// Trust & Security Report

    Check Point Software Technologies Ltd. logo

    Check Point Software Technologies Ltd.

    Comprehensive cybersecurity platform with network security (Harmony SASE, firewalls, WAF), cloud security (CloudGuard), workspace security (email, endpoint, mobile), and AI-powered solutions (Workforce AI Security, ThreatCloud AI). Founded 1993, publicly traded, global enterprise-tier vendor.

    Certifications held

    10

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Check Point holds SOC 2 Type II certification, which addresses 'the suitability of the design and operating effectiveness of the controls described therein to meet the applicable trust services criteria'. The Type II report covers Workspace Security, Infinity Platform, and Quantum & CloudGuard products across multiple trust service principles.

    Verify on checkpoint.com
    ISO 27001
    HELD

    Check Point demonstrates ISO 27001 & 27002 compliance, confirming they meet standards for information security management systems and risk management. Certificate available for download.

    Verify on sase.checkpoint.com
    ISO 27002
    HELD

    ISO 27002 provides best practice recommendations to support ISO 27001 compliance. Check Point's certifications confirm alignment with both standards.

    Verify on sase.checkpoint.com
    GDPR
    HELD

    Check Point demonstrates GDPR compliance posture including DPA availability for customers and distributors, GDPR Statement, EU Standard Contractual Clauses, data residency options (EU, US, India, Australia), and explicit privacy rights procedures. Privacy policy states compliance with EEA/UK data subject rights.

    Verify on checkpoint.com
    FIPS 140-2
    HELD

    Check Point Force R81.20 and R82, SMB Spark R81.10.10, Security Gateway cryptographic module (Certificate #4264), and Endpoint Security FDE/MEPP (Certificate #2788) hold FIPS 140-2 certification.

    Verify on checkpoint.com
    Common Criteria (ISO/IEC 15408)
    HELD

    Check Point Security Gateway and Management products are certified to EAL4+ and current Protection Profiles under Common Criteria.

    Verify on checkpoint.com
    C5 (German BSI Cloud Computing Compliance)
    HELD

    Check Point holds C5 certification from German BSI (Federal Office for Information Security) for cloud computing compliance controls.

    Verify on checkpoint.com
    CESG NCSC Cyber Essentials Plus
    HELD

    Check Point products meet CESG NCSC Cyber Essentials Plus UK cybersecurity certification standards.

    Verify on checkpoint.com
    NSA CSfC (Commercial Solutions for Classified)
    HELD

    Check Point products are recognized under the NSA Commercial Solutions for Classified program.

    Verify on checkpoint.com
    CIS Controls Alignment
    HELD

    Check Point platform 'aligns with more than 40 CIS Safeguards across 11 of the 18 CIS Controls' from Center for Internet Security.

    Verify on sase.checkpoint.com
    > Show 4 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    Check Point SASE is stated to 'help achieve HIPAA compliance goals' and is mentioned as supporting HIPAA requirements, but no formal HIPAA certification or Business Associate Agreement (BAA) is explicitly documented or confirmed. Evidence indicates capability/alignment rather than formal certification.

    source: sase.checkpoint.com
    HITRUST
    NOT CONFIRMED

    HITRUST is mentioned in educational content (glossary entry) but no evidence that Check Point holds an active HITRUST certification. No entry found on HITRUST registry.

    source: sase.checkpoint.com
    FedRAMP
    NOT CONFIRMED

    Check Point is pursuing FedRAMP authorization, with public statements targeting approval 'sometime in 2025' for SaaS products including Harmony Email & Collaboration, Harmony Endpoint, and CloudGuard. Certification is not yet active.

    source: blog.checkpoint.com
    ISO 42001 (AI Management System)
    NOT CONFIRMED

    Check Point's Secure AI Advisory Service is aligned to ISO 42001 standards and helps customers achieve compliance, but Check Point itself does not hold an ISO 42001 certification. They provide governance service using ISO 42001 as a framework.

    source: checkpoint.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    EU (Ireland), US, India, Australia - customers can select preferred data residency region during onboarding

    Check Point states: 'We may use telemetry, threat indicators, interaction data, and other data processed through the Services to enhance the efficiency, security, functionality, and performance of our Services, including capabilities powered by artificial intelligence.' When acting as a processor, 'any AI-related processing of customer data is carried out in connection with providing, maintaining, securing, and enhancing our Services' and 'Check Point does not use customer data for unrelated purposes.' Customers can download DPA and have it signed. DPA version control and sub-processor list maintained.

    // Security controls

    Encryption in transit

    Confirmed - SASE platform includes encryption of transmitted data with TLS/SSL support

    sase.checkpoint.com

    Encryption at rest

    Confirmed - FIPS 140-2 certified cryptographic modules for data at rest protection

    checkpoint.com

    Data access controls

    Confirmed - Role-based access control (RBAC), multi-factor authentication, zero-trust security model across products

    checkpoint.com

    Vulnerability disclosure program

    Available - Vulnerability Disclosure Policy documented on Trust Center

    checkpoint.com

    Data breach notification

    Confirmed - Personal Data Breach Policy on Trust Center outlines response procedures

    checkpoint.com

    Sub-processor transparency

    Confirmed - Sub-processor list available on Trust Center, vendors assessed via Vendors Information Security Assessment Policy

    checkpoint.com

    AI governance

    Formal AI Policy on Trust Center outlining responsible use of generative AI with data handling, privacy, transparency, and accountability directives

    checkpoint.com

    Claude Compliance API integration

    Check Point Workforce AI Security integrates with Claude Enterprise via Compliance API for audit-grade visibility, DLP scanning of Claude interactions, and per-user activity tracking across web, desktop, and mobile

    sc1.checkpoint.com

    // Products & data scope

    Harmony SASECloud & Network Security

    data: Network traffic, user activity, threat data

    SOC 2 Type 2, ISO 27001, GDPR, HIPAA-ready. Supports multiple data residency regions. Includes firewall, VPN, WAF, DDoS, secure web gateway, and zero trust capabilities.

    Workforce AI SecurityAI & Workspace Security

    data: User interactions with AI tools (Claude, ChatGPT, etc.), DLP scanning, activity logs

    New AI security product. Integrates with Claude Enterprise via Compliance API for visibility and DLP. Scans for PII, credentials, regulated data.

    CloudGuardCloud Security

    data: Cloud infrastructure, workload security, container scanning, code security

    Multi-cloud platform for AWS, Azure, GCP. Includes CNAPP, code security, cloud posture management. Pursuing FedRAMP certification.

    Endpoint Protection PlatformEndpoint Security

    data: Endpoint threat detection, behavior analysis, malware protection

    FIPS 140-2 certified FDE and MEPP components. Includes mobile threat defense.

    Email & Collaboration SecurityWorkspace Security

    data: Email content, attachment scanning, collaboration tool activity

    Gartner Magic Quadrant leader. SOC 2 Type 2 certified. Pursuing FedRAMP certification.

    ThreatCloud AIThreat Intelligence & AI

    data: Global threat intelligence, malware samples, vulnerability data

    AI-powered threat intelligence platform. Product Privacy Data Sheet available on Trust Center.

    WAF (Web Application Firewall)Application Security

    data: Web traffic, API requests, application layer threats

    Cloud and on-premises deployment. SOC 2 Type 2 certified.

    Quantum & Next-Generation FirewallsNetwork Security

    data: Network traffic, threat prevention, IPS/IDS data

    On-premises network security. Common Criteria EAL4+, FIPS 140-2 certified. Gartner Magic Quadrant leader.

    // What to watch

    • HIPAA: Marketing states Harmony SASE 'helps achieve HIPAA compliance' but no formal HIPAA certification or signed BAA documented. Appears to be capability-based rather than formally certified.
    • FedRAMP: Mentioned in homepage and materials as future target (2025), but certification is not yet active. Risk of user confusion with aspirational vs. current status.
    • ISO 42001: Check Point aligns their Secure AI Advisory Service to ISO 42001 standards to help customers comply, but Check Point itself does not hold the certification. Clear distinction maintained.
    • HITRUST: Mentioned in educational/glossary content but no evidence of Check Point holding active HITRUST certification.
    • PCI DSS: Referenced in community discussions and downloadable sample reports, but company-wide certification status unclear—may be product-specific or customer-applicable rather than vendor certification.
    • CSA STAR: Not confirmed. CSA CCoP 2.0 mentioned in community but not CSA STAR certification.
    • Responsible AI document (PDF) is available but detailed content could not be fully extracted for verification due to PDF format.

    // At a glance

    Pricing model

    Enterprise subscription-based with tiered service levels. Harmony SASE includes per-user licensing. Professional services and managed security services available.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Check Point Software Technologies Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    checkpoint.com

    > Browse all vendor trust reports