Certifications and Compliance

Commvault software conforms to the following standards:

Dubai Electronic Security Center (DESC) Certified for Commvault Cloud Software as a Service (SaaS) offering: Cloud Service Provider (CSP) Security Standard
Commvault's crypto library is FIPS 140-3 certified: Crypto Library 3.0 Certificate #4989
ISO/IEC 27001:2013 Certified for Commvault Software as a Service (SaaS) offering and its Remote Managed Services (RMS) Platform: ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
NIST 800-53 CP9 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-9
NIST 800-53 CP10 Compliant: NIST Special Publication 800-53 (Rev. 4) CP-10
SOC 2 Type II for Commvault Cloud and managed services
VPAT 2.5 - WCAG and 508 Compliant: VPAT 2.5 Statement

Center for Internet Security Benchmarks (CIS)

Commvault offers a virtual image that contains the Commvault software and pre-configured system set up to support the Center for Internet Security Benchmarks. The following CommServe images are available in Commvault Store. For a list of virtual appliance images, which include all components needed to support Linux or Windows operations within the Commvault environment, see Commvault Virtual Appliances

Important

Starting with version 42.40, access node images and Media Agent images are CIS Level 1 hardened.

Image Name	Description
CIS L1 Hardened CommServe	Commvault software version: Commvault Platform Release 2022E Operating system: Windows Server 2019, Linux Rocky 8.9 SQL Server: Microsoft SQL Server 2019 Web Server: IIS 10 The OVA includes pre-installed CommServe, MediaAgent, and Virtual Server Agent with a trial license. Supported platforms: VMware, HSC, AWS, Azure, GCP
CIS L1 Hardened Media Agent Image (Available from Release 42.40)	Commvault software version: Included version in hardened 42.40 builds Operating system: Linux Rocky 9, AL2023, Win2022 Supported platforms: VMware, HSX, AWS, Azure, GCP
CIS L1 Hardened Access Node Image (Available from Release 42.40)	Commvault software version: Included version in hardened 42.40 builds Operating system: Linux Rocky 9, AL2023, Win2022 Supported workloads: VMware, HSX, AWS, Azure, GCP

Note

CIS audit reports and Commvault exception documents are available in the following directory on the image:

For Windows: C:CIS_Hardening
For Linux: /opt/commvault/CIS_Hardening

Commvault software complies with all the CIS Level 1 Security Controls in CIS Red Hat Enterprise Linux 8 Benchmark v1.0.1.

For more information about the support of various controls, see the following documents:

Clinical Image Archiving Conformance Statements

The following conformance statements apply to the Commvault Clinical Image Archiving solution:

Security Technical Implementation Guide (STIG) Certifications

The following are the STIG certifications for HyperScale Storage Pool and HyperScale X.

Certifications and Compliance

Center for Internet Security Benchmarks (CIS)

Image Name

Description

CIS L1 Hardened CommServe

CIS L1 Hardened Media Agent Image (Available from Release 42.40)

CIS L1 Hardened Access Node Image (Available from Release 42.40)

Clinical Image Archiving Conformance Statements

Security Technical Implementation Guide (STIG) Certifications

Page contents