SAFETY Act Certification
Liability protection for events related to acts of cyber terrorism
Both the FireEye Multi-Vector Virtual Execution (MVX) Engine and Cloud Platform are the first and only true cyber security technologies to receive the federal SAFETY Act “Certified” designation from the Department of Homeland Security (DHS).
What SAFETY Act Certification Does
The SAFETY Act is a 2002 federal law that created a liability management program for providers of anti-terrorism technologies.
SAFETY Act Certification indicates that a provider has proven to DHS that a “product is not only effective, but also that it performs as intended, conforms to set specifications, and is safe for use.”
If the DHS deems a particular cyber attack to be an act of terrorism, it may trigger the SAFETY Act. In those cases, FireEye, its customers, and all other entities in its supply chain cannot be sued by third parties for buying or using the MVX Engine or Cloud Platform, even if product failure is alleged.
Certification provides a strong defense, up to and potentially including dismissal of third party claims.
Which Products Are Covered
The following products are covered by SAFETY Act Certification:
- Network Threat Prevention (NX Series)
- Email Threat Prevention (EX Series)
- Email Threat Prevention Cloud (ETP)
- Content Threat Prevention (FX Series)
- Malware Analysis Platform (AX Series)
What You Need to Do
You don’t need to do anything at all. But keep a few things in mind:
- The SAFETY Act Certification applies to all MVX Engine and Cloud Platform products purchased from July 1, 2008.
- The act of terrorism/cyberattack (if deemed such) must have occurred on or after April 22, 2015.
- If you materially change FireEye’s products that they are no longer the “same” product that DHS reviewed, the SAFETY Act award may no longer be applicable.
- If you make claims that are not supported by the original certification, those claims are not protected.
- Certification only covers third party claims. Other claims, such as those from regulatory entities, are not covered.