Citrix Secure Private Access™

Product certifications and compliance

February 16, 2026

Contributed by:

Citrix Secure Private Access is a Zero Trust Network Access (ZTNA) solution that helps organizations securely connect users to applications without exposing networks directly to the internet. Secure Private Access is delivered as part of the broader Citrix Cloud and hybrid service portfolio and is governed by Citrix’s cloud service compliance and audit programs.

This page summarizes the certifications and compliance attestations applicable to Secure Private Access.

Certifications and Audits

SOC 2® Type 2:

Secure Private Access is covered under Citrix’s SOC 2 Type 2 audit program.

SOC 2 Type 2 audits have evaluated the security, availability, confidentiality, processing integrity, and privacy controls applicable to Citrix Cloud services, including Secure Private Access.
ISO 27001 & ISO 27701:

Secure Private Access is included within Citrix’s ISO 27001 (Information Security Management) and ISO 27701 (Privacy Information Management) certified service portfolio.

These globally recognized certifications affirm that security and privacy management practices are formally established, documented, and continuously improved.
HIPAA:

Secure Private Access is suitable for use in environments that require HIPAA compliance when configured and contracted appropriately. Citrix’s cloud compliance documentation indicates HIPAA applicability for Secure Private Access.
PCI DSS 4.0:

Secure Private Access is included within Citrix’s annual PCI DSS assessments for applicable cloud services. Customers deploying Secure Private Access in PCI-scoped environments might need to implement additional controls to meet PCI requirements. PCI DSS compliance follows a shared responsibility model between Citrix and the customer.
FIPS / Common Criteria:

Secure Private Access can be deployed as part of a FIPS-compliant solution when paired with FIPS-certified or FIPS-enabled NetScaler platforms and the FIPS-certified Citrix CryptoKit used by Citrix Workspace app.

For Common Criteria, Secure Private Access integrates with Common Criteria (NDcPP) certified NetScaler platforms and Common Criteria certified Citrix Workspace app, enabling deployments that align with Common Criteria requirements at the solution level.
Australia IRAP (Information Security Registered Assessors Program):

Secure Private Access is included within Citrix’s cloud services that undergo IRAP assessments by accredited Australian Government assessors.

IRAP provides independent validation that Citrix Cloud services align with the Australian Government Information Security Manual (ISM) security controls.

Certificates and audit reports

Download the available certificates and audit reports through the Citrix Trust Center.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Product certifications and compliance

February 16, 2026

Contributed by:

February 16, 2026

Contributed by:

Product certifications and compliance

Certifications and Audits

Certificates and audit reports

In this article