// Trust & Security Report
Check Point Software Technologies Ltd.
Comprehensive cybersecurity platform with network security (Harmony SASE, firewalls, WAF), cloud security (CloudGuard), workspace security (email, endpoint, mobile), and AI-powered solutions (Workforce AI Security, ThreatCloud AI). Founded 1993, publicly traded, global enterprise-tier vendor.
Certifications held
10
Maturity
Enterprise
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on checkpoint.com“Check Point holds SOC 2 Type II certification, which addresses 'the suitability of the design and operating effectiveness of the controls described therein to meet the applicable trust services criteria'. The Type II report covers Workspace Security, Infinity Platform, and Quantum & CloudGuard products across multiple trust service principles.”
Verify on sase.checkpoint.com“Check Point demonstrates ISO 27001 & 27002 compliance, confirming they meet standards for information security management systems and risk management. Certificate available for download.”
Verify on sase.checkpoint.com“ISO 27002 provides best practice recommendations to support ISO 27001 compliance. Check Point's certifications confirm alignment with both standards.”
Verify on checkpoint.com“Check Point demonstrates GDPR compliance posture including DPA availability for customers and distributors, GDPR Statement, EU Standard Contractual Clauses, data residency options (EU, US, India, Australia), and explicit privacy rights procedures. Privacy policy states compliance with EEA/UK data subject rights.”
Verify on checkpoint.com“Check Point Force R81.20 and R82, SMB Spark R81.10.10, Security Gateway cryptographic module (Certificate #4264), and Endpoint Security FDE/MEPP (Certificate #2788) hold FIPS 140-2 certification.”
Verify on checkpoint.com“Check Point Security Gateway and Management products are certified to EAL4+ and current Protection Profiles under Common Criteria.”
Verify on checkpoint.com“Check Point holds C5 certification from German BSI (Federal Office for Information Security) for cloud computing compliance controls.”
Verify on checkpoint.com“Check Point products meet CESG NCSC Cyber Essentials Plus UK cybersecurity certification standards.”
Verify on checkpoint.com“Check Point products are recognized under the NSA Commercial Solutions for Classified program.”
Verify on sase.checkpoint.com“Check Point platform 'aligns with more than 40 CIS Safeguards across 11 of the 18 CIS Controls' from Center for Internet Security.”
> Show 4 unconfirmed / not-held certifications
source: sase.checkpoint.comCheck Point SASE is stated to 'help achieve HIPAA compliance goals' and is mentioned as supporting HIPAA requirements, but no formal HIPAA certification or Business Associate Agreement (BAA) is explicitly documented or confirmed. Evidence indicates capability/alignment rather than formal certification.
source: sase.checkpoint.comHITRUST is mentioned in educational content (glossary entry) but no evidence that Check Point holds an active HITRUST certification. No entry found on HITRUST registry.
source: blog.checkpoint.comCheck Point is pursuing FedRAMP authorization, with public statements targeting approval 'sometime in 2025' for SaaS products including Harmony Email & Collaboration, Harmony Endpoint, and CloudGuard. Certification is not yet active.
source: checkpoint.comCheck Point's Secure AI Advisory Service is aligned to ISO 42001 standards and helps customers achieve compliance, but Check Point itself does not hold an ISO 42001 certification. They provide governance service using ISO 42001 as a framework.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
EU (Ireland), US, India, Australia - customers can select preferred data residency region during onboarding
Check Point states: 'We may use telemetry, threat indicators, interaction data, and other data processed through the Services to enhance the efficiency, security, functionality, and performance of our Services, including capabilities powered by artificial intelligence.' When acting as a processor, 'any AI-related processing of customer data is carried out in connection with providing, maintaining, securing, and enhancing our Services' and 'Check Point does not use customer data for unrelated purposes.' Customers can download DPA and have it signed. DPA version control and sub-processor list maintained.
// Security controls
Encryption in transit
Confirmed - SASE platform includes encryption of transmitted data with TLS/SSL support
sase.checkpoint.comEncryption at rest
Confirmed - FIPS 140-2 certified cryptographic modules for data at rest protection
checkpoint.comData access controls
Confirmed - Role-based access control (RBAC), multi-factor authentication, zero-trust security model across products
checkpoint.comVulnerability disclosure program
Available - Vulnerability Disclosure Policy documented on Trust Center
checkpoint.comData breach notification
Confirmed - Personal Data Breach Policy on Trust Center outlines response procedures
checkpoint.comSub-processor transparency
Confirmed - Sub-processor list available on Trust Center, vendors assessed via Vendors Information Security Assessment Policy
checkpoint.comAI governance
Formal AI Policy on Trust Center outlining responsible use of generative AI with data handling, privacy, transparency, and accountability directives
checkpoint.comClaude Compliance API integration
Check Point Workforce AI Security integrates with Claude Enterprise via Compliance API for audit-grade visibility, DLP scanning of Claude interactions, and per-user activity tracking across web, desktop, and mobile
sc1.checkpoint.com// Products & data scope
data: Network traffic, user activity, threat data
SOC 2 Type 2, ISO 27001, GDPR, HIPAA-ready. Supports multiple data residency regions. Includes firewall, VPN, WAF, DDoS, secure web gateway, and zero trust capabilities.
data: User interactions with AI tools (Claude, ChatGPT, etc.), DLP scanning, activity logs
New AI security product. Integrates with Claude Enterprise via Compliance API for visibility and DLP. Scans for PII, credentials, regulated data.
data: Cloud infrastructure, workload security, container scanning, code security
Multi-cloud platform for AWS, Azure, GCP. Includes CNAPP, code security, cloud posture management. Pursuing FedRAMP certification.
data: Endpoint threat detection, behavior analysis, malware protection
FIPS 140-2 certified FDE and MEPP components. Includes mobile threat defense.
data: Email content, attachment scanning, collaboration tool activity
Gartner Magic Quadrant leader. SOC 2 Type 2 certified. Pursuing FedRAMP certification.
data: Global threat intelligence, malware samples, vulnerability data
AI-powered threat intelligence platform. Product Privacy Data Sheet available on Trust Center.
data: Web traffic, API requests, application layer threats
Cloud and on-premises deployment. SOC 2 Type 2 certified.
data: Network traffic, threat prevention, IPS/IDS data
On-premises network security. Common Criteria EAL4+, FIPS 140-2 certified. Gartner Magic Quadrant leader.
// What to watch
- HIPAA: Marketing states Harmony SASE 'helps achieve HIPAA compliance' but no formal HIPAA certification or signed BAA documented. Appears to be capability-based rather than formally certified.
- FedRAMP: Mentioned in homepage and materials as future target (2025), but certification is not yet active. Risk of user confusion with aspirational vs. current status.
- ISO 42001: Check Point aligns their Secure AI Advisory Service to ISO 42001 standards to help customers comply, but Check Point itself does not hold the certification. Clear distinction maintained.
- HITRUST: Mentioned in educational/glossary content but no evidence of Check Point holding active HITRUST certification.
- PCI DSS: Referenced in community discussions and downloadable sample reports, but company-wide certification status unclear—may be product-specific or customer-applicable rather than vendor certification.
- CSA STAR: Not confirmed. CSA CCoP 2.0 mentioned in community but not CSA STAR certification.
- Responsible AI document (PDF) is available but detailed content could not be fully extracted for verification due to PDF format.
// At a glance
Pricing model
Enterprise subscription-based with tiered service levels. Harmony SASE includes per-user licensing. Professional services and managed security services available.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Check Point Software Technologies Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
checkpoint.com