Sign in to my dashboard Create an account

Overview: NetApp compliance offerings

September 2023

No single standard or set of controls apply to all possible scenarios. Compliance programs vary in accordance with the type and nature of the solution that is managed under specific controls related to a given compliance program. NetApp organizes its compliance offerings by services, hardware, and software.

FIPS 140
NetApp is committed to the strong security practices included in the FIPS 140 standard. We have met and will continue to meet these requirements in 140-2, 140-3, and beyond.

∇ For details about NetApp compliance, see FIPS 140.

General Data Protection Regulation (GDPR)
NetApp maintains a comprehensive GDPR strategy. Whether you are a data controller or data processor, NetApp products and services offer the tools necessary to implement programs that support your compliance with the GDPR, and we back our commitments in a number of customer contracts.

∇ For details about NetApp compliance, see NetApp and the GDPR.

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
We are committed to respecting consumers’ rights and operating in ways designed to comply with the CCPA and its expansion, the CPRA. Our contractual commitments to CCPA compliance are based on whether we are collecting your personal information or acting as a service provider to customers who are collecting personal information. NetApp does not sell or share personal information for the purposes of cross-content behavioral marketing.

∇ For details about NetApp compliance, see NetApp and the CCPA.


These NetApp information services have been evaluated and verified against the industry standards listed below. For more information about each NetApp compliance offering, click the standard name.

DoD CC SRG IL 2,4,& 5 FedRAMP ISO/IEC 27001 NIST 800-171 PCI-DSS SOC 2 Type I SOC 2 Type II
Amazon FSx for NetApp ONTAP1
Astra Service

Azure NetApp Files2

BlueXP (formerly Cloud Manager Platform)3


Cloud Insights

Cloud Volumes Service for AWS

Cloud Volumes Service for GCP

Corporate IT Systems

Instaclustr by NetApp

Managed Services in India

NetApp Managed Services in the Americas

SaaS Backup5

Spot by NetApp

Spot PC

Virtual Desktop Service and Virtual Desktop Managed Service

1 Amazon Web Services (AWS) manages compliance for Amazon FSx for NetApp ONTAP. For information, refer to AWS Services in Scope by Compliance Program.

2 Microsoft manages compliance for Azure NetApp Files. For information, refer to Microsoft Azure Compliance Offerings (pages 66 and 76).

App Template, Backup for Kubernetes, Cloud Backup, Cloud Data Sense, Cloud Manager, Cloud Sync, and Cloud Tiering

4 Applicable only to those systems storing controlled unclassified information (CUI).

5 SaaS Backup is no longer available to new customers as of March 16, 2022. While the service continues to operate under the controls outlined in the last available ISO/IEC 27001 certifications and SOC 2 reports, NetApp is no longer supporting ongoing certification of this service so new certifications and reports will not be available.


These NetApp hardware products have been evaluated against DoDIN APL requirements. (For details about NetApp compliance, see DoDIN APL.)

All-Flash SAN (Storage Area Network) Array (ASA)

  • ASA A900 
  • ASA A800 
  • ASA A400 
  • ASA A250 
  • ASA A150 
  • ASA AFF A700

All Flash FAS (AFF)

  • AFF A-Series: A900, A800, A700s, A700, A400, A320, A300, A250, A220, A200, A150, C190 
  • AFF C-Series: C800, C400, C250
  • AFF 8000: 8080 EX, AFF8060, AFF8040, AFF8020 

Fabric Attached Storage (FAS)

  • FAS 500: 500f
  • FAS2500: 2554, 2552, 2520
  • FAS2600: 2650, 2620
  • FAS2700: 2750, 2720
  • FAS2800: 2820
  • FAS8000: 8080 EX, 8060, 8040, 8020
  • FAS8200
  • FAS8300
  • FAS8700
  • FAS9000: 9500, 9000 


These NetApp software products and platforms have been evaluated against the standards listed below. For more information about each NetApp compliance offering, click the standard name.

Commercial Solutions for Classified (CSfC) Program Common Criteria/ ISO 15408 DoDIN APL NF203
Element Software Element 12.2 and 10.3 running on SolidFire scale-out storage system
ONTAP 9.10.1P7 and 9.7P13 9.10.1P7, 9.7P13, 9.51, 9.31, and 9.11 9.13, 9.12, 9.11, 9.8, 9.7, 9.6, 9.31, and 9.11
ONTAP Select 9.51, 9.31, and 9.11 9.13, 9.12, 9.11, 9.8, 9.7, 9.6, 9.31, and 9.11
SANtricity Software SANtricity OS 11.70 and 11.50 running on E-Series and EF Series systems
NetApp StorageGRID StorageGRID 11.5 StorageGRID 11.6 and 11.5

NetApp is no longer supporting this product or continuing its certification. Customers who require this certification should contact their account representative to ensure this product meets their compliance requirements.
Back To Top
Drift chat loading