Commvault software conforms to the following standards:
FIPS 140-3 pending CMVP review: Cryptographic Module Validation Program CMVP - Modules In Process List
ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9
NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10
SOC 2 Type II for Metallic and managed services
VPAT 2.0 - WCAG and 508 Compliant: VPAT 2.0 Statement
Center for Internet Security Benchmarks: CIS Benchmarks
Commvault offers a virtual image that contains the Commvault software and pre-configured system set up to support the CIS benchmark controls. The following CommServe image is available in Commvault Store.
CIS L1 Hardened Commserver 11.28
The image configurations are as follows:
Commvault software version: Commvault Platform Release 2022E
Operating system version: Windows Server 2019
SQL server version: Microsoft SQL Server 2019
Web server version: IIS 10
Note: CIS audit reports and Commvault exception documents are available in the C:\CIS_Hardening_Reports directory on the image.
Commvault software complies with all the CIS Level 1 Security Controls in CIS Red Hat Enterprise Linux 8 Benchmark v1.0.1.
For more information about the support of various controls, see the following documents:
The following conformance statements apply to the Commvault Clinical Image Archiving solution:
STIG (Security Technical Implementation Guide) Certification for HyperScale Storage Pool.
Commvault SEC17(a) Attestation for HyperScale X