Certifications and Compliance

Commvault software conforms to the following standards:

Dubai Electronic Security Center (DESC) Certified for Commvault Cloud Software as a Service (SaaS) offering: Cloud Service Provider (CSP) Security Standard
Commvault's crypto library is FIPS 140-3 certified: Crypto Library 3.0 Certificate #4989
ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9
NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10
SOC 2 Type II for Commvault Cloud and managed services
VPAT 2.5 - WCAG and 508 Compliant: VPAT 2.5 Statement

Center for Internet Security Benchmarks (CIS)

Commvault offers a virtual image that contains the Commvault software and pre-configured system set up to support the Center for Internet Security Benchmarks. The following CommServe image is available in Commvault Store.

Image Name	Description
CIS L1 Hardened Commserver	The image configurations are as follows: Commvault software version: Commvault Platform Release 2022E Operating system version: Windows Server 2019 SQL server version: Microsoft SQL Server 2019 Web server version: IIS 10 The OVA includes pre-installed CommServe, MediaAgent, and Virtual server with a trial license.

Image Name

Description

CIS L1 Hardened Commserver

The image configurations are as follows:

Commvault software version: Commvault Platform Release 2022E

Operating system version: Windows Server 2019

SQL server version: Microsoft SQL Server 2019

Web server version: IIS 10

The OVA includes pre-installed CommServe, MediaAgent, and Virtual server with a trial license.

Note

CIS audit reports and Commvault exception documents are available in the following directory on the image:

For Windows: C:CIS_Hardening
For Linux: /opt/commvault/CIS_Hardening

Commvault software complies with all the CIS Level 1 Security Controls in CIS Red Hat Enterprise Linux 8 Benchmark v1.0.1.

For more information about the support of various controls, see the following documents:

Clinical Image Archiving Conformance Statements

The following conformance statements apply to the Commvault Clinical Image Archiving solution:

Security Technical Implementation Guide (STIG) Certifications

The following are the STIG certifications for HyperScale Storage Pool and HyperScale X.