Commvault software conforms to the following standards:
-
Dubai Electronic Security Center (DESC) Certified for Commvault Cloud Software as a Service (SaaS) offering: Cloud Service Provider (CSP) Security Standard
-
FIPS 140-3 pending CMVP review: Cryptographic Module Validation Program CMVP - Modules In Process List
-
ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
-
NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9
-
NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10
-
SOC 2 Type II for Commvault Cloud and managed services
-
VPAT 2.0 - WCAG and 508 Compliant: VPAT 2.0 Statement
-
Center for Internet Security Benchmarks: CIS Benchmarks
Commvault offers a virtual image that contains the Commvault software and pre-configured system set up to support the CIS benchmark controls. The following CommServe image is available in Commvault Store.
Image name
Description
CIS L1 Hardened Commserver 11.28
The image configurations are as follows:
Commvault software version: Commvault Platform Release 2022E
Operating system version: Windows Server 2019
SQL server version: Microsoft SQL Server 2019
Web server version: IIS 10
Note
CIS audit reports and Commvault exception documents are available in the C:\CIS_Hardening_Reports directory on the image.
Commvault software complies with all the CIS Level 1 Security Controls in CIS Red Hat Enterprise Linux 8 Benchmark v1.0.1.
For more information about the support of various controls, see the following documents:
-
The following conformance statements apply to the Commvault Clinical Image Archiving solution:
-
STIG (Security Technical Implementation Guide) Certification for HyperScale Storage Pool: