Certifications and Compliance
Adherence to technology certifications and industry compliance is critical to maintaining a robust and stalwart security profile. Because of this, Mandiant is dedicated to ensuring that Mandiant security products and technologies meet or exceed critical industry certifications and compliance requirements.
PCI DSS V3.2 - Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard, administered by the PCI Security Standards Council, that’s designed to encourage and enhance cardholder data security and promote the adoption of consistent data security measures around the technical and operational components related to cardholder data. Mandiant engages a Qualified Security Assessor (“QSA”) company to conduct annual audit against the eligible criteria for the PCI Self-Assessment Questionnaire for Service Providers (SAQ-D) and has successfully received an Attestation of Compliance (AoC) covering its Mandiant Managed Defense services.
EU-U.S. Privacy Shield, and the Swiss-U.S. Privacy Shield
Mandiant complies with the requirements of the EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Mandiant adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability with respect to all personal information transferred from the EU or Switzerland to the US within the scope of its Privacy Shield certification. Mandiant does not use Privacy Shield as a mechanism for cross-border data transfer.
National Institute of Standards and Technology Special Publication 800-171 was released in June 2015. It focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in non-federal information systems and organizations and defines security requirements to achieve that objective. Mandiant has undergone a self-assessment that confirmed compliance with NIST 800-171 controls. Mandiant continually evaluates their compliance with NIST 800-171.
Mandiant is committed to adopting the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) Program and is currently “CMMC Ready” for our US-based Managed Defense service. Mandiant anticipates full certification for this and other offerings as the program continues to evolve and mature through 2023.
EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF)
Mandiant complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries (including EEA member countries), Switzerland and the UK respectively.