Section 508

We invest significant resources in ensuring that our solutions and products comply with existing government certifications and mandates.

A security and compliance architect assesses the security capabilities of all our products using a detailed checklist. The architect cross-references those capabilities to the categories specified by the National Institute of Standards and Technology (NIST) in publication 800-53. These internal assessments are available upon request to customers who wish to review the security capabilities of a product. Publication 800-53 serves as the basis for most FISMA controls, meaning our product capabilities also map to FISMA requirements.

We have a long history of working with federal agencies, and are committed to achieving working government security standards—including the requirements of FIPS Publications 140/201, FISMA, and other information assurance processes. We use technologies that comply with FIPS 140-2 to protect data and limit system access. It provides documentation to help agencies determine if products meet their unique security requirements, and assists agency efforts to perform Certification & Accreditation (C&A) of our solutions.

Some of our products have received Federal Desktop Core Configuration (FDCC) certifications. Others are certified under the Cryptographic Algorithm Validation Program (CAVP). Additionally, our R&D organization uses NIST-certified Security Content Automation Protocol (SCAP) vulnerability scanning and certification technologies.

Compliance is an ongoing effort in a changing landscape. We commit to staying as current as possible with our certifications so that your organization can confidently leverage our solutions to save time and money across physical, virtual and cloud environments.


In recognition and support of the “Electronic and Information Accessibility Standards” defined by Section 508 of the Rehabilitation Act, we publish accessibility self-assessments of our products using Voluntary Product Accessibility Templates (VPATs). The VPAT criteria influence the product roadmaps, and our Research and Development teams update the VPATs for their products during each major release cycle to reflect accessibility improvements contained in the latest release.

Below you will find VPATs for our software solutions. If the software VPAT you seek is not listed below, please Contact Us.

SonicWall ESA 5000SonicWall NSa 9450SonicWall SM 9200
SonicWall ESA 7000SonicWall NSa 9650SonicWall SM 9400
SonicWall ESA 9000SonicWall NSsp 10700SonicWall SM 9600
SonicWall NSA 2600SonicWall NSsp 11700SonicWall SM 9800
SonicWall NSA 2650SonicWall NSsp 12000SonicWall SOHO/SOHOW
SonicWall NSA 3600SonicWall NSsp 13700SonicWall SOHO 250/250W
SonicWall NSA 3650SonicWall NSsp 15000SonicWall TZ 270/270W
SonicWall NSA 4600SonicWall NSvSonicWall TZ300P
SonicWall NSA 4650SonicWall Gen 7 NSvSonicWall TZ300/300W
SonicWall NSA 5600SonicWall SMA 200SonicWall TZ350/350W
SonicWall NSA 5650SonicWall SMA 400SonicWall TZ370/370W
SonicWall NSa 2700SonicWALL SMA 210/410SonicWall TZ400/400W
SonicWall NSa 3700SonicWall SMA 6200SonicWall TZ470/470W
SonicWall NSa 4700SonicWall SMA 6210/7210SonicWall TZ500/500W
SonicWall NSa 5700SonicWall SMA 7200SonicWall TZ570/570W
SonicWall NSA 6600SonicWall SRA EX9000SonicWall TZ570P
SonicWall NSa 6650SonicWall SM E10200SonicWall TZ600P
SonicWall NSa 6700SonicWall SM E10800SonicWall TZ670
SonicWall NSa 9250
HSPD-12 & OMB 11-11

Homeland Security Presidential Directive 12, or HSPD-12, was issued by President George W. Bush in August of 2004. HSPD-12 calls for common identification standards for federal employees and contractors.

“…it is the policy of the United States to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).”

HSPD-12 calls on executive branch departments and agencies to ensure that their organizations meet those standards. HSPD-12 requires agencies to follow specific technical standards and business processes for the issuance and routine use of Federal Personal Identity Verification (PIV) smartcard credentials including a standardized background investigation to verify employees’ and contractors’ identities. Specific benefits of the standardized credentials required by HSPD-12 include secure access to federal facilities and disaster response sites, as well as multi-factor authentication, digital signature and encryption capabilities.

In 2011, the Office of Management and Budget (OMB) issued OMB Memorandum 11-11, which calls on agencies to accelerate their adoption of PIV credentials, the enablement of applications to use those credentials, and the upgrading of existing physical and logical access control systems to use those credentials.


Certification & Accreditation (C&A) is a requirement for all federal IT systems. C&A applies to complete systems – hardware and software – in a specific environment, associated with specific policies and procedures. Certification is the technical evaluation of the system components as they relate to security, and accreditation is the formal acceptance of that system in its specific environment.

Since C&A is environment-specific, no software, including our solutions, can be generically certified and accredited, but must go through that process for each environment in which it is installed. Upon request, we will provide copies of our products and assist organizations in their specific C&A efforts for our solutions.