Security Audits & Certifications

Since 2017, DJI’s data security practices have been validated by multiple federal agencies as well as independent private sector firms. The agencies independently procure DJI products off-the-shelf and conduct a thorough technical investigation.

An overview of the audits and their findings are outlined below.

FTI Cybersecurity Audit for Mavic 3T, Pilot 2 & RC Pro (2024)
Assessed the Mavic 3T, Pilot 2 and RC Pro and reaffirmed that when U.S. operators choose to share flight data with DJI, the data resides within U.S.-based servers. Also validated that Local Data Mode (LDM) resulted in no outbound traffic. Click here for more information.

ISO 27001 CERTIFICATION FOR DJI FLIGHTHUB 2 (2023)
DJI FlightHub 2 has obtained ISO 27001 certification, issued by the British Standards Institution (BSI), which proves that the design, development, and operational services (such as risk management, security controls, and continuous improvement) of DJI FlightHub 2 comply with the information security management standards. Click here for more information.

FIPS 140-2 CERTIFICATION (2022)
In 2022, the DJI Core Crypto Engine obtained the NIST FIPS 140-2 CMVP Level 1 certification, which proves that DJI meets the rigorous security standards in design and implementation and provides a high level of protection for sensitive data and communication. The engine is a firmware hybrid cryptographic module which provides foundational security services for the entire platform, including cryptography, key management, platform identity, secure boot, and secure Life Cycle State (LCS).

Formally validated by the U.S. and Canadian Governments, FIPS 140-2 compliance has been widely adopted around the world in both governmental and non-governmental sectors as a practical security benchmark and realistic best practice. The standard ensures that the hardware validated meets specific security requirements.

DJI products are equipped with this secure engine, which indicates that the products have a high level of security and comply with industrial and regulatory security standards. Click here to view the certificate details.

TÜV SÜD AUDIT (2022)
In 2022, TÜV SÜD conducted an audit of the following product portfolios of DJI: DJI consumer drones (DJI Air 2S, DJI Mini 2, and DJI Mavic 3) along with the DJI Fly app (for iOS and Android) and a DJI industrial-grade drone (DJI Matrice 300 RTK) along with the DJI Pilot app (for Android). The audit reports issued by TÜV SÜD confirm that the preceding product portfolios meet the requirements of NIST IR 8259 and ETSI EN 303645 standards in terms of network security and privacy protection. Click here for more information.

BOOZ ALLEN HAMILTON - UAS COE AUDIT (2020)
Cybersecurity firm Booz Allen Hamilton, on behalf of PrecisionHawk’s Unmanned Aerial Intelligence Technology Center of Excellence (UAS CoE), conducted risk assessment testing and analysis of three DJI commercial drone products: Mavic Pro GE, Matrice 600 Pro GE, and Mavic 2 Enterprise. Click here for more information.

FTI SECURITY AUDIT (2020)
FTI Consulting (FTI) conducted an independent review and validation of Local Data Mode and DJI’s drone products through a source code review of DJI applications as well as a hardware cybersecurity review of devices. The audit found that when Local Data Mode was enabled, no data generated by the drone or application was sent externally to infrastructure operated by any third party, including DJI, validating DJI’s assertions about the utility and function of the feature. Click here for more information.

IDAHO NATIONAL LABORATORY (2019)
The Idaho National Laboratory conducted a cybersecurity test which involved DJI Matrice 600 Pro and Mavic Pro 2 GE edition drones. The report found “no major areas of concern related to data leakage, thereby supporting that the multi-layered mitigations DOI has in place are in fact working as designed to meet their published security requirements”. Click here for more information.

U.S. DEPARTMENT OF INTERIOR AUDIT (2019)
The U.S. Department of Interior (DOI) conducted thorough tests and evaluations on the DJI government-grade (GE) version of drones. Click here for more information.

KIVU SECURITY AUDIT (2018)
Kivu is a global technology and consultancy firm. In 2018, DJI released Kivu’s independent report, which reviewed DJI’s data practices and concluded that DJI is capable of protecting users’ personal data. Click here for more information.

DJI FLIGHTHUB SOC2 AUDIT (2017)
DJI FlightHub products passed the SOC2 certification issued by the American Institute of Certified Public Accountants.