Liability protection for events related to acts of cyber terrorism
Both the FireEye Multi-Vector Virtual Execution (MVX) Engine and
Cloud Platform are the first and only true cyber security technologies
to receive the federal SAFETY Act “Certified” designation from the
Department of Homeland Security (DHS).
What SAFETY Act Certification Does
The SAFETY Act is a 2002 federal law that created a liability
management program for providers of anti-terrorism technologies.
SAFETY Act Certification indicates that a provider has proven to DHS
that a “product is not only effective, but also that it performs as
intended, conforms to set specifications, and is safe for use.”
If the DHS deems a particular cyber attack to be an act of
terrorism, it may trigger the SAFETY Act. In those cases, FireEye,
its customers, and all other entities in its supply chain cannot be
sued by third parties for buying or using the MVX Engine or Cloud
Platform, even if product failure is alleged.
Certification provides a strong defense, up to and potentially
including dismissal of third party claims.
Which Products Are Covered
The following products are covered by SAFETY Act Certification:
What You Need to Do
You don’t need to do anything at all. But keep a few things in mind:
- The SAFETY Act Certification applies to all MVX Engine and
Cloud Platform products purchased from July 1, 2008.
act of terrorism/cyberattack (if deemed such) must have occurred on
or after April 22, 2015.
- If you materially change FireEye’s
products that they are no longer the “same” product that DHS
reviewed, the SAFETY Act award may no longer be applicable.
- If you make claims that are not supported by the original
certification, those claims are not protected.
- Certification only covers third party claims. Other claims, such
as those from regulatory entities, are not covered.