FIPS 140-2 Product Status
FIPS 140-2 Federal Information Processing Standard 140-2 (FIPS 140-2) validation is important to any vendor selling cryptography to the Federal market space. If your IT product utilizes any form of encryption, it will likely require validation against the FIPS 140-2 criteria by the Cryptographic Module Validation Program (CMVP) run jointly by the National Institute of Standards and Technology (NIST), in the United States and Communications Security Establishment (CSE) in Canada before it can be sold and installed in a Federal agency or DoD facility. FIPS 140-2 describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the NIST, has been adopted by the CSE, and is jointly administered by these bodies under the umbrella of the CMVP. The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. Please refer here for additional information regarding FIPS 140-2 requirements, including NIST links. Veritas Validated Products List Listed below are the Veritas products with a status as to whether a listed product is: FIPS 140-2 validated Product uses an existing encryption module (Veritas or 3rd party) and has gone through a "private label" validation process Compliant Product uses an existing validated 3rd party module, but has not explicitly obtained a private validation from NIST N/A Product does not contain an encryption module Not at this time Product has an encryption module but is not FIPS 140-2 validated at this time This snapshot in time below involves an in flux product line so there are no guarantees as to accuracy, but we try to keep this updated with the current status/FIPS 140-2 status per products. Veritas does not certify that all its software and hardware products, services or appliance solutions are compliant or validated per FIPS 140-2 requirements. For questions regarding FIPS 140-2 statuses/content herein or to note an updated FIPS product status, please contact xyz@veritas.com. VERITAS PRODUCT NAME STATUS HAS ENCRYPTION MODULE ENCRYPTION MODULE TYPE APPLICATIONHA 6.1 Not at this time Yes OpenSSL BACKUP EXEC 2014 FIPS Compliant Yes OpenSSL version 0.9.8y CLEARWELL Not at this time Yes MS CAPI (Microsoft Crypto API) CLUSTER SERVER 6.1 S64 LINUX FIPS Validated Yes OpenSSL CLUSTER SERVER 6.1 UNIX FIPS Validated Yes OpenSSL CLUSTER SERVER 6.1 WINDOWS Not at this time Yes OpenSSL CLUSTER SERVER HA/DR 6.1 S64 LINUX FIPS Validated Yes OpenSSL CLUSTER SERVER HA/DR 6.1 UNIX FIPS Validated Yes OpenSSL CLUSTER SERVER HA/DR 6.1 WINDOWS Not at this time Yes OpenSSL DATA INSIGHT 4.5 Not at this time Yes DISASTER RECOVERY ADVISOR 6.3 N/A No Veritas does not own source code ENTERPRISE VAULT 11.0 FIPS Validated Yes Veritas Enterprise Vault Cryptographic Module (Software Version: 1.0) NETBACKUP 7.6 BIOMNI FRONT OFFICE COMPLETE Not at this time Yes NETBACKUP 7.6 CROSS PLATFORM In Progress Yes OpenSSL 1.0.1 NETBACKUP 7.6 UNIX In Progress Yes OpenSSL 1.0.1 NETBACKUP 7.6 WIN/LNX/SOL X64 In Progress Yes OpenSSL 1.0.1 STORAGE FOUNDATION 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA/DR 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL STORAGE FOUNDATION HA/DR 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL Return to Global Certification Management Program Office. Return to the Customer Trust Portal.2.8KViews3likes1CommentHow to Create a Video
No matter what type of content you want to post on Symantec Connect, you use the Create Content feature and complete the same basic steps. For some types of content—such as videos—you must complete a few extra steps, but as you will see, the intuitive Symantec Connect interface guides you through the process.5.1KViews0likes1CommentHow to Add an Image to a Connect Post
If you've ever tried to add an image to a post on Connect you know it can be frustrating if you are forced to muddle through on your own. This article is meant to guide you through the process and, hopefully, make it a little easier. If you've ever inserted an image into the body of a gmail message then this will look a little familiar to you. So settle in and follow along.888Views8likes2CommentsFrequently Requested Information
This page contains our most frequently requested public facing documentation. Users that have accepted our Non-Disclosure Agreement (NDA) may access confidential data such as ISO/IEC 27001 certifications, SOC reports and evidence of insurance on our Security Certifications page. Business Continuity Management Program Veritas' Business Continuity Management Program is a key component of our business model. The principle focus of the BCM Program is to identify actual and potential risks to business function resilience; mitigate those risks by ensuring respective business functions design, document and exervise business continuity strategies, then faciliate the execution of those strategies if these is a disruption to critical Veritas functions, while maintaining our ability to deliver services to our customers. VeritasBusiness Continuity Management Program Summary Code of Conduct The Veritas Code of Conduct aligns our business practices with our values. Veritas is committed to conducting its business in an ethical and lawful manner. The reputation of Veritas is a valuable business asset, and ethical and legal conduct at all levels of our business is essential for our continued success. Corporate Responsibility Veritas considers the protection of information central to corporate responsibility in this digital age. We conduct our business with a commitment to ethical operation, sound environmental management, and positive societal impact. Incident Response Plan Summary Veritas' Incident Response Plan defines and implements an operational framework including the processes, skills, and tools necessary for Veritas to timely detect, contain, investigate and report on cyber security incidents potentially impacting Veritas systems, networks, and data, including customer, partner or supplier information in Veritas' possession.The development and implementation of this forward-looking plan supports Veritas' ultimate mission to its customers, partners, shareholders and employees as a trusted leader in information security risk management. Veritas Incident Response Plan Summary Information Security Policy Veritas is committed to the protection of the company's information technology, brand, intellectual property, personal information and customer data from misuse or compromise. This customer facing policy defines how Veritas protects its assets and reputation from threats associated with misuse or compromise of information/data. This includes whether the threat is internal or external, deliberate or accidental in nature. Veritas Information Security Policy Internal Control Over Financial Reporting (Sarbanes-Oxley (SOX)) Program A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles (GAAP).While Veritas maintains effective internal control over financial reporting, as a privately held entity, Veritas does notreport these results externally to the Security Exchange Commission (SEC). Pandemic/Infectious Disease Program Veritas recognizes that a pandemic or infectious illness outbreak would pose a significant health risk to employees and could lead to the interruption of business. Veritas has been engaging in pandemic planning activities since early 2005 (as part of Symantec Corporation)and initiated the Pandemic Preparedness Program with a global team comprised of key business group leaders knowledgeable in company operations to address these risks and respond to the consequences of a pandemic/infectious outbreak. Veritas Pandemic/Infectious Disease Program Summary Payment Card Industry (PCI) Attestation of Compliance The PCI Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process including prevention, detection and appropriate reaction to security incidents.Veritas meets the criteria for a Level4 Merchant. Privacy Statement Veritas' Privacy Statement describes the types of information we collect via Veritas' web sites, how we may use that information and with whom we may share it. Our Privacy Statement also describes the measures we take to protect the security of the information. We also tell you how you may contact us to update your information, remove your name from our mailing lists or get answers to questions you may have about our privacy practices at Veritas. Return to the Customer Trust Portal1.3KViews2likes0CommentsHow to split your solution
As a result of numerous requests from users, a new feature has been introduced to Symantec Connect to allow users to mark multiple answers as the solution. Previously, users can only mark one answer as the solution. To split the solution among a number of answers, do the following 1) Click on the Request Split Solution link.1.6KViews1like2CommentsCommunity Managers Contact Information
Community Managers are employed by Symantec to moderate the communities within Symantec Connect. The managers review and publish all content, award points, and moderate the community forums. You can contact the community managers using the information below: Security Community3.9KViews31likes20Comments