Security, Consistency and Governance
Mobile devices and apps face rising security risks, making compliance with complex regulations essential for businesses and government agencies. Zimperium empowers organizations to achieve and maintain top industry and compliance standards. Discover how Zimperium solutions help achieve and maintain your security and compliance needs.
PSD2 | EU Regulations for Payment Service Providers
PSD2 sets strict security requirements for payment service providers and merchants handling electronic payments for EU citizens. To comply, organizations must ensure strong data protection, secure communications, and robust mobile app security. Zimperium helps companies meet these PSD2 standards by safeguarding device and software integrity, securing communications, and supporting strong customer authentication to reduce security risks.
PCI | Security Standards for the Payment Card Industry
Organizations that handle credit card data—including through mobile payments and SoftPOS—must comply with PCI DSS and evolving standards like MPoC, which sets flexible security requirements for payment solutions on everyday devices. Zimperium enables businesses to protect mobile apps and devices, secure payment data, and meet PCI regulations. Zimperium Mobile Threat Defense safeguards against device and network attacks, while the Mobile Application Protection Suite helps developers build secure, compliant mobile apps, supporting the strict requirements of PCI SPoC, CPoC, and MPoC.
NERC | Critical Infrastructure Security Standard
NERC CIP standards require securing mobile devices used in critical infrastructure. Zimperium’s solutions help utilities protect these devices and mobile apps from cyber threats at the device, network, and application level. With Zimperium MTD, organizations gain persistent, on-device security, while Zimperium MAPS safeguards the mobile apps managing critical infrastructure.
ISO/SAE 21434 | Automotive Cybersecurity Standard
The ISO/SAE 21434 standard, jointly developed by SAE International and ISO in 2020, sets the first cybersecurity guidelines for the automotive industry. The standard applies to automotive components and interfaces and includes efforts for securing high-level processes in the design, manufacturing, maintenance, and end-of-life phases of vehicles. As more vehicles connect with mobile devices and apps, protecting these connections is critical to prevent unauthorized access. Zimperium delivers advanced, real-time protection for mobile devices and apps used with vehicles, leveraging AI to defend against various cyber threats on Android, iOS, and ChromeOS platforms.
HIPAA | Requirements to Secure Private Health Information & Communications
Healthcare organizations face growing mobile security threats and must meet strict HIPAA requirements to protect patient data. To comply with HIPAA, organizations managing protected health information (PHI) must safeguard their mobile apps and ensure end-user devices don’t leave sensitive data exposed. Zimperium MTD delivers continuous, on-device protection against threats like malware, phishing, and network attacks, while MAPS safeguards mobile applications throughout their lifecycle, ensuring compliance and reducing security risks for healthcare providers.
EMVCo | Security for Software-Based Mobile Payments
EMVco is responsible for managing specifications and testing programs to ensure card-based payment products work together seamlessly and securely. EMVCo sets and manages security standards for card-based and mobile payments, ensuring systems work securely and reliably. Its Software-Based Mobile Payment program validates that mobile payment solutions meet strict security requirements, including code protection and cryptographic safeguards. Zimperium enables organizations to comply with EMVCo standards by providing robust solutions like zShield for app hardening, zKeyBox for key protection, and zDefend for ongoing threat detection and compliance—all powered by advanced machine learning technology.
NIST SP 800-124 | US Government Guidelines for Managing the Security of Mobile Devices
NIST Special Publication 800-124 provides organizations with clear guidelines for securing mobile devices, covering both company-owned and bring-your-own devices. The standard highlights the need for mobile threat defense, application vetting, and vulnerability identification. Zimperium’s advanced solutions—including zShield, zKeyBox, and zDefend—enable organizations to meet these standards by protecting mobile apps and devices from evolving threats. Zimperium Mobile Threat Defense delivers comprehensive protection against various attacks, while Advanced App Analysis helps identify security and privacy risks in mobile applications, ensuring alignment with NIST 800-124 requirements.
FedRAMP | US Federal Government Certifications for Cybersecurity Vendors
Zimperium was the first mobile threat defense provider to be granted an Authority to Operate (ATO) status from FedRAMP. Zimperium’s mobile endpoint security solutions for federal agencies are deployed on the AWS GovCloud infrastructure. With Zimperium solutions, federal agencies can establish effective defenses against device, network, phishing, and malicious application threats. These solutions can detect threats on devices, even if devices are disconnected from trusted networks via a man-in-the-middle attack or rogue access point.
NDB | Australia’s Regulation for Protecting Personal Data
Australia’s Notifiable Data Breaches (NDB) requirement sets clear rules for notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) whenever a personal data breach occurs. With Zimperium, organizations can establish robust security around their mobile apps and mobile devices that store or manage personal information. Zimperium’s Mobile Application Protection Suite (MAPS) enables teams to build secure and compliant mobile applications, combining comprehensive in-app protection with centralized threat visibility. With Zimperium MTD, security teams can leverage an advanced mobile threat defense solution that enables persistent, on-device protection on both corporate-owned and BYOD devices, while ensuring user privacy.
IRAP | Australian Program for Certifying Cybersecurity Assessors
The Information-Security Registered Assessor Program (IRAP) provides a foundation for independently assessing a system's security against Australian government policies and guidelines. The assessment provides assurance of data security controls and procedures for federal, state, and local government entities – as well as critical infrastructure organizations. IRAP operates under the governance and administration of the Australian Cyber Security Centre (ACSC), and leverages the Information Security Manual (ISM) for specific guidance.
Zimperium initiated an IRAP assessment of its Mobile Threat Defense (MTD) solution in a sovereign Australian data centre—enabling agencies and critical infrastructure organizations to seamlessly adopt mobile threat defense capabilities to detect mobile breaches and protect data. Zimperium’s investment in IRAP assessment emphasizes dedication to supporting the Australian government’s mobile cybersecurity capabilities. This is paired with Zimperium’s investment in AGSVA cleared specialists, a platform that aligns to the PROTECTED security classification, and a strong Australian partner ecosystem to deliver complex and integrated solutions to government agencies. Zimperium is reshaping mobile security for the government, ensuring maximum protection for Australia’s most sensitive data assets.
ISM | Cybersecurity Framework from the Government of Australia
The Information Security Manual's (ISM) objective is to outline cybersecurity mitigation strategies and the controls organizations can implement, in conjunction with their risk management framework, to protect their systems and data from cyber threats. Zimperium MTD enables organisations to better understand risk exposure and detect advanced exploits and attacks in a mobile-centric world. Zimperium MTD proactively:
- Analyses an organisation’s fleet of devices for misconfigurations (risk) and compromises
- Assesses all networks that personnel are connecting to
- Filters out unwanted or unapproved content categories and blocks phishing attacks from any vector (e.g., SMS, WhatsApp, Messenger, Email, QR Code)
- Vets iOS and Android mobile apps for security, privacy, and malware.
These capabilities allow for alignment to the ISM’s 40+ mobility security controls and for a structured risk-based approach to ACSC mobile compliance.
SEBI | The Securities and Exchange Board of India
The Securities and Exchange Board of India (SEBI) mandates financial institutions to adhere to the Cybersecurity and Cyber Resilience Framework (CSCRF), which includes comprehensive guidelines for mobile security to combat evolving threats. Zimperium's mobile security platform assists institutions in meeting these regulations by providing real-time threat detection, proactive defense, and continuous monitoring to ensure the security of mobile apps and devices.
GDPR | EU’s Regulation for Protecting Personally Identifiable Information
The EU’s General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personally identifiable information (PII). The GDPR sets out the principles for data management and the rights of the individual, while also holding organisations accountable by imposing fines for non-compliance. To ensure compliance, any mobile devices and applications containing or processing PII must be secured against exposure and theft.
Zimperium MTD is an advanced mobile security solution that enables persistent, on-device protection on both corporate-owned and BYOD devices. The Mobile Application Protection Suite (MAPS) from Zimperium helps organizations build secure and compliant mobile applications as well as protect mobile apps running end users’ mobile devices.
DORA | EU Standards for Operational Resilience
The Digital Operational Resilience Act (DORA) requires financial entities in the EU to ensure that their ICT systems, including mobile applications, are resilient against disruptions and threats. Zimperium’s Mobile Application Protection Suite (MAPS) helps organizations meet these requirements by providing comprehensive security measures throughout the mobile app lifecycle, including vulnerability scanning, encryption, anomaly detection, and real-time threat monitoring.
