Security Certifications

NetApp is committed to security certification to meet confidentiality, integrity, and data availability needs.

As the #1 provider of data storage and management to the U.S. Federal government, NetApp understands the importance of security. NetApp’s history reflects an ongoing commitment to security certification and to the confidentiality, integrity, and availability needs of customers and partners. NetApp was the first storage provider to:

NetApp follows a security life cycle model to ensure the integrity of our solutions. Our kernel and architecture provide reliability and security in:

  • Confidentiality – Preventing unauthorized access to customer data
  • Integrity – Preventing unauthorized changes to customer data
  • Availability – Making sure customer data is available (resisting Denial of Service attacks)

NetApp products are equipped with strict Role Based Access Control measures to control administrative access, as well as secure protocols, audit logging, and industry standard encryption. Together, these features help to ensure secure products and solutions for our customers.

Common Criteria

The Common Criteria certification is an international standard (ISO/IEC 15408) for IT Security Evaluation. The Common Criteria is the driving force for the widest available mutual recognition of secure IT products, officially recognized by 31 countries. NetApp was the first storage provider to achieve Common Criteria certification.



  • SolidFire Element OS 10.3 EAL 2+
  • SolidFire Element OS 8 EAL 2+


FIPS 140-2

FIPS 140-2 is a U.S. and Canadian government standard that establishes security requirements for a cryptographic module, which is the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.

  • NetApp Cryptomod 2.1 Cert #3387
  • NetApp CryptoMod 2.0 Cert #3072
  • NetApp Storage Encryption (NSE)1
  • E-Series / EF-Series Drives1
  • NetApp Cryptographic Security Module (NCSM)2
  • Gemalto SafeNet KeySecure k150v Cert #2049

Department of Defense Information Network Approved Products List (DoDIN APL)

The Department of Defense Information Network (DoDIN) Approved Products List (APL) is the single consolidated list of products that have completed Cybersecurity (CS) and Interoperability (IO) certification. The DoDIN APL process is used to test and certify products that affect communication and collaboration across the DoDIN and is an acquisition decision support tool for DoD organizations interested in procuring equipment to add to the DISN to support their mission. NetApp’s contributions led to the development of the Unified Capabilities (UC) Approved Products List (APL) requirements for a Data Storage Controller (DSC).

  1. Refer to drive part number on NetApp Disk Drive & Firmware Matrix for FIPS 140-2 certificate and security policy. [return]
  2. NCSM supports FIPS 140-2 compliant cryptographic operations for select SSL-based management services in ONTAP (as of v8.3.1) and AltaVault (as of v4.0.1). Refer to support documentation on for details related to cryptographic operations supported. [return]

Key Points

  • Industry leader in certifications and standards
  • #1 provider of data storage and management to US Government
  • Committed to providing feature-rich security solutions