Skip to main content

Overview

VaultWares products undergo rigorous third-party testing and certification to ensure the highest levels of security and compliance. Our certifications demonstrate our commitment to protecting your data and meeting regulatory requirements.

FIPS 140-2/140-3 certification

What is FIPS 140?

The Federal Information Processing Standard (FIPS) 140 is a U.S. government security standard that specifies requirements for cryptographic modules. FIPS validation is required for federal agencies and widely recognized as the gold standard for cryptographic security.

VaultWares FIPS certifications

FIPS 140-2 Level 3

Products: VaultDrive Pro, VaultHSM PCIe, VaultHSM Network, VaultGate series
Certificate: #4127, #4128, #4129

FIPS 140-3 Level 4

Products: VaultDrive Enterprise, VaultHSM Enterprise
Certificate: #5001, #5002

Security levels explained

  • Basic security requirements
  • Software-based cryptography
  • No physical security requirements
Not used in VaultWares products

Validated algorithms

All VaultWares products use FIPS-validated cryptographic algorithms:
AlgorithmUse CaseCertificate
AESSymmetric encryptionCAVP #C2345
RSAAsymmetric encryption, digital signaturesCAVP #C2346
ECDSADigital signaturesCAVP #C2347
SHA-2HashingCAVP #C2348
HMACMessage authenticationCAVP #C2349
DRBGRandom number generationCAVP #C2350

Common Criteria certification

What is Common Criteria?

Common Criteria (ISO/IEC 15408) is an international standard for computer security certification. It provides assurance that security products meet specific security requirements.

VaultWares Common Criteria certifications

EAL4+

Products: VaultDrive series, VaultHSM PCIe/Network
Certificate: CC-24-001, CC-24-002
Augmented with: ALC_FLR.2

EAL5+

Products: VaultHSM Enterprise
Certificate: CC-24-003
Augmented with: ALC_FLR.3, AVA_VAN.5

EAL6+

Products: VaultDrive Enterprise
Certificate: CC-24-004
Augmented with: ALC_FLR.3, AVA_VAN.5

Evaluation Assurance Levels (EAL)

  • EAL1-3: Basic to moderate assurance (not used by VaultWares)
  • EAL4: Methodically designed, tested, and reviewed
  • EAL5: Semi-formally designed and tested
  • EAL6: Semi-formally verified design and tested
  • EAL7: Formally verified design and tested (rare, not used by VaultWares)

ISO/IEC certifications

ISO/IEC 27001 - Information Security Management

Certificate: ISO27001-2024-VW-001
Scope: Design, development, manufacturing, and support of security products
Certified by: BSI Group
Valid until: December 2026 VaultWares maintains an Information Security Management System (ISMS) covering:
  • Product development lifecycle
  • Manufacturing and supply chain
  • Customer support operations
  • Corporate IT infrastructure

ISO/IEC 27017 - Cloud Security

Certificate: ISO27017-2024-VW-002
Scope: VaultHSM Cloud service
Certified by: BSI Group
Valid until: December 2026

ISO/IEC 27018 - Cloud Privacy

Certificate: ISO27018-2024-VW-003
Scope: VaultHSM Cloud service
Certified by: BSI Group
Valid until: December 2026

SOC 2 Type II

Report Period: January 1, 2024 - December 31, 2024
Auditor: Deloitte & Touche LLP
Trust Service Criteria: Security, Availability, Confidentiality

Scope

  • VaultWares cloud infrastructure
  • VaultHSM Cloud service
  • Customer support systems
  • Product development environment

Key controls

  • Access control and authentication
  • Encryption of data at rest and in transit
  • Network security and segmentation
  • Vulnerability management
  • Incident response procedures
  • Business continuity and disaster recovery
  • Vendor management
SOC 2 reports are available to customers under NDA. Contact [email protected] to request a copy.

Industry-specific certifications

Payment Card Industry (PCI)

VaultWares products help organizations meet PCI DSS requirements:
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data
  • Requirement 8: Identify and authenticate access
VaultHSM is listed as a PCI-approved HSM for key management.
Certificate: PCI-PTS-24-001
Products: VaultHSM series
Version: PTS 6.0Approved for PIN encryption and management in payment systems.

Healthcare

VaultWares products meet HIPAA Security Rule requirements:
  • §164.312(a)(2)(iv): Encryption and decryption
  • §164.312(e)(2)(ii): Encryption of ePHI in transit
See our HIPAA compliance guide for implementation details.
VaultWares audit logging and access controls support FDA 21 CFR Part 11 compliance for electronic records and signatures in pharmaceutical and medical device industries.

Government and defense

Certificate: NIAP-24-VW-001
Products: VaultHSM Enterprise
Protection Profile: Cryptographic Module PP v2.0
VaultWares products are approved for use with NATO RESTRICTED information when properly configured and deployed.
VaultWares maintains ITAR compliance for export-controlled cryptographic products. Export licenses available for approved countries.

Biometric certifications

Products: VaultScan Fingerprint, VaultScan Pro
Certificate: PIV-24-001, PIV-24-002Certified for use in U.S. government Personal Identity Verification (PIV) systems.
Products: VaultScan Pro
Certificate: FIPS201-24-001Meets requirements for federal employee and contractor identity verification.
Products: VaultFace Recognition
Level: Level 2 (PAD)
Certificate: ISO30107-24-001Certified for presentation attack detection (anti-spoofing).

Regional certifications

Europe

All VaultWares hardware products carry CE marking, indicating conformity with EU health, safety, and environmental protection standards.
Products: VaultHSM series
Certificate: eIDAS-24-VW-001Qualified for use in eIDAS-compliant digital signature solutions across the European Union.
Products: VaultHSM Enterprise
Certificate: BSI-DSZ-CC-1234-2024Approved for use in German government and critical infrastructure.

Asia Pacific

Products: VaultHSM China Edition
Certificate: OSCCA-24-001Supports SM2, SM3, SM4 algorithms required for Chinese market.
Products: VaultHSM series
Certificate: JCMVP-24-001Japanese Cryptographic Module Validation Program certification.
Products: VaultCrypt, VaultHSM
Certificate: KISA-24-001Korea Internet & Security Agency cryptographic module certification.

Environmental and quality certifications

RoHS compliant

All hardware products comply with EU Restriction of Hazardous Substances directive.

WEEE compliant

Waste Electrical and Electronic Equipment directive compliance for responsible disposal.

ISO 9001

Quality management system certification for manufacturing processes.

ISO 14001

Environmental management system certification.

Ongoing compliance

Regular audits

  • Annual: ISO 27001, SOC 2 Type II
  • Bi-annual: FIPS 140 surveillance audits
  • Quarterly: Internal security audits
  • Continuous: Automated compliance monitoring

Vulnerability management

  • CVE monitoring: 24/7 monitoring of security vulnerabilities
  • Penetration testing: Annual third-party penetration tests
  • Bug bounty program: Responsible disclosure program with rewards
  • Security advisories: Timely notification of security issues

Transparency

Certification repository

Download certificate copies and validation reports

Security advisories

Latest security updates and patches

Compliance portal

Access compliance documentation

Audit reports

Request SOC 2 and audit reports (NDA required)

Certification roadmap

Upcoming certifications (2024-2025)

  • FIPS 140-3 Level 4: VaultGate Enterprise (Q2 2024)
  • Common Criteria EAL6+: VaultHSM Enterprise (Q3 2024)
  • ISO 27701: Privacy Information Management System (Q4 2024)
  • CSA STAR Level 2: Cloud Security Alliance certification (Q1 2025)
  • FedRAMP Moderate: U.S. federal cloud authorization (Q2 2025)

Questions about certifications?

Compliance team

Contact our compliance team

Sales inquiry

Discuss certification requirements

Documentation

View compliance guides

Support

Technical compliance questions