Certifications and Compliance

Commvault software conforms to the following standards:

• Dubai Electronic Security Center (DESC) Certified for Commvault Cloud Software as a Service (SaaS) offering: Cloud Service Provider (CSP) Security Standard

• Commvault's crypto library is FIPS 140-3 certified: Crypto Library 3.0 Certificate #4989

• ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements

• NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9

• NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10

• SOC 2 Type II for Commvault Cloud and managed services

• VPAT 2.5 - WCAG and 508 Compliant: VPAT 2.5 Statement

Center for Internet Security Benchmarks (CIS)

Commvault offers a virtual image that contains the Commvault software and pre-configured system set up to support the Center for Internet Security Benchmarks. The following CommServe image is available in Commvault Store.

Commvault software complies with all the CIS Level 1 Security Controls in CIS Red Hat Enterprise Linux 8 Benchmark v1.0.1.

For more information about the support of various controls, see the following documents:

• Compliance with Level 1 Controls in Apache Tomcat 10 Benchmark v1.1.0

• Commvault Compliance with Level 1 Controls in CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.1.0)

• Commvault Compliance with Level 1 Controls in CIS Microsoft Windows Server 2019 RTM (Release 1809) Benchmark v1.1.0

• Commvault Compliance with Level 1 Controls in CIS Microsoft IIS 10 Benchmark v1.2.1

• Commvault Compliance with Level 1 Controls in CIS Microsoft SQL Server 2016 Benchmark v1.1.0 for the Server Deployed in a Windows Environment

• Commvault Compliance with Level 1 Controls in CIS Microsoft SQL Server 2019 Benchmark v1.2.0 for the Server Deployed in a Windows Environment

• Commvault Compliance with CIS Level 1 Security Controls in CIS Microsoft SQL Server 2019 Benchmark v1.2.0 for the Server Deployed in a Linux Environment

Clinical Image Archiving Conformance Statements

The following conformance statements apply to the Commvault Clinical Image Archiving solution:

• Clinical Image Archiving: DICOM Conformance Statement

• Clinical Image Archiving: HL7 Conformance Statement

• Clinical Image Archiving: IHE Integration Statement

Security Technical Implementation Guide (STIG) Certifications

The following are the STIG certifications for HyperScale Storage Pool and HyperScale X.

• STIG Certification - Scan Results List

• STIG Certification - Scan Results Detailed

• Commvault SEC17(a) Attestation for HyperScale X