Commvault software conforms to the following standards:
FIPS 140-3 pending CMVP review: Cryptographic Module Validation Program CMVP - Modules In Process List
ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9
NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10
SOC 2 Type II for Metallic and managed services
VPAT 2.0 - WCAG and 508 Compliant: VPAT 2.0 Statement
Center for Internet Security Benchmarks: CIS Benchmarks
Commvault offers a virtual image that contains the Commvault software and pre-configured system set up to support the CIS benchmark controls. The following CommServe image is available in Commvault Store.
Image name
Description
CIS L1 Hardened Commserver 11.28
The image configurations are as follows:
Commvault software version: Commvault Platform Release 2022E
Operating system version: Windows Server 2019
SQL server version: Microsoft SQL Server 2019
Web server version: IIS 10
Note: CIS audit reports and Commvault exception documents are available in the C:\CIS_Hardening_Reports directory on the image.
Commvault software complies with all the CIS Level 1 Security Controls in CIS Red Hat Enterprise Linux 8 Benchmark v1.0.1.
For more information about the support of various controls, see the following documents:
The following conformance statements apply to the Commvault Clinical Image Archiving solution:
STIG (Security Technical Implementation Guide) Certification for HyperScale Storage Pool.
Commvault SEC17(a) Attestation for HyperScale X