SAFETY Act Certification

Liability protection for events related to acts of cyber terrorism

Both the FireEye Multi-Vector Virtual Execution (MVX) Engine and Cloud Platform are the first and only true cyber security technologies to receive the federal SAFETY Act “Certified” designation from the Department of Homeland Security (DHS). 

What SAFETY Act Certification Does

The SAFETY Act is a 2002 federal law that created a liability management program for providers of anti-terrorism technologies.

SAFETY Act Certification indicates that a provider has proven to DHS that a “product is not only effective, but also that it performs as intended, conforms to set specifications, and is safe for use.”

If the DHS deems a particular cyber attack to be an act of terrorism, it may trigger the SAFETY Act. In those cases, FireEye, its customers, and all other entities in its supply chain cannot be sued by third parties for buying or using the MVX Engine or Cloud Platform, even if product failure is alleged.

Certification provides a strong defense, up to and potentially including dismissal of third party claims.

Which Products Are Covered

The following products are covered by SAFETY Act Certification:

• Network Security (NX Series)
• Email Security (EX Series)
• Email Security Cloud (ETP)
• File Protect (FX Series)
• Malware Analysis (AX Series)

What You Need to Do

You don’t need to do anything at all. But keep a few things in mind:

• The SAFETY Act Certification applies to all MVX Engine and Cloud Platform products purchased from July 1, 2008.
• The act of terrorism/cyberattack (if deemed such) must have occurred on or after April 22, 2015.
• If you materially change FireEye’s products that they are no longer the “same” product that DHS reviewed, the SAFETY Act award may no longer be applicable.
• If you make claims that are not supported by the original certification, those claims are not protected.
• Certification only covers third party claims. Other claims, such as those from regulatory entities, are not covered.