NetApp Becomes First Vendor to Achieve FIPS 140-2 Level 3 Certification for Its Entire Line of Storage Security Solutions

Sunnyvale, Calif. - December 12, 2007 -- NetApp (NASDAQ: NTAP) today announced that it has achieved Federal Information Processing Standard (FIPS) 140-2 Level 3 certification for the storage encryption processor used in the DataFort® and Lifetime Key Management™ (LKM) appliances, making NetApp the only storage vendor with Level 3 certification across its entire product line of storage security solutions.

FIPS 140-2 is an internationally recognized standard for cryptography products. Level 3 certification requires extensive third-party lab certification, with more than 1,000 separate tests for physical security, design quality, cryptographic best practices, line-by-line code review, fully specified state model, and independent cryptanalysis. As a result, FIPS 140-2 Level 3 provides one of the highest levels of assurance for security products.

Most alternative storage security solutions rely on software-based processes for encryption or key management activities, often running on a general-purpose operating system. This software-based architecture is not subjected to rigorous certifications such FIPS 140-2 Level 3, which mandates that certain cryptographic operations be handled only in a secure environment. As a result, with software-based encryption solutions, customers are much more susceptible and vulnerable to security breaches such as compromise of encryption keys.

The complete line of NetApp® storage security products represents the only available unified solution for protecting and managing all elements of an enterprise environment from a single interface and with an enterprise-class key management system. While other companies provide certification for a subset of their products at varying levels of certification, NetApp remains committed to meeting the recognized standards of security for data at rest and to providing its customers a wide variety of security options with FIPS 140-2 Level 3 certification to meet their needs.

"Government and enterprise customers recognize the importance of third-party certification as not only a fundamental business requirement, but also a necessity for peace of mind," said Tim Russell, vice president and general manager of the Storage Security business unit at NetApp. "We remain committed to seeking and receiving third-party validation of our storage security solutions. Our customers can be confident that NetApp provides end-to-end certification of its portfolio and has the right storage security solution to meet their most stringent security requirements and enable an outstanding customer experience."

NetApp security solutions with FIPS Level-3 certification enable customers to encrypt and decrypt data by using a hardware AES-256 engine. In addition, customers now have the ability to generate keys by using a FIPS-approved commercial "true" random number generator system and to establish keys by using FIPS-approved commercially available key establishment protocols. NetApp storage security products also provide a chassis intrusion detector that provides tamper notification services and enables key access rights restriction based on platform roles.

For more information and the complete line of NetApp storage security solutions and certifications, please visit www.netapp.com/us/products/storage-security-systems/datafort/. For more information regarding the NetApp FIPS certificate numbers 833, 846, 847 and 848 issued by NIST go to http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#833.

About NetApp
NetApp is a leading provider of innovative data management solutions that simplify the complexity of storing, managing, protecting, and retaining enterprise data. Market leaders around the world choose NetApp to help them reduce cost, minimize risk, and adapt to change. For solutions that deliver unmatched simplicity and value, visit us on the Web at www.netapp.com.

Press Contact:
Roger Villareal
NetApp
408-822-1959
rogerv@netapp.com