Operating in compliance with national and international information security and engineering standards.
A short overview of the security compliance offerings available at NetApp and on NetApp products and services. Offerings are evaluated against different applicable standards based on their classifications as services or products. For more information on each compliance program, click on the standard you wish to learn more about.
Information services are evaluated against a variety of industry standards applicable to services, such as ISO 27001:2013, SOC 2, and NIST 800-171.
|ISO 27001||SOC 2 Type I||SOC 2 Type II||NIST 800-171*|
|NetApp Corporate Information Network||✓||✓|
|Azure NetApp Files||✓||✓||✓|
|Cloud Volumes Service for AWS||✓||✓|
|Cloud Volumes Service for Google Cloud Platform||✓|
Hardware products and platforms are evaluated against approved product lists and standardized capabilities assessments applicable to technology products.
|AFF A-Series||A200, A220, A300, A400, A700, A700s, A800|
|AFF8000||AFF8020, AFF8040, AFF8080EX|
|FAS2500||2520, 2552, and 2554|
|FAS8000||8020, 8040, 8060, 8080|
Software products and platforms are evaluated against approved product lists and standardized capabilities assessments applicable to technology products.
|Common Criteria/ ISO 15408||DoDIN APL|
|Element Software||Element 8 and 10.3, running on SolidFire scale-out storage system|
|ONTAP||Data ONTAP 7-Mode 8.2.1 and 8.2.2, ONTAP 9.1, ONTAP 9.3, ONTAP 9.5||ONTAP 9.7, ONTAP 9.6, ONTAP 9.3, ONTAP 9.1|
|ONTAP Data Security||ONTAP Select 9.1, ONTAP Select 9.3, ONTAP Select 9.5|
|ONTAP Select||ONTAP Select 9.7, ONTAP Select 9.6|
|SANtricity Software||SANtricity OS 11.50 running on E-Series and EF Series systems|