NetApp Becomes First Vendor to Achieve FIPS 140-2 Level 3 Certification for Its Entire Line of Storage Security Solutions
Sunnyvale, Calif. - December 12, 2007
-- NetApp (NASDAQ: NTAP) today announced that it has achieved
Federal Information Processing Standard (FIPS) 140-2 Level 3
certification for the storage encryption processor used in the
DataFort® and Lifetime Key Management™ (LKM) appliances,
making NetApp the only storage vendor with Level 3 certification
across its entire product line of storage security solutions.
FIPS 140-2 is an internationally recognized
standard for cryptography products. Level 3 certification requires
extensive third-party lab certification, with more than 1,000
separate tests for physical security, design quality, cryptographic
best practices, line-by-line code review, fully specified state
model, and independent cryptanalysis. As a result, FIPS 140-2 Level
3 provides one of the highest levels of assurance for security
Most alternative storage security solutions
rely on software-based processes for encryption or key management
activities, often running on a general-purpose operating system.
This software-based architecture is not subjected to rigorous
certifications such FIPS 140-2 Level 3, which mandates that certain
cryptographic operations be handled only in a secure environment.
As a result, with software-based encryption solutions, customers
are much more susceptible and vulnerable to security breaches such
as compromise of encryption keys.
The complete line of NetApp® storage
security products represents the only available unified solution
for protecting and managing all elements of an enterprise
environment from a single interface and with an enterprise-class
key management system. While other companies provide certification
for a subset of their products at varying levels of certification,
NetApp remains committed to meeting the recognized standards of
security for data at rest and to providing its customers a wide
variety of security options with FIPS 140-2 Level 3 certification
to meet their needs.
"Government and enterprise customers recognize
the importance of third-party certification as not only a
fundamental business requirement, but also a necessity for peace of
mind," said Tim Russell, vice president and general manager of the
Storage Security business unit at NetApp. "We remain committed to
seeking and receiving third-party validation of our storage
security solutions. Our customers can be confident that NetApp
provides end-to-end certification of its portfolio and has the
right storage security solution to meet their most stringent
security requirements and enable an outstanding customer
NetApp security solutions with FIPS Level-3
certification enable customers to encrypt and decrypt data by using
a hardware AES-256 engine. In addition, customers now have the
ability to generate keys by using a FIPS-approved commercial "true"
random number generator system and to establish keys by using
FIPS-approved commercially available key establishment protocols.
NetApp storage security products also provide a chassis intrusion
detector that provides tamper notification services and enables key
access rights restriction based on platform roles.
For more information and the complete line of
NetApp storage security solutions and certifications, please visit
www.netapp.com/us/products/storage-security-systems/datafort/. For more information regarding the NetApp FIPS
certificate numbers 833, 846, 847 and 848 issued by NIST go to
NetApp is a leading provider of innovative data management
solutions that simplify the complexity of storing, managing,
protecting, and retaining enterprise data. Market leaders around
the world choose NetApp to help them reduce cost, minimize risk,
and adapt to change. For solutions that deliver unmatched
simplicity and value, visit us on the Web at