabilities (UC) Approved Product List (APL).

Commercial Solutions for Classified (CSfC)

Evaluated and eligible to be used in a CSfC solution per the assessment for NSA Commercial Solutions.


The USGv6 is a testing program organized by the National Institute of Standards and Technology (NIST) that issues proof of compliance to IPv6 specifications outlined in current industry standards.


Evaluated and certified by ICSA Labs, which is an independent division of Verizon.


Network Equipment Building System (NEBS) Level 3 certification. NEBS issues safety, spatial, and environmental design guidelines that are applied to telecommunications equipment in the United States.

CESG Foundation Grade Certification

Received a Foundation Grade certificate, which is based upon the products’ successful Common Criteria performance evaluation.

ANSSI top-level certification

Certified by the Agence nationale de la sécurité des systèms d’information (ANSSI).

PCI 3.1

Evaluation as a level one service provider from the Payment Card Industry Data Security Standard (PCI DSS). The PCI 3.1 certification signifies protection for cardholder data from known attacks and prevents data infiltration from future attacks.