NetApp is committed to security certification to meet confidentiality, integrity, and data availability needs.
As the #1 provider of data storage and management to the U.S. Federal government, NetApp understands the importance of security. NetApp’s history reflects an ongoing commitment to security certification and to the confidentiality, integrity, and availability needs of customers and partners. NetApp was the first storage provider to:
- Achieve Common Criteria (ISO/IEC 15408) certification
- Be certified and listed on the Unified Capabilities (UC) Approved Products List (APL)
NetApp follows a security life cycle model to ensure the integrity of our solutions. Our kernel and architecture provide reliability and security in:
- Confidentiality – Preventing unauthorized access to customer data
- Integrity – Preventing unauthorized changes to customer data
- Availability – Making sure customer data is available (resisting Denial of Service attacks)
NetApp products are equipped with strict Role Based Access Control measures to control administrative access, as well as secure protocols, audit logging, and industry standard encryption. Together, these features help to ensure secure products and solutions for our customers.
The Common Criteria certification is an international standard (ISO/IEC 15408) for IT Security Evaluation.
NetApp ONTAP Software
- ONTAP 9.1 (certification in progress - see Certifying Body Products in Evaluation List)
- Clustered Data ONTAP v8.3.1
- Clustered Data ONTAP v8.2.1
- Data ONTAP 7-Mode v8.2.1
- Data ONTAP 7-Mode v8.2.2 Assurance Continuity
- Data ONTAP 7-Mode v8.1.1
- Data ONTAP 7-Mode v8.1.2 Assurance Continuity
NetApp SolidFire Software
- NetApp CryptoMod (validation in-progress - see FIPS 140-2 Modules in Process List)
- NetApp Storage Encryption (NSE)1
- E-Series / EF-Series Drives1
- NetApp Cryptographic Security Module (NCSM)2
- Gemalto SafeNet KeySecure k460 (Cert #1694)
- Gemalto SafeNet KeySecure k150v (Cert #2049)
Department of Defense Information Network Approved Products List (DoDIN APL)
NetApp’s contributions led to the development of the Unified Capabilities (UC) requirements for a Data Storage Controller (DSC).
- Refer to drive part number on NetApp Disk Drive & Firmware Matrix for FIPS 140-2 certificate and security policy. [return]
- NCSM supports FIPS 140-2 compliant cryptographic operations for select SSL-based management services in ONTAP (as of v8.3.1) and AltaVault (as of v4.0.1). Refer to support documentation on support.netapp.com for details related to cryptographic operations supported. [return]
- Industry leader in certifications and standards
- #1 provider of data storage and management to US Government
- Committed to providing feature-rich security solutions