September 2023
Certification of NetApp products to the DoDIN APL means that U.S. defense agencies can use them with confidence and provides valuable assurances to customers supporting the defense industrial base.
September 2023
Certification of NetApp products to the DoDIN APL means that U.S. defense agencies can use them with confidence and provides valuable assurances to customers supporting the defense industrial base.
The U.S. Department of Defense Information Network Approved Products List (DoDIN APL) is the master list of products that have completed cybersecurity and interoperability certification and are approved for deployment in the DoD’s technology infrastructure. Departments and agencies in the DoD may be required to purchase products on this list to meet procurement requirements for products that will be connected to the DoDIN.
The U.S. Defense Information Systems Agency (DISA) manages the rigorous security and interoperability process to test and certify products in accordance with DoD Instruction 8100.04. A sponsoring DoD agency works with vendors who submit documentation that includes a system description and a component list; a response to a DoD Security Technical Implementation Guide (STIG) questionnaire, which define the required cybersecurity configuration standards; and a Letter of Compliance (LOC). The LOC includes self-attestations such as conformance to IPv6 requirements for products used to send, receive, or support voice, video, or data across DoD networks.
After document review, DISA determines which STIGs to apply and audits the product at one of its testing facilities. When the DISA evaluator determines that the DoD STIG and interoperability requirements have been met, the product receives its certification for placement on the DoDIN APL. The certification initially lasts for up to 3 years with an option to extend another 3 years before recertification is required.
Continuing a tradition dating back to 2005, when NetApp ONTAP was first certified, NetApp continues to submit updates for DISA review. For the current certification, NetApp submitted the required documentation to DISA following the steps outlined in the section above. Based on its audit, DISA determined that in-scope NetApp products satisfied the requirements and placed them on the APL. This means that U.S. defense agencies can choose these compliant NetApp products with confidence, assured of their stringent security processes.
The following hardware platforms, software versions, and virtual platforms are covered under the DoDIN APL.
Not all software versions run on all hardware platforms. If you have a NetApp support account, refer to Hardware Universe for compatibility listings.
The DISA DoDIN APL approval memos below include a history of certification changes and links to additional details:
* NetApp is no longer supporting this product or continuing its certification for DoDIN APL. Customers who require this certification should contact their account representative to ensure this product meets their compliance requirements.
U.S. government civilians or U.S. uniformed military personnel can request a copy of the CAP through email. Requests must be received from a .mil or .gov email address and be sent with a digital PKI signature attached.
To request a copy, on the DoDIN Approved Products List, choose NetApp from the Vendor list. Click Search APL, and under FAQs (the result returned), click Request CAP to create the email message.