Milestone Cybersecurity

Compliance

Meet global standards with confidence

At Milestone, we design our video technology to support compliance and privacy-respecting operations. Our products are built with features that can help you to meet key regulatory frameworks.

Grounded in global compliance standards

Milestone adheres to the NIST standards for secure software development of XProtect as required by the U.S. Executive Order 14028. These standards meet the needs of global sectors such as critical infrastructure, finance, government and healthcare, supporting protection of sensitive data. And they lay a strong foundation for helping companies achieve FIPS and GDPR compliance.

Federal Information Processing Standards (FIPS)

Our products are designed to align with FIPS 140-2 standards, using Microsoft’s Cryptography API, Next Generation (CNG) for secure cryptographic functions. This means they meet the high security standards required by government and regulated industries in the US and Canada, making them a reliable choice for organizations aiming for FIPS compliance.

Read article

General Data Protection Regulation (GDPR)

Our comprehensive suite of materials, including guides and training, support your organization in deploying and managing video surveillance systems that respect privacy and comply with EU regulations.

Read article

Executive Order on Cybersecurity (EO 14028)

Our commitment to secure software development is evidenced by Milestone’s compliance with the NIST Secure Software Development Framework and the attestation requirement under the US Executive Order 14028 for 2024 XProtect product releases.

Read article

Frequently asked questions

Got questions? We’ve got answers. Browse through our FAQ section for more information on compliances and regulations.

Which Milestone XProtect products are GDPR compliant?

GDPR compliance is not about the product and its features, but how the product is used and the policies and processes implemented by the company using the product. Milestone XProtect has features needed to comply with GDPR like setting retention periods and control access to data. The company can use all XProtects products in a GDPR compliant way, but the company must implement policies and processes as required by GDPR rules.

Read more here

If I install Milestone XProtect VMS on a FIPS-enabled Windows server, is it fully secured against hacking?

Running Milestone XProtect VMS on a FIPS-enabled Windows server ensures that approved secure cryptographic functions are used. It however is still required to protect the servers, network, cameras etc. with the regular security protections like, hardening the Windows servers, installing certificates for encrypted communication, applying regular security patches, etc. With this done your installation will be protected as best can, but even with this done it can never be “fully” secure as there may be unknown vulnerabilities somewhere in the software and components used that might be exploitable.

Which Milestone products conform to Executive Order 14028?

All Milestone XProtect variants 2024R1 and later are compliant with the secure software development framework established by Executive Order 14028

現在、ご希望の言語に対して、対応中です