Security Certifications

NetApp is committed to security certification to meet confidentiality, integrity, and data availability needs.

As the #1 provider of data storage and management to the U.S. Federal government, NetApp understands the importance of security. NetApp’s history reflects an ongoing commitment to security certification and to the confidentiality, integrity, and availability needs of customers and partners. NetApp was the first storage provider to:

NetApp follows a security life cycle model to ensure the integrity of our solutions. Our kernel and architecture provide reliability and security in:

  • Confidentiality – Preventing unauthorized access to customer data
  • Integrity – Preventing unauthorized changes to customer data
  • Availability – Making sure customer data is available (resisting Denial of Service attacks)

NetApp products are equipped with strict Role Based Access Control measures to control administrative access, as well as secure protocols, audit logging, and industry standard encryption. Together, these features help to ensure secure products and solutions for our customers.

Common Criteria

The Common Criteria certification is an international standard (ISO/IEC 15408) for IT Security Evaluation. The Common Criteria is the driving force for the widest available mutual recognition of secure IT products, officially recognized by 31 countries. NetApp was the first storage provider to achieve Common Criteria certification.




  • SolidFire Element OS 12.2 EAL 2+
  • SolidFire Element OS 10.3 EAL 2+
  • SolidFire Element OS 8 EAL 2+


  • NetApp StorageGRID 11.5 EAL 2+

FIPS 140-2

FIPS 140-2 is a U.S. and Canadian government standard that establishes security requirements for a cryptographic module, which is the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.

  • NetApp Cryptomod 2.2 Cert #4144
  • NetApp Cryptomod 2.1 Cert #3387
  • NetApp CryptoMod 2.0 Cert #3072
  • NetApp Storage Encryption (NSE)1
  • E-Series / EF-Series Drives1
  • NetApp Cryptographic Security Module (NCSM)2 Cert #4297

Department of Defense Information Network Approved Products List (DoDIN APL)

The Department of Defense Information Network (DoDIN) Approved Products List (APL) is the single consolidated list of products that have completed Cybersecurity (CS) and Interoperability (IO) certification. The DoDIN APL process is used to test and certify products that affect communication and collaboration across the DoDIN and is an acquisition decision support tool for DoD organizations interested in procuring equipment to add to the DISN to support their mission. NetApp’s contributions led to the development of the Unified Capabilities (UC) Approved Products List (APL) requirements for a Data Storage Controller (DSC).

Commercial Solutions for Classified Validated Component List

The Commercial Solutions for Classified (CSfC) Program is a key component of the U.S. National Security Agency commercial cybersecurity strategy. CSfC-validated products require two independent layers of encryption and are proven to meet rigorous security requirements for protection of classified National Security Systems data. As the industry’s first CSfC-validated enterprise-class storage solution, ONTAP enables you to protect at both the hardware and the software layer for rugged security.


Other Accreditations

For all other accreditations, including ISO and SOC 2, visit the NetApp Trust Center.

  1. Refer to drive part number on NetApp Disk Drive & Firmware Matrix for FIPS 140-2 certificate and security policy. ↩︎ ↩︎

  2. NCSM supports FIPS 140-2 compliant cryptographic operations for select SSL-based/HTTPS management services in ONTAP and Element OS. Refer to support documentation on for details related to cryptographic operations supported. ↩︎

Key Points

  • Industry leader in certifications and standards
  • #1 provider of data storage and management to US Government
  • Committed to providing feature-rich security solutions