NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - NetApp Volume Encryption (NVE) Appliances running ONTAP 9.7P13

Certificate Date:  2021.09.08

Validation Report Number:  CCEVS-VR-VID11175-2021

Product Type:    Encrypted Storage

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201
  collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is NetApp Volume Encryption (NVE) Appliances running ONTAP 9.7P13. The TOE provides both authorization acquisition and encryption engine components in support of full drive encryption. The authorization acquisition component derives a Border Encryption Value (BEV) from an administrator-supplied authorization factor (namely, a passphrase) and provides it to the encryption engine, which uses it to unlock the Drive Encryption Key (DEK) used to encrypt data on disk storage devices.


Evaluated Configuration

The TOE comprises a range of disk storage appliances, consisting of storage controllers and one or more enclosures of disk storage devices, running ONTAP 9.7P13. Supported disk storage devices include hard disk drive (HDD), solid state drive (SSD) and non-volatile memory express (NVMe) flash drives.

The NetApp appliances included in the evaluated configuration are as follows:

Storage Array

Disk Type

Controller Form Factor

Processor

FAS2620

HDD/SSD

2U/12 internal drives

Intel Xeon D-1528 (Broadwell)

FAS2650

HDD/SSD

2U/24 internal drives

Intel Xeon D-1528 (Broadwell)

FAS2720

HDD/SSD

2U/12 internal drives

Intel Xeon D-1557 (Broadwell)

FAS2750

HDD/SSD

2U/24 internal drives

Intel Xeon D-1557 (Broadwell)

FAS8200 Hybrid Flash

HDD/SSD

3U

Intel Xeon D-1587 (Broadwell)

AFF A200

SSD

2U

Intel Xeon D-1528 (Broadwell)

AFF A220

NVMe Flash

2U/24 internal drives

Intel Xeon D-1557 (Broadwell)

AFF A300

SSD

3U

Intel Xeon D-1587 (Broadwell)

AFF C190

SSD

2U/24 internal drives

Intel Xeon D-1557 (Broadwell)

AFF A800

NVMe Flash

4U/48 internal drives

Intel Xeon Platinum 8160 (Skylake-SP)

AFF A320

SSD

2U

Intel Xeon Silver 4114 (Skylake-SP)

FAS9000

HDD

8U

Intel Xeon E5-2697v4 (Broadwell)

AFF A700

SSD

8U

Intel Xeon E5-2697v4 (Broadwell)

AFF A700s

SSD

4U/24 internal drives

Intel Xeon E5-2697v4 (Broadwell)

FAS8300

HDD

4U

Intel Xeon Silver 4210 (Cascade Lake)

FAS8700

HDD

4U

Intel Xeon Gold 5218 (Cascade Lake)

AFF A400

SSD

4U

Intel Xeon Silver 4210 (Cascade Lake)


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the NetApp Volume Encryption (NVE) Appliances running ONTAP 9.7P13 Security Target. The evaluation was completed in August 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE includes NIST CAVP-validated cryptographic algorithms supporting cryptographic functions. The TOE provides key wrapping, key derivation, validation of the Border Encryption Value (BEV), and data encryption.

User Data Protection

The TOE performs full drive encryption, such that the drive contains no plaintext user data. The TOE performs user data encryption by default in the out-of-the-box configuration using 256 bit AES in XTS mode.

Security Management

The TOE supports management functions for changing and erasing the DEK and initiating TOE firmware updates, using a command line interface.

Protection of the TSF

The TOE provides trusted firmware updates, protects keys and key material, and supports Compliant power saving states. The TOE runs a suite of self-tests during initial start-up (on power on).


Vendor Information


NetApp, Inc.
Tim Chevalier
4088226000
Tim.Chevalier@netapp.com

www.netapp.com
Site Map              Contact Us              Home