October 2023
NetApp ONTAP data management software is the first enterprise-class storage solution validated by the Commercial Solutions for Classified (CSfC) Program. It enables enhanced security protection for secret and top-secret data at rest at both the hardware and software layers.
The Commercial Solutions for Classified Program is a key component of the U.S. National Security Agency (NSA) cybersecurity strategy to quickly deliver secure solutions that leverage commercial technologies. According to the NSA, the goal is to give agencies “the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years.”
The CSfC Program validates commercial products that meet the rigorous security requirements for protecting classified secret and top-secret National Security Systems (NSS) data. This validation enables U.S. government agencies, such as the Department of Defense (DoD), or any organization concerned about data security, to incorporate state-of-the-art commercial hardware and software technologies into their data protection and cybersecurity solutions.
NetApp ONTAP data management software is the first enterprise-class storage solution validated by the Commercial Solutions for Classified Program. Its robust encryption technologies enable protection for data at rest at both the software layer (with NetApp Volume Encryption [ NVE]) and the hardware layer (with NetApp Storage Encryption [NSE]). This provides dual-layer encryption technologies that are eligible as CSfC components of a composed, layered solution. As a result, NetApp ONTAP is validated to be capable of hosting secret and top-secret data.
As part of the CSfC program, the NSA has developed a set of capability packages that give organizations specific product configurations needed to create an architecture that satisfies their operational requirements. ONTAP was validated using the CSfC Data-at-Rest Capability Package, which defines exactly how a data-at-rest solution should use encryption to protect data.
NVE uses a FIPS 140 validated cryptomodule to perform encryption and decryption. NSE is configured to use FIPS 140 Level 2 self-encrypting drives. By enabling data-at-rest protection through AES 256-bit transparent disk encryption, NSE facilitates compliance and failed or spare drive return. NetApp ONTAP data management software is Protection Profile compliant for Full Drive Encryption when used with NSE drives.
Typical CSfC clients are National Security Systems stakeholders, such as DOD and intelligence agencies, but the use of CSfC-validated solutions is not limited to federal agencies. Because ONTAP has achieved CSfC validation, it’s capable of storing secret and top-secret data for the most security-conscious organizations. Any organization that employs a NetApp ONTAP CSfC solution can achieve robust data protection with dual-layer encryption and maintain a secure posture independent of physical media.
ONTAP 9.10.1P14, 9.10.1P7, and 9.7P13
ONTAP data management software is validated in the United States by the National Information Assurance Partnership (NIAP) and is listed on the NSA CSfC Program Components List Index.