Menu

NetApp compliance offerings

magnify glass

May 2021

No single standard or set of controls apply to all possible scenarios. Compliance programs vary in accordance with the type and nature of the solution that is managed under specific controls related to a given compliance program. NetApp organizes its compliance offerings by services, hardware, and software.


FIPS 140-2
NetApp offers cryptographic modules that have achieved FIPS 140-2 validation, which can vary across hardware and software.

∇ For details about NetApp compliance, see FIPS 140-2.


General Data Protection Regulation (GDPR)
NetApp maintains a comprehensive GDPR strategy. Whether you are a data controller or data processor, NetApp products and services offer the tools necessary to implement programs that support your compliance with the GDPR, and we back our commitments in a number of customer contracts.

∇ For details about NetApp compliance, see NetApp and the GDPR.


California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
We are committed to respecting consumers’ rights and operating in ways designed to comply with the CCPA and its expansion, the CPRA. Our contractual commitments to CCPA compliance are based on whether we are collecting your personal information or acting as a service provider to customers who are collecting personal information. NetApp does not sell or share personal information for the purposes of cross-content behavioral marketing.

∇ For details about NetApp compliance, see NetApp, the CCPA, and the CPRA.

Services

These NetApp information services have been evaluated and verified against the industry standards listed below. For more information about each NetApp compliance offering, click the standard name.

FedRAMP ISO 27001 NIST 800-171 SOC 2 Type I SOC 2 Type II
Azure NetApp Files Microsoft manages compliance for Azure NetApp Files. For information, refer to Microsoft Azure Compliance Offerings.
Cloud Insights
NetApp Cloud Services 1
NetApp Cloud Volumes Service for AWS
NetApp Cloud Volumes for Google Cloud
NetApp Corporate IT Systems & Enterprise Information Security 2
NetApp Managed Services in Americas
NetApp SaaS Backup
Spot by NetApp

1 Cloud Sync, Cloud Tiering, Cloud Manager, and Cloud Central
2 Applicable only to those systems storing controlled unclassified information (CUI).

Hardware

These NetApp hardware products and platforms have been evaluated against the standard listed below. For more information about NetApp’s compliance, click the standard name.

DoDIN APL
AFF A-Series A200, A220, A250, A300, A320, A400, A700, A700s, A800
AFF C-Series C190
AFF8000 AFF8020, AFF8040, AFF8080EX
FAS 500 FAS 500f
FAS2500 2520, 2552, and 2554
FAS2600 2620, 2650
FAS2700 2720, 2750
FAS8000 8020, 8040, 8060, 8080
FAS8200 8200
FAS8300 8300
FAS 8700 8700
FAS9000
9000

Software

These NetApp software products and platforms have been evaluated against the standards listed below. For more information about each NetApp compliance offering, click the standard name.

Common Criteria/ ISO 15408 DoDIN APL
Element Software Element 10.3 and 8, running on SolidFire scale-out storage system
ONTAP Data ONTAP 7-Mode 8.2.1 and 8.2.2; ONTAP 9.5, 9.3, and 9.1 ONTAP 9.8, 9.7, 9.6, 9.3, and 9.1
ONTAP Data Security ONTAP Select 9.5, 9.3, and 9.1
ONTAP Select ONTAP Select 9.8, 9.7, and 9.6
SANtricity Software SANtricity OS 11.50 running on E-Series and EF Series systems
Back To Top