Certifications
Fortinet Federal Certifications and Standards Compliance
As U.S. Federal agencies look to expand, upgrade, and replace enterprise security solutions and networking components, public sector professionals are challenged to compare vendor options. To ensure their choices meet regulatory requirements and the features and functions they require, agency technologists need to confirm compliance with the certification level of individual and integrated products.
To help navigate this process, third-party labs and auditors conduct independent testing to enable a fair comparison between product performance, compliance, and functionality. Fortinet Federal and its partners comply with diverse industry and government standards, as well as advanced benchmarking technologies, including independent validation of products and services to ensure its Federal customer expectations are met.
NIAP is the U.S.-specific implementation of the international Common Criteria (CC) certification program. NIAP protection profiles are the standard for U.S. CC testing labs and accepted by many countries for evaluating commercial off-the-shelf (COTS) IT products.
The DoDIN APL is an acquisition decision support tool for U.S. Department of Defense (DoD) organizations interested in procuring technology products to support their missions. The DoDIN APL process results in a consolidated list of products that have met DoD cybersecurity and interoperation certification requirements.
The FIPS 140 series applies to the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP) for evaluation of cryptographic modules in commercial-off-the-shelf (COTS) products. Currently, CVMP supports two versions of evaluation: FIPS 140-2 and FIPS 140-3. Most active validations are based on FIPS 140-2, however, FIPS 140-3 is now required for new cryptographic evaluations.
USGv6 is a certification program managed by NIST in collaboration with other U.S. Government agencies and industry to develop and maintain the standards, test program, deployment guidance and test and measurement tools necessary to provide the technical basis for wide-scale adoption of IPv6 across Federal agencies.
Effective 8/13/19, the U.S. Government no longer can obtain telecommunications equipment or services produced by specific companies. The Federal Acquisition Regulations were updated to include this prohibition.
The TAA designates approved countries of origin for products sold through U.S. Government contracts. Fortinet Federal offers -USG and -TAA SKU products for customers that must meet U.S. Federal Trade Agreements Act (TAA) requirements.
Section 508 is a part of the U.S. Rehabilitation Act of 1973. It requires that electronic and information technology developed, procured, maintained, or used by the U.S. Federal Government be accessible to people with disabilities.
The CDM Program delivers cybersecurity tools, integration services, and dashboards to support participating agencies to improve their security postures. The CDM Program’s APL is the authoritative catalog for approved products that meet CDM technical requirements.
Contractors are required to mitigate adversarial supply chain risk in the provision of supplies and services to the Government.