Government Certifications

In recognition and support of the "Electronic and Information Accessibility Standards" defined by Section 508 of the Rehabilitation Act, Quest Software publishes accessibility self-assessments of our products using Voluntary Product Accessibility Templates (VPATs). The VPAT criteria influence the product roadmaps, and Quest's Research and Development teams update the VPATs for their products during each major release cycle to reflect accessibility improvements contained in the latest release.

If the VPAT you seek is not listed below, please contact Quest to request it.

Access Manager 2.0 ActiveRoles® Access Provider ActiveRoles® Add-On Manager ActiveRoles® Direct ActiveRoles® Server Archive Manager Authentication Services Authentication Services ARS Pack Authentication Services for Smart Card Authentication Services Group Policy for Mac Authentication Services for Siebel Authentication Services for SAP GUI Availability Manager for Exchange Backup Reporter Benchmark Factory® for Databases Big Brother® Professional Services Business Intelligence Studio Capacity Manager for SQL Server ChangeAuditor 5.6 ChangeAuditor for Active Directory ChangeAuditor For ActiveRoles Server ChangeAuditor for Defender ChangeAuditor for EMC ChangeAuditor for Exchange ChangeAuditor for LDAP ChangeAuditor-for-NetApp ChangeAuditor for Quest Authentication Services ChangeAuditor for SharePoint ChangeAuditor for SQL Server ChangeAuditor for VMWare vCenter ChangeAuditor for Windows File Servers ChangeBASE Client Profile Updating Utility Cloud Automation Platform Code Tester for Oracle Coexistence Manager for GroupWise 1.0 Coexistence Manager for Notes 3.1 Collaboration Services Compliance Portal Defender Deployment Manager for SharePoint Development Studio for SharePoint DirectoryAnalyzer Directory Analyzer for Active Directory DirectoryTroubleshooter DropThis for SharePoint Enterprise Single Sign-On File Migrator for SharePoint Foglight Foglight for LiteSpeed GPOADmin GroupWise Migrator for Exchange Identify Manager for Unix InTrust® InTrust® for Active Directory InTrust® for File Access

InTrust® for Exchange JClass® DesktopViews JClass® ServerViews JProbe® LiteSpeed® Engine for Oracle LiteSpeed® for SQL Server 6.5 Management Console for Exchange Management Xtensions for System Center Configuration Manager MessageStats® MessageStats® Report Pack for Archive Manager MessageStats® Report Pack for BlackBerry MessageStats® Report Pack for Lotus Notes MessageStats® Report Pack for OCS MessageStats® Report Pack for Microsoft Online MessageStats® Report Pack for OWA MessageStats® Report Pack for Sendmail MessageStats® Report Pack for Windows Mobile MessageStats® Unified Reporting v1.0 Migration AssessmentTool Migration Manager for Active Directory Migration Manager for Exchange Migration Manager for SharePoint Migrator for Sametime Mission Control NetVault®Backup NetVault®Backup Plug-In for DB2 3.1 NetVault®Backup Plug-In for Domino 4.2 NetVault®Backup Plug-In for Exchange NetVault®Backup Plug-In for Informix 3.8 NetVault®Backup Plug-In for NDMP NetVault®Backup Plug-In for Oracle 6.1 NetVault®Backup Plug-In for SnapMirror to Tape NetVault®Backup Plug-In for VMWare NetVault®Bare Metal Recovery NetVault® FastRecover NetVault® for Teradata NetVault® for MySQL NetVault® SmartDisk NDS Migrator Notes Migrator for Exchange Notes Migrator for SharePoint OnDemand Migration for Email PacketTrap Password Manager Performance Analysis for Oracle Performance Analysis for SQL Server PerformaSure® PowerGUI® 3.0 Privileged Command Management Privileged Password Management Privileged Session Management Privilege Manager for Sudo Privilege Manager for Sudo - Keystroke Logging Privilege Manager for UNIX Public Folder Migrator for SharePoint

Quest Central® for DB2 Quest OnDemand v1.3 Quest One Authorization Policy Server Quest One Authorization Policy Server for SQL Server Quest One Identity Manager Quest One Quick Connect for Cloud Services Quest One Quick Connect for PeopleSoft Quest One Quick Connect for RACF Quest One Quick Connect for SAP Solutions Quest Web Parts for SharePoint v5.6 Recovery Manager for Active Directory Recovery Manager for Active Directory Forest Edition Recovery Manager for Exchange 5.0 Recovery Manager for SharePoint Reporter® 6.5 Self-Service Manager for Exchange Server Administrator for SharePoint SharePlex® for Oracle 7.6 SharePlex® Manager Single Sign On for Java 3.3 Single Sign-On for Java Site Administrator for SharePoint Space Management with LiveReorg® Spotlight MDK 3.0 Spotlight MDK 4.0 Spotlight® on Active Directory Spotlight® on DB2 Spotlight® on Exchange / Spotlight® on Exchange Web Reports Spotlight® on Messaging Spotlight® on Sybase SQL Navigator® SQL Optimizer for DB2 SQL Optimizer for Oracle SQL Optimizer for SQL Server SQL Optimizer for Sybase Stat® Storage Maximizer for SharePoint Toad® Data Modeler Toad® Extension for Visual Studio Toad® for Data Analysts Toad® for DB2 Toad® for MySQL Toad® for Oracle Toad® for SQL Server Toad® for Sybase vControl vConverter® vFoglight® vFoglight® Storage vOptimizer vRanger® Pro vReplicator vWorkspace Webthority XRT™ PDS

 

Please contact Quest's Legal Department with questions about VPATs.

Quest and FIPS 140-2

Quest is committed to product security and assurance. Quest plans on using FIPS 140-2 approved cryptographic modules in its products whenever possible. When this is not a possibility, we will ensure that any Quest product that uses cryptography has support for FIPS 140-2-approved algorithms. These areas of cryptography include symmetric and asymmetric encryption, hashing, keyed hashing, message authentication, and random number generation. We intend to continue our ongoing discussions with our Federal government customers to ensure that we understand the requirements and processes involved to meet the required cryptography standards.

Cryptographic Algorithm Validation Program

In July 1995, NIST and the Communications Security Establishment Canada (CSEC) established the Cryptographic Algorithm Validation Program (CAVP). This program focuses on validation testing for NIST recommended, and FIPS 140-2 approved, cryptographic algorithms. Vendors interested in validating the cryptographic implementations used within their products may select an accredited laboratory to conduct testing of these implementations. Upon successful completion of the testing, vendors get listed on NISTs validation list(s) on their web sites.

Product ActiveEntry Authentication Services InTrust Quest One Privileged Password Manager Quest One Privileged Session Manager Quest vWorkspace - MokaFive Suite

Cryptographic Algorithms AES AES, SHA-1 Triple DES AES, Triple-DES, DSA/SHA-1, HMAC, RSA AES, Triple-DES, DSA/SHA-1, HMAC, RSA AES, SHA-256, SHA-512

Quest has completed numerous Federal Desktop Core Configuration (FDCC) certifications for a relevant set of its products. We have an established FDCC testing environment within our R&D organization and utilize National Institute of Standards and Technology (NIST) certified Security Content Automation Protocol (SCAP) vulnerability scanning and certification technologies. We will continue to evaluate subsequent product releases and continue to evaluate our software against the latest FDCC baseline, while documenting any known exceptions. Development plans will be put in place to address future exceptions, and self-certify our software products as FDCC compliant.

Please note that this represents our plan as of September 2010, and our development plans and priorities are subject to change, due to numerous factors, availability of resources and other matters common to all independent software vendors.

FDCC Certification Statements

Code Tester for Oracle Foglight Transaction Recorder Performance Analysis for Oracle Quest Backup Reporter for Oracle Space Manager with LiveReorg Spotlight on DB2 for LUW Spotlight on Oracle Spotlight on SQL Server Enterprise Spotlight on Sybase ASE SQL Optimizer for Oracle

SQL Optimizer for SQL Server Toad Data Modeler Toad for Data Analysts Toad for DB2 Toad for MySQL Toad for Oracle Toad for SQL Server Toad for Sybase vWorkspace

Homeland Security Presidential Directive 12, or HSPD-12, was issued by President George W. Bush in August of 2004. HSPD-12 calls for common identification standards for federal employees and contractors.

"...it is the policy of the United States to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees)."

HSPD-12 calls on executive branch departments and agencies to ensure that their organizations meet those standards. HSPD-12 requires agencies to follow specific technical standards and business processes for the issuance and routine use of Federal Personal Identity Verification (PIV) smartcard credentials including a standardized background investigation to verify employees' and contractors' identities. Specific benefits of the standardized credentials required by HSPD-12 include secure access to federal facilities and disaster response sites, as well as multi-factor authentication, digital signature and encryption capabilities.

In 2011, the Office of Management and Budget (OMB) issued OMB Memorandum 11-11, which calls on agencies to accelerate their adoption of PIV credentials, the enablement of applications to use those credentials, and the upgrading of existing physical and logical access control systems to use those credentials.

Certification & Accreditation (C&A) is a requirement for all federal IT systems. C&A applies to complete systems - hardware and software - in a specific environment, associated with specific policies and procedures. Certification is the technical evaluation of the system components as they relate to security, and accreditation is the formal acceptance of that system in its specific environment. 

Since C&A is environment-specific, no software, including solutions from  Quest Software, can be generically certified and accredited, but must go through that process for each environment in which it is installed. Quest Software will provide copies of our products and assist organizations as requested in their specific C&A efforts for Quest Software solutions.