Veritas Trust Center


Committed to compliance, both ours and yours.

At Veritas, we adhere to a rigorous program designed to support international compliance requirements. Using third-party audits and industry-recognized certifications, we ensure data security and privacy, protect against threats or data breaches, and prevent unauthorized access of your data.

Independent verification and certification.

Our products regularly receive independent verification of their security, privacy, and compliance controls. Certifications and requirements may vary by product.


Veritas prioritizes accessibility in its digital offerings, ensuring alignment with the Web Content Accessibility Guidelines (WCAG) set forth by the World Wide Web Consortium. While achieving universal accessibility can present challenges, Veritas undertakes regular evaluations of its platforms. By addressing any identified issues promptly, Veritas showcases its unwavering commitment to providing an inclusive user experience for everyone.

AWS GovCloud

AWS GovCloud (US) is designed for government customers and their partners, offering a secure cloud solution environment. It ensures compliance with several stringent standards and regulatory frameworks, including:

  • FedRAMP High Baseline
  • Department of Justice’s Criminal Justice Information Systems (CJIS) Security Policy
  • U.S. International Traffic in Arms Regulations (ITAR)
  • Export Administration Regulations (EAR)
  • Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4, and 5
  • FIPS 140-2
  • IRS-1075

This ensures that users can operate within a compliant, secure, and flexible cloud infrastructure tailored to the unique needs of government entities.

Azure Government

Microsoft Azure Government has been developed to meet the rigorous compliance standards required by U.S. government entities. It has secured approvals and authorizations from critical frameworks, such as:

  • Federal Risk and Authorization Management Program (FedRAMP)
  • Department of Defense (DoD) Cloud Security Requirements Guide (SRG) for Impact Levels 2, 4, and 5

For its specific U.S. government regions—Arizona, Texas, and Virginia—Azure Government has earned:

  • FedRAMP High Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB)
  • DoD IL2, IL4, and IL5 Provisional Authorizations (PA) issued by the Defense Information Systems Agency (DISA), and IL5 Provisional Authorizations issued by the Defense Information Systems Agency (DISA)

Common Criteria

The Common Criteria for IT Security Evaluation, together with its counterpart, the Common Methodology for IT Security Evaluation, serves as the foundational element of the international Common Criteria Recognition Arrangement. This ensures that:

  • Products undergo evaluation by independent, licensed labs to verify specific security feature
  • Documents guide the certification process detailing the application of the criteria and methods for different tech types
  • Certificates validating an evaluated product’s security attributes can be distributed by numerous Certificate Authorizing Schemes, all based on the evaluation results
  • All CCRA signatories recognize these certificates


The Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGs) serve as configuration benchmarks intended to optimize security across both hardware and software. Their primary goal is to protect the Department of Defense’s IT infrastructure.



  • Managing data on internal hardware is often complicated, time consuming and expensive; but the cloud if not managed correctly is a potential security risk
  • Federal Risk and Authorization Management Program (FedRAMP) created “a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services"
  • bluesource has worked with Veritas to create a secure cloud solution that complies with the strict FedRAMP guidelines to create a secure environment within Microsoft Azure for federal agencies to access Enterprise Vault, the eDiscovery Platform, and Merge1 as SaaS solutions
  • Government organizations can meet “Cloud Smart” requirements, improve their FITARA score, and observe immediate cost savings without hiring any additional staff
  • The customer will own the Veritas software license just like on-prem; bluesource will quote the Hardware and Management Fees for it to be fully hosted and managed as per FedRAMP’s strict requirements
  • To receive a quote or for more information, bluesource can be reached by email at

FIPS 140-2

The Federal Information Processing Standard (FIPS) 140-2 outlines security expectations for cryptographic modules. It covers a spectrum of applications and surroundings through four progressive qualitative stages. Key areas include design specifications, ports, interfaces, roles, physical security, operational environment, cryptographic key management, electromagnetic considerations, self-tests, design assurance, and attack mitigation.



SOC 2 assessments provide independent, third-party examination documents that highlight how an organization upholds essential compliance controls and aims. Developed in line with the Auditing Standards Board of the AICPA’s Trust Services Criteria, these evaluations focus on an organization’s information systems in relation to aspects like security, availability, integrity, confidentiality, and privacy.


WORM Compliance

Policies set by the Financial Industry Regulatory Authority dictate that data must be securely retained, encrypted, and immutably stored on Write Once Ready Many (WORM) media. Such data must be retrievable, with organizations capable of providing comprehensive audit trails for data usage and deletion.

Hardware Certifications

Veritas offers products and services in 95 countries. Learn more about our compliance with laws and regulations addressing electrical, environmental, and sustainability certifications for specific products and in different regions.

Global Standards for Internationalization and Localization

Our products support data protection for global organizations from Asia to Europe and beyond via implementing standards of internationalization (I18N) and localization (L10N). 

  • Unicode compliance enables text and characters from various languages
  • Support for cultural conventions, locale format, and collation
  • Language for product user interface (UI) and documentation in up to 16 languages including Brazilian Portuguese, Chinese (Simplified and Traditional), French, German, Italian, Japanese, Korean, Spanish, and more, ensuring a truly global user experience
  • Support for legal language compliance such as Quebec's Bill 96, as well as unique preferences in other international markets
Promo Icon

Data Governance and Compliance

Veritas provides an integrated portfolio of products that synthesize intelligence across data sources to surface relevant information, deliver actionable insights, and reduce the risk of regulatory fines.

Explore products

Veritas and its products (software, hardware, and technology) and services (collectively, “Veritas Solutions”) are subject to United States (including, but not limited to, the U.S. Department of Commerce Export Administration Regulations (“EAR”) and the U.S. Office of Foreign Assets Control (“OFAC”) regulations), European Union, Singapore, and all other applicable government export controls, import, and sanctions laws and regulations in the jurisdictions in which the company operates. Veritas Technologies, all subsidiary companies, and entities maintain compliance through strict adherence to a robust internal control program.