Detailed Security Information
RSA Security Policy
Learn about the security practices, operations, controls, and best practices that secure RSA customers
Read Notices
Certification & Compliance.
RSA is certified to comply with industry standards and regulations governing product security, reliability, and availability. We share these certifications as part of our commitment to earning customer trust and delivering proven performance.
FIDO2 Certification
RSA ID Plus is a FIDO2-certified server. The DS100 and RSA Authenticator App 4.4 for iOS and Android are FIDO2-certified authenticators.
SOC2 Type 2
RSA meets AICPA SOC guidelines requiring CPA issuance of a SOC 2 Type 2 report on controls relevant to security, availability and confidentiality.
Status not applicable to FedRAMP environments.
CSA STAR
RSA cloud services have been listed in the Cloud Security Alliance STAR registry since 2017.
FIPS140-2 / FIPS 140-3 compliance
RSA uses FIPS 140-2/FIPS 140-3 validated cryptographic modules for managing data at rest and in motion across mobile apps, cloud, and on-premises.
FedRAMP
FedRAMP Moderate Authorization for RSA ID Plus for Government through JAB P-ATO process, making the solution available for US government agencies and Federal System Integrators.
ISO9001:2015
The quality management system is certified to the ISO 9001:2015 standard in the fulfillment of SecurID Authentication tokens.
FCC Rules & Regulations for Title 47
RSA hardware authenticators meet FCC guidelines for radiated and conducted emissions in Title 47, part 15 of the CFR.
CE Marking
RSA hardware authenticators meet EU guidelines conforming to directives 93/68/EC: 2004/108/EC: 2006/95/EC: on specifications EN550022 Class A, EN61000-4-2:2008, EN6100-4-3:2006 Class A and RoHS2: EN 50581:2012.
Cybersecurity & Infrastructure Security Agency (CISA) Secure by Design Pledge
RSA has committed to CISA's pledge and commits to continue creating products that are secure by design.
CISA Secure Software Development Attestation Form
RSA has committed to CISA's Secure Software Development Attestation Form and will continue to leverage secure development techniques and toolsets.
Specifications and Standards.
GDPR, CCPA
RSA provides information about some of the applicable aspects described in GDPR and CCPA related to the processing of personal data.
ACR
Product accessibility information is provided in the Access Conformance Report (ACR), which is a filled Voluntary Product Accessibility Template (VPAT) for given products. This is intended to help clients assess the availability of features that support accessibility.
MIL-STD 810F
Ruggedized testing of RSA hardware authenticators for structural integrity has been conducted in accordance with MIL-STD 810F guidelines.
ISO 13491-1, ISO DIS 13491-2
RSA hardware authenticators comply with ISO 13491-1 and ISO DIS 13491-2 (A2.1.2; A1, A2, A4) standards for being tamper-evident.
Method RS101, MIL-STD-461E
RSA hardware authenticators tested for radiated susceptibility comply with test method RS101, MIL-STD-461E.
UL 913-6th edition (US)
RSA hardware authenticators are designed and tested to the UL 913 standard for safety for use in hazardous locations.
CSA-C22.2 No. 157-92
RSA hardware authenticators are designed and tested to CAN/CSA-C22.2 No. 157-92 standard for safety for use in hazardous locations.
RSA Subprocessors
Information about the Subprocessors that RSA has engaged in accordance with the Data Processing Addendum (DPA).
OpenID Connect (OIDC)
The RSA OpenID Connect deployment meets OpenID Foundation certifications for interoperability with other implementations. The OpenID Foundation’s certification process utilizes self-certification and conformance test suites developed by the Foundation.
