August 2024
Certification of NetApp products to the DoDIN APL means that U.S. defense agencies can use them with confidence and provides valuable assurances to customers supporting the defense industrial base.
U.S. Department of Defense Information Network (DoDIN) Approved Products List (APL)
About the DoDIN APL
The U.S. Department of Defense Information Network Approved Products List (DoDIN APL) is the master list of products that have completed cybersecurity and interoperability certification and are approved for deployment in the DoD’s technology infrastructure. Departments and agencies in the DoD may be required to purchase products on this list to meet procurement requirements for products that will be connected to the DoDIN.
The U.S. Defense Information Systems Agency (DISA) manages the rigorous security and interoperability process to test and certify products in accordance with DoD Instruction 8100.04. A sponsoring DoD agency works with vendors who submit documentation that includes a system description and a component list; a response to a DoD Security Technical Implementation Guide (STIG) questionnaire, which define the required cybersecurity configuration standards; and a Letter of Compliance (LOC). The LOC includes self-attestations such as conformance to IPv6 requirements for products used to send, receive, or support voice, video, or data across DoD networks.
After document review, DISA determines which STIGs to apply and audits the product at one of its testing facilities. When the DISA evaluator determines that the DoD STIG and interoperability requirements have been met, the product receives its certification for placement on the DoDIN APL. The certification initially lasts for up to 3 years with an option to extend another 3 years before recertification is required.
NetApp and the DoDIN APL
Continuing a tradition dating back to 2005, when NetApp ONTAP was first certified, NetApp continues to submit updates for DISA review. For the current certification, NetApp submitted the required documentation to DISA following the steps outlined in the section above. Based on its audit, DISA determined that in-scope NetApp products satisfied the requirements and placed them on the APL. This means that U.S. defense agencies can choose these compliant NetApp products with confidence, assured of their stringent security processes.
NetApp in-scope products
The following hardware platforms, software versions, and virtual platforms are covered under the DoDIN APL.
Hardware platforms
- Fabric Attached Storage (FAS): FAS9500, FAS9000, FAS8700, FAS8300, FAS8200, FAS500f, FAS 2820, FAS2750, FAS2720, FAS2650, and FAS2620
- All Flash FAS (AFF): AFF C800, AFF C400, AFF C250, AFF C190, AFF A900, AFF A90, AFF A800, AFF A700s, AFF A700, AFF A70, AFF A400, AFF A320, AFF A300, AFF A250, AFF A220, AFF A200, AFF A1K, AFF A150, AFF8080 EX, AFF8060, AFF8040, AFF8020
- All-Flash SAN (Storage Area Network) Array (ASA): ASA C800, ASA C400, ASA C250, ASA AFF A800, ASA AFF A700, ASA AFF A400, ASA AFF A250, ASA AFF A220, ASA A900, ASA A800, ASA A400, ASA A250, and ASA A150
Software versions
Not all software versions run on all hardware platforms. If you have a NetApp support account, refer to Hardware Universe for compatibility listings.
- ONTAP 9.15, 9.14, 9.13, 9.12, 9.11, 9.8, 9.7, and 9.6
Virtual platforms
- ONTAP Select 9.15, 9.14, 9.13, 9.12, 9.11, 9.8, 9.7, and 9.6
Audits, reports, and certificates
Certifications
The DISA DoDIN APL approval memos below include a history of certification changes and links to additional details:
Cybersecurity Assessment Package (CAP)
U.S. government civilians or U.S. uniformed military personnel can request a copy of the CAP through email. Requests must be received from a .mil or .gov email address and be sent with a digital PKI signature attached.
To request a copy, on the DoDIN Approved Products List, choose NetApp from the Vendor list. Click Search APL, and under FAQs (the result returned), click Request CAP to create the email message.
