NetApp is committed to security certification to meet confidentiality, integrity, and data availability needs.
As the #1 provider of data storage and management to the U.S. Federal government, NetApp understands the importance of security. NetApp’s history reflects an ongoing commitment to security certification and to the confidentiality, integrity, and availability needs of customers and partners. NetApp was the first storage provider to:
- Achieve Common Criteria (ISO/IEC 15408) certification
- Be certified and listed on the Unified Capabilities (UC) Approved Products List (APL)
NetApp follows a security life cycle model to ensure the integrity of our solutions. Our kernel and architecture provide reliability and security in:
- Confidentiality – Preventing unauthorized access to customer data
- Integrity – Preventing unauthorized changes to customer data
- Availability – Making sure customer data is available (resisting Denial of Service attacks)
NetApp products are equipped with strict Role Based Access Control measures to control administrative access, as well as secure protocols, audit logging, and industry standard encryption. Together, these features help to ensure secure products and solutions for our customers.
The Common Criteria certification is an international standard (ISO/IEC 15408) for IT Security Evaluation. The Common Criteria is the driving force for the widest available mutual recognition of secure IT products, officially recognized by 31 countries. NetApp was the first storage provider to achieve Common Criteria certification.
- ONTAP 9.10.1P7 FDEcPP
- ONTAP 9.7P13 FDEcPP
- ONTAP 9.5 EAL 2+ Assurance Continuity
- ONTAP 9.3 EAL 2+ Assurance Continuity
- ONTAP 9.1 EAL 2+
- Data ONTAP 7-Mode 8.2.2 EAL 2+ Assurance Continuity
- Data ONTAP 7-Mode 8.2.1 EAL 2+
- E-Series and EF Series SANtricity OS 11.50 NDcPP (NDcPP US)
- NetApp E-Series & EF-Series with SANtricity OS 11.70 [NDcPP](https://www.commoncriteriaportal.org/files/epfiles/551 LSS CT no sig Eng-1-1.pdf) (NDcPP US)
- NetApp StorageGRID 11.5 EAL 2+
FIPS 140-2 is a U.S. and Canadian government standard that establishes security requirements for a cryptographic module, which is the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.
- NetApp Cryptomod 2.2 Cert #4144
- NetApp Cryptomod 2.1 Cert #3387
- NetApp CryptoMod 2.0 Cert #3072
- NetApp Storage Encryption (NSE)1
- E-Series / EF-Series Drives1
- NetApp Cryptographic Security Module (NCSM)2 Cert #4297
Department of Defense Information Network Approved Products List (DoDIN APL)
The Department of Defense Information Network (DoDIN) Approved Products List (APL) is the single consolidated list of products that have completed Cybersecurity (CS) and Interoperability (IO) certification. The DoDIN APL process is used to test and certify products that affect communication and collaboration across the DoDIN and is an acquisition decision support tool for DoD organizations interested in procuring equipment to add to the DISN to support their mission. NetApp’s contributions led to the development of the Unified Capabilities (UC) Approved Products List (APL) requirements for a Data Storage Controller (DSC).
- ONTAP 9.12 APL Memo
- ONTAP 9.11 APL Memo
- ONTAP 9.8 APL Memo
- ONTAP 9.7 APL Memo
- ONTAP 9.6 APL Memo
- ONTAP 9.3
- ONTAP 9.1
- Data ONTAP 7-Mode 8.2.1
Commercial Solutions for Classified Validated Component List
The Commercial Solutions for Classified (CSfC) Program is a key component of the U.S. National Security Agency commercial cybersecurity strategy. CSfC-validated products require two independent layers of encryption and are proven to meet rigorous security requirements for protection of classified National Security Systems data. As the industry’s first CSfC-validated enterprise-class storage solution, ONTAP enables you to protect at both the hardware and the software layer for rugged security.
- 9.10.1P7 NSA CSfC Component List
- 9.7P13 NSA CSfC Component List
- NetApp Volume Encryption NIAP Compliance Product Listing - NVE
- NetApp Storage Encryption NIAP Compliance Product Listing - NSE
For all other accreditations, including ISO and SOC 2, visit the NetApp Trust Center.
NCSM supports FIPS 140-2 compliant cryptographic operations for select SSL-based/HTTPS management services in ONTAP and Element OS. Refer to support documentation on support.netapp.com for details related to cryptographic operations supported. ↩︎
- Industry leader in certifications and standards
- #1 provider of data storage and management to US Government
- Committed to providing feature-rich security solutions