Certifications and Compliance

Commvault software conforms to the following standards:

• FIPS 140-3 pending CMVP review: Cryptographic Module Validation Program CMVP - Modules In Process List

• ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements

• NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9

• NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10

• SOC 2 Type II for Metallic and managed services

• VPAT 2.0 - WCAG and 508 Compliant: VPAT 2.0 Statement

• Center for Internet Security Benchmarks: CIS Benchmarks

  For more information about the support of various controls, see the following documents:

  • Commvault Compliance with Level 1 Controls for Apache Tomcat 9 Benchmark v1.0.0

  • Commvault Compliance with Level 1 Controls for CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.1.0

  • Commvault Compliance with Level 1 Controls for CIS Microsoft IIS 10 Benchmark v1.1.1

  • Commvault Compliance with Level 1 Controls for CIS Microsoft SQL Server 2016 Benchmark v1.1.0

• The following conformance statements apply to the Commvault Clinical Image Archiving solution:

  • Clinical Image Archiving: DICOM Conformance Statement

  • Clinical Image Archiving: HL7 Conformance Statement

  • Clinical Image Archiving: IHE Integration Statement

• STIG (Security Technical Implementation Guide) Certification for HyperScale Storage Pool.

  • STIG Certification - Scan Results List

  • STIG Certification - Scan Results Detailed