NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - NetApp Storage Encryption (NSE) running ONTAP 9.7P13

Certificate Date:  2021.09.07

Validation Report Number:  CCEVS-VR-VID11174-2021

Product Type:    Encrypted Storage

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is NetApp Storage Encryption (NSE) running ONTAP 9.7P13, an authorization acquisition product that obtains and maintains authorization data used to access encrypted data stored on a full disk encryption product. It provides authorization data to third party self-encrypting drives (SEDs).

The TOE is provided pre-installed on NetApp disk storage appliances consisting of storage controllers and one or more enclosures of SEDs. It supports third party SEDs that follow either the Trusted Computing Group’s (TCG) Opal or Enterprise standards. Both standards support the use of an authentication key (AK) and one or more data encryption keys (DEK) per drive. The AK is used by a client (client in this case indicating ONTAP, the NetApp operating system) to unlock a drive. Once the drive verifies that the AK is correct, it uses the AK to decrypt the drive’s DEK(s).


Evaluated Configuration

The NetApp appliances included in the evaluated configuration are as follows:

Storage Array

Disk Type

Controller Form Factor

Processor

FAS2620

HDD/SSD

2U/12 internal drives

Intel Xeon D-1528 (Broadwell)

FAS2650

HDD/SSD

2U/24 internal drives

Intel Xeon D-1528 (Broadwell)

FAS2720

HDD/SSD

2U/12 internal drives

Intel Xeon D-1557 (Broadwell)

FAS2750

HDD/SSD

2U/24 internal drives

Intel Xeon D-1557 (Broadwell)

FAS8200 Hybrid Flash

HDD/SSD

3U

Intel Xeon D-1587 (Broadwell)

AFF A200

SSD

2U

Intel Xeon D-1528 (Broadwell)

AFF A220

NVMe Flash

2U/24 internal drives

Intel Xeon D-1557 (Broadwell)

AFF A300

SSD

3U

Intel Xeon D-1587 (Broadwell)

AFF C190

SSD

2U/24 internal drives

Intel Xeon D-1557 (Broadwell)

AFF A800

NVMe Flash

4U/48 internal drives

Intel Xeon Platinum 8160 (Skylake-SP)

AFF A320

SSD

2U

Intel Xeon Silver 4114 (Skylake-SP)

FAS9000

HDD

8U

Intel Xeon E5-2697v4 (Broadwell)

AFF A700

SSD

8U

Intel Xeon E5-2697v4 (Broadwell)

AFF A700s

SSD

4U/24 internal drives

Intel Xeon E5-2697v4 (Broadwell)

FAS8300

HDD

4U

Intel Xeon Silver 4210 (Cascade Lake)

FAS8700

HDD

4U

Intel Xeon Gold 5218 (Cascade Lake)

AFF A400

SSD

4U

Intel Xeon Silver 4210 (Cascade Lake)


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5.The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the NetApp Storage Encryption (NSE) running ONTAP 9.7P13 Security Target. The evaluation was completed in August 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE includes NIST CAVP-validated cryptographic algorithms supporting cryptographic functions. The TOE provides key wrapping, key derivation, and validation of the Border Encryption Value (BEV).

Security Management

The TOE supports management functions for forwarding requests to change the DEK to the SED, forwarding requests to cryptographically erase the DEK to the SED, allowing authorized users to change the authorization factor being used, and initiate TOE software updates using a command line interface.

Protection of the TSF

The TOE provides trusted firmware updates, protects keys and key material, and supports Compliant power saving states. The TOE runs a suite of self-tests during initial start-up (on power on).


Vendor Information


NetApp, Inc.
Tim Chevalier
408-822-6000
Tim.Chevalier@netapp.com

www.netapp.com
Site Map              Contact Us              Home