Forum Discussion

John_Grovender's avatar
2 years ago

Rope Those Unsecured Filer Snapshot Dogies with NetBackup's 10.3+ FIPS-Compliant NBSM

Starting with release 10.3, NetBackup service manager (NBSM) used in dynamic network attached storage (NAS) snapshot protection is now Federal Information Processing Standards (FIPS) compliant. NBSM manages snapshot orchestration between NetBackup and many storage targets. FIPS is a set of security standards by the U.S. Department of Commerce National Institute of Standards and Technology (NIST.)

NBSM can run in FIPS compliant and non-FIPS compliant modes. So, you have the ability to turn FIPS off if there's a need to do so. However, our recommended configuration for NetBackup and NBSM and all to-be protected workloads is to run in FIPS mode whenever possible.

Our FIPS compliancy is 140-2, level 1. This compliancy matches the rest of NetBackup's FIPS-compliant features. FIPS modules at the operating system and PostgreSQL database level are used to enforce FIPS protection.

When FIPS mode is enforced, only FIPS-compliant workloads/configurations will be protected. Data-at-rest and data-in-transit will be encrypted with only FIPS-validated API(s).

A description of NBSM and its targets is available here:

https://www.veritas.com/support/en_US/doc/155729295-158413311-0/index

You can get more information about FIPS standards and compliance in general here:

https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips

The details of FIPS 140-2 level 1 security as defined by NIST is posted here:

https://www.nist.gov/publications/security-requirements-cryptographic-modules-includes-change-notices-1232002

No RepliesBe the first to reply