NetApp is committed to security certification to meet confidentiality, integrity, and data availability needs.

As the #1 provider of data storage and management to the U.S. Federal government, NetApp understands the importance of security. NetApp’s history reflects an ongoing commitment to security certification and to the confidentiality, integrity, and availability needs of customers and partners. NetApp was the first storage provider to:

• Achieve Common Criteria (ISO/IEC 15408) certification
• Be certified and listed on the Unified Capabilities (UC) Approved Products List (APL)

NetApp follows a security life cycle model to ensure the integrity of our solutions. Our kernel and architecture provide reliability and security in:

• Confidentiality – Preventing unauthorized access to customer data
• Integrity – Preventing unauthorized changes to customer data
• Availability – Making sure customer data is available (resisting Denial of Service attacks)

NetApp products are equipped with strict Role Based Access Control measures to control administrative access, as well as secure protocols, audit logging, and industry standard encryption. Together, these features help to ensure secure products and solutions for our customers.

Common Criteria

The Common Criteria certification is an international standard (ISO/IEC 15408) for IT Security Evaluation. The Common Criteria is the driving force for the widest available mutual recognition of secure IT products, officially recognized by 31 countries. NetApp was the first storage provider to achieve Common Criteria certification.

ONTAP

• ONTAP 9.10.1P7 FDEcPP
• ONTAP 9.7P13 FDEcPP
• ONTAP 9.5 EAL 2+ Assurance Continuity
• ONTAP 9.3 EAL 2+ Assurance Continuity
• ONTAP 9.1 EAL 2+
• Data ONTAP 7-Mode 8.2.2 EAL 2+ Assurance Continuity
• Data ONTAP 7-Mode 8.2.1 EAL 2+

E-Series

• E-Series and EF Series SANtricity OS 11.50 NDcPP (NDcPP US)
• NetApp E-Series & EF-Series with SANtricity OS 11.70 [NDcPP](https://www.commoncriteriaportal.org/files/epfiles/551 LSS CT no sig Eng-1-1.pdf) (NDcPP US)

SolidFire

• SolidFire Element OS 12.2 EAL 2+
• SolidFire Element OS 10.3 EAL 2+
• SolidFire Element OS 8 EAL 2+

StorageGRID

• NetApp StorageGRID 11.5 EAL 2+

FIPS 140-2

FIPS 140-2 is a U.S. and Canadian government standard that establishes security requirements for a cryptographic module, which is the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.

• NetApp Cryptomod 2.2 Cert #4144
• NetApp Cryptomod 2.1 Cert #3387
• NetApp CryptoMod 2.0 Cert #3072
• NetApp Storage Encryption (NSE)¹
• E-Series / EF-Series Drives¹
• NetApp Cryptographic Security Module (NCSM)² Cert #4297

Department of Defense Information Network Approved Products List (DoDIN APL)

The Department of Defense Information Network (DoDIN) Approved Products List (APL) is the single consolidated list of products that have completed Cybersecurity (CS) and Interoperability (IO) certification. The DoDIN APL process is used to test and certify products that affect communication and collaboration across the DoDIN and is an acquisition decision support tool for DoD organizations interested in procuring equipment to add to the DISN to support their mission. NetApp’s contributions led to the development of the Unified Capabilities (UC) Approved Products List (APL) requirements for a Data Storage Controller (DSC).

• ONTAP 9.12 APL Memo
• ONTAP 9.11 APL Memo
• ONTAP 9.8 APL Memo
• ONTAP 9.7 APL Memo
• ONTAP 9.6 APL Memo
• ONTAP 9.3
• ONTAP 9.1
• Data ONTAP 7-Mode 8.2.1

Commercial Solutions for Classified Validated Component List

The Commercial Solutions for Classified (CSfC) Program is a key component of the U.S. National Security Agency commercial cybersecurity strategy. CSfC-validated products require two independent layers of encryption and are proven to meet rigorous security requirements for protection of classified National Security Systems data. As the industry’s first CSfC-validated enterprise-class storage solution, ONTAP enables you to protect at both the hardware and the software layer for rugged security.

ONTAP

• 9.10.1P7 NSA CSfC Component List
• 9.7P13 NSA CSfC Component List
• NetApp Volume Encryption NIAP Compliance Product Listing - NVE
• NetApp Storage Encryption NIAP Compliance Product Listing - NSE

Other Accreditations

For all other accreditations, including ISO and SOC 2, visit the NetApp Trust Center.

• NetApp Trust Center