FIPS 140-2 Product Status
FIPS 140-2 Federal Information Processing Standard 140-2 (FIPS 140-2) validation is important to any vendor selling cryptography to the Federal market space. If your IT product utilizes any form of encryption, it will likely require validation against the FIPS 140-2 criteria by the Cryptographic Module Validation Program (CMVP) run jointly by the National Institute of Standards and Technology (NIST), in the United States and Communications Security Establishment (CSE) in Canada before it can be sold and installed in a Federal agency or DoD facility. FIPS 140-2 describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the NIST, has been adopted by the CSE, and is jointly administered by these bodies under the umbrella of the CMVP. The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. Please refer here for additional information regarding FIPS 140-2 requirements, including NIST links. Veritas Validated Products List Listed below are the Veritas products with a status as to whether a listed product is: FIPS 140-2 validated Product uses an existing encryption module (Veritas or 3rd party) and has gone through a "private label" validation process Compliant Product uses an existing validated 3rd party module, but has not explicitly obtained a private validation from NIST N/A Product does not contain an encryption module Not at this time Product has an encryption module but is not FIPS 140-2 validated at this time This snapshot in time below involves an in flux product line so there are no guarantees as to accuracy, but we try to keep this updated with the current status/FIPS 140-2 status per products. Veritas does not certify that all its software and hardware products, services or appliance solutions are compliant or validated per FIPS 140-2 requirements. For questions regarding FIPS 140-2 statuses/content herein or to note an updated FIPS product status, please contact xyz@veritas.com. VERITAS PRODUCT NAME STATUS HAS ENCRYPTION MODULE ENCRYPTION MODULE TYPE APPLICATIONHA 6.1 Not at this time Yes OpenSSL BACKUP EXEC 2014 FIPS Compliant Yes OpenSSL version 0.9.8y CLEARWELL Not at this time Yes MS CAPI (Microsoft Crypto API) CLUSTER SERVER 6.1 S64 LINUX FIPS Validated Yes OpenSSL CLUSTER SERVER 6.1 UNIX FIPS Validated Yes OpenSSL CLUSTER SERVER 6.1 WINDOWS Not at this time Yes OpenSSL CLUSTER SERVER HA/DR 6.1 S64 LINUX FIPS Validated Yes OpenSSL CLUSTER SERVER HA/DR 6.1 UNIX FIPS Validated Yes OpenSSL CLUSTER SERVER HA/DR 6.1 WINDOWS Not at this time Yes OpenSSL DATA INSIGHT 4.5 Not at this time Yes DISASTER RECOVERY ADVISOR 6.3 N/A No Veritas does not own source code ENTERPRISE VAULT 11.0 FIPS Validated Yes Veritas Enterprise Vault Cryptographic Module (Software Version: 1.0) NETBACKUP 7.6 BIOMNI FRONT OFFICE COMPLETE Not at this time Yes NETBACKUP 7.6 CROSS PLATFORM In Progress Yes OpenSSL 1.0.1 NETBACKUP 7.6 UNIX In Progress Yes OpenSSL 1.0.1 NETBACKUP 7.6 WIN/LNX/SOL X64 In Progress Yes OpenSSL 1.0.1 STORAGE FOUNDATION 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA/DR 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA/DR 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL Return to Global Certification Management Program Office. Return to the Customer Trust Portal.2.8KViews3likes1CommentHow to use Symantec Scan Engine 5.2 content scanning technologies for direct integration with your applications or devices
One of the "best hidden secrets" in Symantes's portfolio is likely the Symantec Scan Engine. This product emerged many years ago from our integration work with large Internet carriers to provide a high-scalable, high-performance antivirus scan engine, that was easy to integrate into any kind of third party application and devices.35KViews11likes126CommentsHow to Create a Video
No matter what type of content you want to post on Symantec Connect, you use the Create Content feature and complete the same basic steps. For some types of content—such as videos—you must complete a few extra steps, but as you will see, the intuitive Symantec Connect interface guides you through the process.5.1KViews0likes1CommentFederal Service for Technical and Export Control (FSTEK)
The Federal Service for Technical and Export Control (FSTEK) certification is required in order to sell information security systems in Russia. The regulations covering these requirements were introduced by the Russian government in July 2011. The Russian government introduced these requirements to ensure that establishments handling personal/confidential/government data are compliant with data security norms and regulations (FZ 152). The regulations detail the security requirements with which information security systems which process personal/confidential/government data need to comply. Compliance with the requirements is affirmed by a certificate granted by the Russian Government (Order of FSTEC #17, #31 and #21). For additional information, please refer to: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty-po-sertifikatsii/153-sistema-sertifikatsii/591-gosudarstvennyj-reestr-sertifitsirovannykh-sredstv-zashchity-informatsii-n-ross-ru-0001-01bi00 Veritas Product FSTEK Certificates Backup Exec 2012 TU + NDF NetBackup 7 TU + NDF Return to Global Certification Management Program Office. Return to the Customer Trust Portal.1.8KViews1like0Comments- 1.7KViews0likes0Comments
Federal Identity, Credential and Access Management - FICAM
Federal Identity, Credential and Access Management (FICAM) Trust Framework Solutions (TFS) The FICAM TFS (http://idmanagement.gov/trust-framework-solutions)is the federated identity framework for the U.S. Federal Government. It includes guidance, processes, and supporting infrastructure to enable secure and streamlined citizen and business facing online service delivery. The following Norton Secure Login (NSL) and Managed Public Key Infrastructure (MPKI) certification packages are applicable to the FICAM program run by GSA. Refer to http://idmanagement.gov/approved-identity-servicesfor a list of approved identity providers. Voluntary Product Accessibility Template - NSL Authority to Offer Services for FICAM TFS Approved Identity Services MPKI Security Accreditation Decision Letter(Valid until July 2016) For additional information, please contact Adam_Madlin@symantec.com. Return to Global Certification Management Program Office. Return to the Customer Trust Portal.1.4KViews0likes0Comments- 1KViews0likes0Comments
Global Certification Management Program Office
Symantec's Global Certification Management Program Office As part of the Symantec CTO Organization/Security Technology and Response (STaR) Department,a key responsibility is to oversee, maintain, and enhance through best practices employed our Symantec centralized certification management program globally. Our global staff of certification professionals actively promotes awareness of global certification best practices and provides overarching guidance and support to our product teams to walk them through the necessary business and technical channels to obtaining and maintaining Symantec product certifications. Please emailcertification supportfor further assistance. Veritas Certifications Federal Information Processing Standard Publication 140-2 (FIPS 140-2) Federal Service for Technical and Export Control (FSTEK) UK Cyber Essentials Return to the Customer Trust Portal1.3KViews0likes0CommentsHow to Add an Image to a Connect Post
If you've ever tried to add an image to a post on Connect you know it can be frustrating if you are forced to muddle through on your own. This article is meant to guide you through the process and, hopefully, make it a little easier. If you've ever inserted an image into the body of a gmail message then this will look a little familiar to you. So settle in and follow along.888Views8likes2Comments- 1.3KViews0likes0Comments
Corporate Responsibility in a Connected World
Symantec protects the world’s people and information by conducting our business with a commitment to ethical operation, promoting a diverse and inclusive workplace, practicing sound environmental management and investing in positive social impact around the globe. Our corporate responsibility platform is organized into three pillars: Our People, Your Information, and The World. We welcome your feedback on our progress and on the challenges we still face. Symantec's Corporate Responsibility home page Letter from the CEO 2014 Corporate Responsibility Report Supply chain responsibility FAQ's to Customer Social Responsibility Surveys Corporate Responsibility in Action Blog This blog highlights how Symantec is implementing environmental, social and ethical principles throughout its business practices. Recent posts include: [connect_recent_blog_posts:6281] Return to the Customer Trust Portal912Views1like0CommentsCustomer Social Responsibility FAQs
Symantec protects the world's people and information by conducting our business with a committment to ethical operation, promoting a diverse and inclusive workplace, practicing sound environmental management and investing in positive social impact around the globe. We've published the answers to some of our most frequently asked questions related to Corporate Responsibility below, but if your concern is not addressed here, please contact us at CR@symantec.com. General Corporate Responsibility (CR) Governance Human Rights Environment Supply Chain Community Investment Contact General Corporate Responsibility (CR) Q: Where can I find answers to questions about Symantec’s Corporate Responsibility and sustainability efforts? A: You can find specifics by topic at our website or in our latest 2014 Corporate Responsibility Report downloadable on our CR website. Q: Are there training and development programs to support the integration of corporate responsibility within your company? A: Yes. Q: Does your company involve stakeholders in shaping its views and responses on corporate responsibility? A: Yes, details are available on our stakeholder engagement website. Q: Do you set annual corporate responsibility targets? A: Yes, goals are available on page 8 of our 2014 Corporate Responsibility Report. Q: Do you report publicly on your full corporate responsibility performance? A: Yes, we report our CR performance in our 2014 Corporate Responsibility Report. Q: Is your corporate responsibility-related data externally assured? A: No, not fully. Our greenhouse gas emissions and water data are externally assured. Q: Do you monitor corporate responsibility compliance? A: Yes. Governance Q: Do you have a Board-level individual with named responsibility for corporate responsibility issues? A: Yes. The Nominating & Governance Committee of Symantec’s Board of Directors has oversight over corporate responsibility. Q: Does your company have its own Code of Conduct? A: Yes, Code of Conduct is available on our website. Q: Will Symantec sign up to our company’s corporate responsibility or environmental codes of conduct? A: No, Symantec has its own Code of Conduct in place which includes corporate responsibility issues such as global citizenship, human rights, respect for the environment, diversity and inclusion, and fair employment practices. In addition, Symantec has a Global Supply Chain Manufacturing and Fulfillment Code of Conduct and separate conflict minerals, human rights and environmental policies. Therefore, we are not able to promise compliance to customer’s specific codes of conduct. Human Rights Q: Has your company joined the United Nations Global Compact? (To learn more about the United Nations Global Compact please go to https://www.unglobalcompact.org/) A: Yes, we are signatories to the United Nations Global Compact and members of the Lead Initiative. Q: Does your company have a human rights policy? A: Yes, our human rights policy is available on our website. Q: Have you conducted any internal activities or trainings on the Guiding Principles on Business and Human Rights? A: Yes, we have conducted targeted training within the company. Q: Have you conducted any external activities or trainings on the Guiding Principles on Business and Human Rights? A: Yes, we have participated in external meetings on the UN Guiding Principles. Q: Do you obtain information on the number of contract workers in your company and supply chain? A: Yes. Environment Q: Do you have an environmental policy? A: Yes, Symantec’s environmental policy is available on the corporate responsibility website. Q: Do you have an Environmental Management System (EMS) or systems in place to manage your environmental issues? A: Yes, a copy is available upon request by emailing cr@symantec.com Q: Do you have a company-wide Environmental policy? A: Yes. Q: Does your company have a documented system for the handling and disposal of hazardous waste? A:Yes. Q: Do you address environmental issues in your supply chain? A: Yes, this is managed through our environmental management system. Q: Do you incorporate environmental risks within your company risk management processes? A: Yes. Q: Does your company externally report on your environmental performance? A: Yes, see our latest corporate responsibility report: www.symantec.com/cr Q: Does your company externally report on your full C02 emissions through the Greenhouse Gas (GHG) Scopes? A: Yes, see our latest corporate responsibility report: www.symantec.com/cr Q: Does your company conduct formal environmental audits of your facilities? A: No. Q: Has your company incurred any fines and/or prosecutions for environmental issues, including prohibition notices for no compliance to an environmental permit or a breach of an environmental regulation, over the past 24 months? A: No. Q: Does your organization hold ISO 14001 certification? A: Yes, but only the Dublin, Ireland site only. A copy of the certificate is available upon request by emailing cr@symantec.com. Q: Does your organization have any external environmental certification? A: Yes, copies of LEED certificates are available upon request by emailing cr@symantec.com. Q: Please indicate if your company has publicly set reduction targets on greenhouse gas? A: No, but we intend to. Q: Please indicate if your company has publicly set reduction targets on solid waste? A: No. Q: Please indicate if your company has publicly set reduction targets on water usage? A: No, but we did complete the Carbon Disclosure Project Water Questionnaire. Q: What percentage of your company's current overall energy consumption comes from renewable sources? A: 0% Renewable Resources. Renewables in grid electricity are not reflected in this percentage. Q: Does your company implement measures to ensure that product distribution and transport emissions are minimized? A: Yes. Q: Is any of the following found in your product supplied to companies, and if so, please indicate your level of traceability and risk assessment: Q: Please provide the total water usage in cubic meters for your company operations within this calendar year. Indicate in the comments box if any of the data was estimated. A: We reported 350.75 ML for FY14 (in the CDP water questionnaire and verification statement)—only actual data, no estimation, only for sites where metered water data was available. 1 ML=1000 cubic meters so 350.75 ML=350,750 cubic meters. Q: Do you have procedures in place to address the following issues:(The term "child" refers to a person younger than 15 - or 14 where local law allows - or, if higher, the local legal minimum age for employment or the age for completing compulsory education) Supply Chain Q: Does your company have its own Supplier Code of Conduct? A: Yes, Global Supply Chain Manufacturing and Fulfillment Code of Conduct is available on our website. Q: Does your company have a conflict minerals policy? A: Yes, our conflict minerals policy is available on our website. Q: Does your company have its own diversity statement and/or stated diversity policy? A: Yes, see this is available on our diversity and inclusion website. Q: Does your company have its own supplier diversity statement and/or stated supplier diversity policy? A: Yes, a copy is available on our supplier diversity website. Community Investment Q: Does your company have a community program? A: Yes, we make a positive impact on society through volunteering and giving in our local and global communities through employee and corporate engagement and details are available on our community investment website. Contact Information Q: Who can I contact if I have further corporate responsibility questions? A: Please email cr@symantec.com. Return to Corporate Responsibility Return to the Customer Trust Portal1.5KViews0likes0CommentsFrequently Requested Information
This page contains our most frequently requested public facing documentation. Users that have accepted our Non-Disclosure Agreement (NDA) may access confidential data such as ISO/IEC 27001 certifications, SOC reports and evidence of insurance on our Security Certifications page. Business Continuity Management Program Veritas' Business Continuity Management Program is a key component of our business model. The principle focus of the BCM Program is to identify actual and potential risks to business function resilience; mitigate those risks by ensuring respective business functions design, document and exervise business continuity strategies, then faciliate the execution of those strategies if these is a disruption to critical Veritas functions, while maintaining our ability to deliver services to our customers. VeritasBusiness Continuity Management Program Summary Code of Conduct The Veritas Code of Conduct aligns our business practices with our values. Veritas is committed to conducting its business in an ethical and lawful manner. The reputation of Veritas is a valuable business asset, and ethical and legal conduct at all levels of our business is essential for our continued success. Corporate Responsibility Veritas considers the protection of information central to corporate responsibility in this digital age. We conduct our business with a commitment to ethical operation, sound environmental management, and positive societal impact. Incident Response Plan Summary Veritas' Incident Response Plan defines and implements an operational framework including the processes, skills, and tools necessary for Veritas to timely detect, contain, investigate and report on cyber security incidents potentially impacting Veritas systems, networks, and data, including customer, partner or supplier information in Veritas' possession.The development and implementation of this forward-looking plan supports Veritas' ultimate mission to its customers, partners, shareholders and employees as a trusted leader in information security risk management. Veritas Incident Response Plan Summary Information Security Policy Veritas is committed to the protection of the company's information technology, brand, intellectual property, personal information and customer data from misuse or compromise. This customer facing policy defines how Veritas protects its assets and reputation from threats associated with misuse or compromise of information/data. This includes whether the threat is internal or external, deliberate or accidental in nature. Veritas Information Security Policy Internal Control Over Financial Reporting (Sarbanes-Oxley (SOX)) Program A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles (GAAP).While Veritas maintains effective internal control over financial reporting, as a privately held entity, Veritas does notreport these results externally to the Security Exchange Commission (SEC). Pandemic/Infectious Disease Program Veritas recognizes that a pandemic or infectious illness outbreak would pose a significant health risk to employees and could lead to the interruption of business. Veritas has been engaging in pandemic planning activities since early 2005 (as part of Symantec Corporation)and initiated the Pandemic Preparedness Program with a global team comprised of key business group leaders knowledgeable in company operations to address these risks and respond to the consequences of a pandemic/infectious outbreak. Veritas Pandemic/Infectious Disease Program Summary Payment Card Industry (PCI) Attestation of Compliance The PCI Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process including prevention, detection and appropriate reaction to security incidents.Veritas meets the criteria for a Level4 Merchant. Privacy Statement Veritas' Privacy Statement describes the types of information we collect via Veritas' web sites, how we may use that information and with whom we may share it. Our Privacy Statement also describes the measures we take to protect the security of the information. We also tell you how you may contact us to update your information, remove your name from our mailing lists or get answers to questions you may have about our privacy practices at Veritas. Return to the Customer Trust Portal1.3KViews2likes0CommentsTech Exchange Presentation: Providing High Availability and Disaster Recovery for Complex Applications
In today’s increasingly complex datacenter environment, providing automated high availability and disaster recovery is a major challenge. If you have a manual recovery plan, your company's operations are in your hands when a outages occur.724Views0likes2CommentsTech Exchange Presentation: Mobile Protection
Managing mobile devices is all about protecting mobile data in all of the various places it is transmitted, stored and viewed. Unlike traditional PCs, mobile devices naturally communicate over channels that companies have no control over, and several additional operating systems have been introduced in the last few years.484Views2likes1CommentHow to split your solution
As a result of numerous requests from users, a new feature has been introduced to Symantec Connect to allow users to mark multiple answers as the solution. Previously, users can only mark one answer as the solution. To split the solution among a number of answers, do the following 1) Click on the Request Split Solution link.1.6KViews1like2CommentsTech Exchange Presentation: Modern Approaches to the Backup and Recovery of Virtual Machines
Attend this session to understand why virtual-only backup tools only give you half the picture and why a backup client in a VM is not optimized for business-critical applications. See why Symantec Backup Exec and NetBackup backup more VMs than anyone in the market by providing deep integration with both VMware and Hyper-V.316Views0likes0CommentsTech Exchange Presentation: Protecting Virtual Environments Efficiently and Effectively
Securing a virtual environment has traditionally come at the cost of performance or virtualization density. Symantec and VMware have built integrations across Symantec Endpoint Protection and Symantec Critical System Protection to optimally secure virtual desktops and servers.290Views0likes0CommentsTech Exchange Presentation: How to Achieve Database Availability and Data Center Agility
In today’s increasingly complex datacenter environment, providing automated high availability and disaster recovery is a major challenge. If you have a manual recovery plan, your company's operations are in your hands when a outages occur.296Views0likes0CommentsTech Exchange Presentation: Mobile App Management
Mobile Device Management (MDM) is the first thing many companies think about when attempting to address mobility in the enterprise. However, with the increasing popularity of BYOD, the restrictions of regulated industries, and other challenging mobility use cases, businesses are realizing that the default MDM-centric approach is often insufficient to protect essential business data, or si318Views0likes0CommentsHow to Disable AutoPlay feature to prevent Virus spreading using this feature.
Title : How to Disable AutoPlay feature to prevent Virus spreading using this feature. Cause : Most of the Malware and worm uses autorun feature of windows to Spread & launch to your machine. Solution : - Go to Start and Run - Type gpedit.msc - Click Ok - This will open a new group policy window.Saeed13 years agoLevel 36.2KViews9likes23CommentsSR L09: Messaging Gateway, Encryption and Data Loss Prevention: Three Great Things Even Better Together
The messaging gateway has emerged as a key point of control for managing an information risk and security strategy. With its key functions of message filtering and security, the messaging gateway serves as an ideal point on which to build the foundation of a Data Loss Prevention (DLP) and encryption strategy.311Views0likes0CommentsAltiris Architecture
The Altiris® Notification Server™ software is the core Altiris infrastructure server. By itself, the Altiris Notification Server does not provide any direct systems management functionality. It simply provides a base set of services that are leveraged by the Altiris solutions installed into it.1.8KViews2likes1CommentUtility to Assist in Identifying Plug and Play Drivers
Have you ever tried to get a build created with all the required device drivers, and have found that there are one or two yellow question marks that you cannot find the correct drivers for? Yes, we've all been there at sometime.EdT14 years agoLevel 61.5KViews17likes5CommentsMy Security Story
I work for a small technical college we have about 350 permanent employees and 300 part-timers with around 5000 students and 1450 altiris nodes. We used Sophos for about 5 years and started having some real problems with the scanning functions. The scan would start and use all system resources until it finished regardless of the settings we tried to change.Jeanne14 years agoLevel 33.4KViews2likes12CommentsTrue Data Loss Prevention
To all reading, not all data loss prevention solutions are equal. This company had implemented the Vericept product before my time and the intent was to monitor for malicious and fraud activities by our Corporate Security arm. Information Security was using it to try to capture information from leaving via the internet. So when Istarted to look at the product Iwas not- 673Views2likes2Comments
Community Managers Contact Information
Community Managers are employed by Symantec to moderate the communities within Symantec Connect. The managers review and publish all content, award points, and moderate the community forums. You can contact the community managers using the information below: Security Community3.9KViews31likes20CommentsSupport Makes the Case
I work for an IT Company which provides security products to other companies. One of our clients was using Symantec antivirus corporate edition 10.1.which we had suggested to them and were supporting. The client had no issue with the Symantec Antivirus.Bijay_Swain15 years agoLevel 41.5KViews4likes5CommentsUsing Software to Reduce Power Consumption
Written by: Bruce Naegel & Jose Iglesias Business demands on IT are ever-increasing to keep pace with the exponential growth of data throughput and the fast-rising need for data storage. Data centers are struggling to deploy the servers and storage hardware needed to meet the expanding demands of this business environment.950Views3likes4CommentsHow do I Create a Crash / Mini Dump manually for Windows based systems using Dr. Watson?
To enable Minidumps / Crash Dumps in Windows XP using Dr. Watson, follow the process given below: Go to START > RUN and type "drwtsn32" (without the quotes) at the prompt and click "OK". This will open the Dr. Watson utility. Apply the following settings: Crash Dump Type: Mini2.6KViews11likes6CommentsGreen Data Center Storage- Part I
Written by: Bruce Naegel, John Colgrove, W. David Schwaderer Executive Summary Why You Should Read This Paper This is the first part of a threepart series dealing with data center power and cooling issues that either are presently, or will soon, affect virtually every enterprise data center. The series outlines the challenges and Symantec solutions.370Views4likes0Comments