NetApp ONTAP Achieves Validation from NSA for Security and Encryption

NetApp, a global, cloud-led, data-centric software company, has announced that NetApp ONTAP, an enterprise storage and data management platform, has achieved Commercial Solutions for Classified (CSfC) validation for a data-at-rest (DAR) capability package. With this, organizations across the globe can benefit from NetApp ONTAP’s security capabilities to protect customers’ information on-prem and in remote locations from foreign actors, ransomware attacks or other data loss threats they may face.

A cybersecurity program led by the U.S. National Security Agency (NSA), CSfC is a key component of the organization’s commercial cybersecurity strategy. CSfC validates commercial IT products that have met the highest level of strict encryption standards and rigorous security requirements for both hardware and software solutions. Recently, the NSA has recommended that federal agencies hosting secret or top-secret data utilize storage solutions that have been CSfC validated.

Companies are facing more threats to their data and ultimately their business than ever before. According to Accenture’s State of Cybersecurity Resilience 2021 report, there were on average 270 attacks per company in 2021, a 31% increase from 2020. Additionally, 81% of chief information security officer (CISO) respondents said that “staying ahead of attackers is a constant battle and the cost is unsustainable.”

According to NetApp, with this CSfC validation, organizations can expect NetApp ONTAP to:

  • Allow agencies and enterprises to natively store top secret data, confidently and reliably
  • Save time by making it easier to buy pre-approved solutions, reducing audits and limiting the processes required to move or store data securely
  • Offer cost savings via reduced monitoring, lowering physical data transport and logistics costs, and providing the cost optimal solution for storing data
  • Protect data at both hardware and the software layer for enhanced cyber-resilient data-centric security—a key component to zero-trust security architectures

NetApp has been in the data protection business for nearly 30 years and is a data storage and management supplier to federal government, delivering storage innovation and data solutions, including data encryption, both in-flight and at rest, compliance, and protection. The latest release of ONTAP enables enterprises to use machine learning to protect against cyber-attacks with integrated preemptive detection and accelerated data recovery.

“Organizations today know that data security is paramount, whether they operate in the public or private sector,” said Michelle Rudnicki, vice president, U.S. public sector. at NetApp. “With NetApp’s world-class data security capabilities and this CSfC validation, government organizations as well as companies in highly regulated industries like financial services, healthcare, energy or any organization with valuable intellectual property can be reassured that their most sensitive data is secure with NetApp ONTAP.”

For more information, go to