What is the difference between FIPS and SED drives?
- Views:
- 9,350
- Visibility:
- Public
- Votes:
- 5
- Category:
- disk-drives
- Specialty:
- CORE
- Last Updated:
- 3/12/2025, 5:01:11 AM
Applies to
- ONTAP 9
- NetApp Storage Encryption (NSE)
- FIPS Drives
- SED Drives
Answer
NetApp Storage Encryption (NSE) supports two drive types:
- FIPS Drives
- Self-encrypting FIPS-certified SAS or NVMe drives are supported on all FAS and AFF systems.
- SED Drives
- Beginning with ONTAP 9.6, self-encrypting NVMe drives that have not undergone FIPS testing are supported on AFF A800, A320, and later systems.
| FIPS Drives | SED Drives |
| Entire disk encrypted | Entire disk encrypted |
| AES 256 encryption | AES 256 encryption |
| Onboard or external key management | Onboard or external key management |
| FIPS 140-2 level 2 validated when used with external key manager; FIPS level depends on key manager use and implementation | No FIPS 140-2 certifications |
| All drives (including HA pairing) must be NSE drives; you cannot mix NSE and non-NSE drives |
You can mix NVMe SSDs and NVMe SEDs, but not NSE drives |
| Source: Datasheet NetApp Storage Encryption, NVMe Self-Encrypting Drives, NetApp Volume Encryption, and NetApp Aggregate Encryption | |
