Global Compliance Simplified
with AppGate ZTNA

AppGate’s Commitment to Compliance and Security

AppGate maintains industry certifications and internal practices that validate our commitment to Zero Trust principles and customer trust.

FIPS 140-3
This compliance indicates that AppGate ZTNA meets the Federal Information Processing Standard (FIPS) 140-3, which sets the benchmark for cryptographic modules protecting sensitive information. This compliance is crucial for federal agencies and organizations that handle sensitive data.
SOC 2 Type 2
This compliance ensures that AppGate ZTNA adheres to rigorous security and privacy controls, safeguarding data across cloud and hybrid environments. SOC 2 Type 2 compliance demonstrates a high level of trustworthiness in AppGate ZTNA's service delivery and data protection practices, following a Zero Trust approach.
NIAP Common Criteria
Achieving EAL2+ under the Common Criteria certification process demonstrates that AppGate ZTNA has undergone a thorough evaluation against internationally recognized standards for security and trustworthiness. This certification assures customers of the product's ability to protect sensitive information and resist unauthorized access. AppGate ZTNA is the only ZTNA solution to achieve Common Criteria certification meeting the most stringent security requirements for government agencies.
NIAP Protection Profile
This certification confirms that AppGate ZTNA *Client 6.4* has been validated by NIAP for compliance with the Protection Profile for Application Software with the Functional Package for TLS, ensuring it meets the rigorous security requirements necessary for deployment in classified and mission-critical U.S. government environments.
NIST 800-53
AppGate ZTNA features correspond to specific controls defined by the National Institute of Standards and Technology (NIST) in the NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations publication
DISA Category Assurance List (CAL) Approval
This approval signifies that AppGate ZTNA is accredited to run in specific environments within the DOD, meeting the Defense Information Systems Agency's (DISA) stringent security and compliance standards for mission application-level accreditation.
DoD Authority to Operate IL2 – IL6
AppGate ZTNA has received Authority to Operate across the DOD Impact Levels, from IL2 to IL6. This authorization enables AppGate ZTNA to safeguard sensitive information, including data classified up to the Secret level.
U.S. Military Command Penetration Tested
AppGate ZTNA has been rigorously tested by U.S. Cyber Command, Army Cyber and Air Force Cyber. The solution received a high-mission impact/low-risk rating, indicating its strong security measures and its ability to protect against cyber threats effectively.

Achieve Regulatory Compliance with a Zero Trust Approach

Modern compliance is complex. AppGate ZTNA helps organizations align with global requirements for data privacy, risk reduction, and secure access by embedding Zero Trust at the foundation.

CMMC 2.0 DoD Contractor Compliance

Enforce access controls and protect controlled unclassified information (CUI).

  • Least-Privilege Access: Limit exposure of CUI
  • Audit Trails: Demonstrable access and configuration logs
  • Integration with FedRAMP/FISMA processes where applicable
United States
NIST Framework Federal Compliance

Align cybersecurity with federal guidelines.

  • Zero Trust Architecture: Enforces least privilege
  • NIAP Certification: Validates security capabilities
  • Federal Expertise: Proven record with DoD branches
United States
PCI DSS Securing Cardholder Data

Protect CDEs by securing networks and restricting access.

  • Microsegmentation: Isolate CDEs
  • Reduced Attack Surface: Cloaks servers with SPA
  • Continuous Monitoring: Real-time policy enforcement
Global / US-specific
DORA Digital Operational Resilience Act

Ensure ICT operational resilience for financial entities.

  • Resilience Controls: Maintain access controls and continuity plans
  • Incident Reporting Support: Detailed timelines and forensic logs
  • Third-Party Risk Management: Secure third-party access with fine-grained policies
European Union
HIPAA Safeguarding PHI

Protect PHI privacy and security.

  • Granular Access Control: Role and context-based
  • Secure Remote Access: VPN replacement
  • Activity Logging: Audit trails for compliance
Global / US-specific
ISA / IEC 62443 Industrial Control System Security

Secure OT and industrial control systems.

  • ZTNA for OT: Protect controllers and HMIs with identity-centric policies
  • Microsegmentation: Isolate industrial zones
  • Policy Enforcement: Enforce device posture and allowed communications
Global
GDPR Protecting EU Citizen Data

Protect personal data, enforce consent, manage cross-border transfers.

  • Zero Trust Access: Authorized user-only access
  • Secure Data Transfers: EU-U.S. DPF support and data routing controls
  • Audit-Ready Logging: Detailed access logs for auditors
European Union & EEA (affects international transfers)
POPIA Protection of Personal Information Act

Protect personal information and meet data subject rights.

  • Data Subject Controls: Enable access, correction, and portability workflows
  • Secure Transfers: Control where and how data flows
  • Logging & Monitoring: Support compliance investigations
South Africa
LFPDPPP Ley Federal de Protección de Datos Personales en Posesión de los Particulares

Mexico's data protection framework for personal data processing.

  • Access Controls: Role-based and contextual access
  • Transfer Controls: Manage cross-border flows
  • Audit Logging: Support regulatory reporting
Mexico
LGPD Lei Geral de Proteção de Dados

Protect personal data of Brazilian residents and meet local transfer rules.

  • Data Localization Options: Route and limit processing locations
  • Consent and Access Controls: Enforce user-level restrictions
  • Forensic Logs: Support breach notification and response
Brazil
IRS 1075

Protect federal tax information (FTI) with Appgate ZTNA, enforcing least-privilege access and helping organizations maintain full compliance with IRS 1075 requirements. 

  • Access Controls: Enforce least-privilege access to FTI based on identity and device posture
  • Data Protection: Encrypt federal tax information in transit and at rest
  • Audit & Reporting: Maintain detailed logs to support IRS audits and compliance evidence
United States
GLBA Gramm-Leach-Bliley Act

Protect sensitive financial information and ensure regulatory compliance with Appgate’s Zero Trust solutions, designed to meet GLBA requirements for access control, data security, and audit accountability.

  • Access Controls: Restrict access to sensitive financial data based on role and risk context
  • Data Security: Encrypt and monitor customer financial information in transit and at rest
  • Audit & Accountability: Track access and changes to financial records to support regulatory compliance
United States
CISA Zero Trust Maturity Model 2.0

Align with CISA’s Zero Trust Maturity Model 2.0 for a strategic, phased approach to security.

  • Identity & Access Management: Continuously verify users and devices for every access request
  • Segment-of-One Access: Grant only the access each user needs, when they need it
  • Visibility & Analytics: Monitor all access and activity to inform risk-based decisions
  • Data Protection: Encrypt and secure sensitive data based on context
  • Automation & Orchestration: Apply policy-driven controls to streamline adoption
United States
TSA Security Directive Pipeline 2021-02D

Strengthen security of pipeline and critical infrastructure operations against cyber threats.

  • Least-Privilege Access: Limit access to operational systems
  • Continuous Monitoring: Detect anomalous behavior in OT and IT environments
  • Segmentation: Prevent lateral movement between business and operational networks
United States
NIS2

Strengthen cybersecurity resilience and demonstrate compliance with NIS2 requirements.

  • Zero Trust Access Controls: Enforce least-privilege policies to secure critical infrastructure and essential services.
  • Continuous Verification: Monitor users, devices, and context in real time to prevent unauthorized access.
  • Audit-Ready Visibility: Maintain detailed logs of access activity to support incident reporting and regulatory audits.
European Union Member States (critical infra)
Schrems II

Demonstrate lawful international data transfers and supplementary safeguards post-Schrems II.

  • Direct-Routed Architecture: Control over data path to reduce transfer exposures
  • Data Localization Controls: Route or restrict flows per country policy
  • Enhanced Logging: Prove where data was processed and accessed
European Union

Industry-Aligned Zero Trust Security

Federal Government

AppGate delivers secure, direct-routed Zero Trust access that aligns with NIST and CMMC 2.0, trusted by DoD branches and federal agencies to protect mission-critical systems.

Learn More

Manufacturing

We secure complex OT and IT environments with Zero Trust, reducing risk in supply chains, protecting intellectual property, and ensuring production continuity.

Learn More

Energy & Utilities

AppGate safeguards critical infrastructure with Zero Trust controls that meet TSA directives and NERC CIP requirements, securing operations in highly targeted sectors.

Learn More

Healthcare

Protect PHI and meet HIPAA mandates with granular access controls, secure remote access for clinicians and vendors, and detailed audit logging for compliance.

Learn More

Financial Services

AppGate enables PCI DSS and global financial compliance by cloaking critical assets, segmenting environments, and continuously verifying user and device trust.

Learn More

Retail

We help retailers meet PCI DSS and data privacy requirements by securing payment environments, protecting customer data, and enabling flexible, scalable Zero Trust access.

Featured Resources

Video
How ZTNA Helps Solve the Top 5 Compliance Gaps

Learn how ZTNA replaces VPNs with per-session visibility, least-privilege access, centralized policy, detailed audit trails and more.

Watch Now
Solution Brief
Achieving NERC CIP Compliance with ZTNA
Read More
Datasheet
Helping Federal Agencies Achieve C2C Compliance
Read More
Article
How ZTNA Resolves the Top Compliance Gaps in Modern Access Control
Read More

Turn Compliance Into Competitive Advantage with AppGate ZTNA

Book a Demo