Hitachi Vantara Security Advisories



Hitachi Vantara Security Advisories

Whenever a new industry-wide cybersecurity vulnerability is identified and reported, Hitachi Vantara investigates its product lines to determine any impact, and presents information here in an effort to help keep your systems protected. 

A full list of vulnerabilities is available in our Knowledge portal.


KMS Integration and Compatibility Guide

Validated Key Management Server (KMS) integrations and supported software versions for the Hitachi VSP One Block storage models.


Validated KMS Vendors and Models

The following KMS vendors and models, along with their supported versions, have been validated for integration with Hitachi VSP One Block storage models.

ThalesCipherTrust Manager k170v
CipherTrust Manager k470v
CipherTrust Manager k570
Supported version: v2.14
EntrustKeyControl
Supported version: v10.2
IBMSecurity Guardium Key Lifecycle Manager
Supported version: v4.2.1
UtimacoVirtual Enterprise Secure Key Manager
Supported version: v8.52
FortanixData Security Manager
Supported version: v4.19
FortanixVaultCore
Supported version: v2.6.2

Compatible Hitachi VSP One Block Models

The following Hitachi VSP One Block models are compatible with the validated KMS integrations:

  • Hitachi VSP One Block 24
  • Hitachi VSP One Block 26
  • Hitachi VSP One Block 28

Integration Documents:

For detailed integration steps and guidelines, refer to the KMS integration documents listed below:

Thales CipherTrust Manager:Integration Guide - v2.14
Entrust KeyControl:Integration Guide - v10.2
IBM Security Guardium Key Lifecycle Manager:Integration Guide - v4.2.1
Utimaco Security Guardium Key Lifecycle Manager:Integration Guide - v8.52
Fortanix Data Security Manager:Integration Guide - v4.19
Fornetix VaultCore:Integration Guide - v2.6.2

Product security certifications

 

 

197

140-2 Level 1

 

140-2 Level 2

 

EAL2

EAL2+

Core

USGv6

 

 

Cert#

Cert#

Sunset Date

Cert#

Sunset Date

 

 

 

 

5x00

eDKBN(NVMe)

#C1593

n/a

 

#3803

1/27/2026

 

 

 

83-04-00

 

eDKB(SAS)

#3305

n/a

 

#3278

 

 

 

 

83-04-00

F1500

eDKA(SAS)

#2787

#2386

Historical

#2727

Historical

 

 

02-C-001324

80-01-22

G1500

eDKA(SAS)

#2787

#2386

Historical

#2727

Historical

 

 

02-C-001324

80-01-22

G1000

eDKA(SAS)

#2787

#2386

Historical

#2727

Historical

 

 

02-C-001324

80-01-22

VSP

n/a

#1553

n/a

 

n/a

 

#C0315

 

02-C-001326

 

E1090

 

#C1593

n/a

 

#3803

1/27/2026

 

 

 

 

 

eDKB(SAS)

#3305

n/a

 

#3278

9/3/2023

 

 

 

 

E990

 

#C1593

n/a

 

#3803

1/27/2026

 

 

 

 

E590/790

 

#A1290

#4194

 

n/a

 

 

 

 

 

 

eDKB(SAS)

#3305

n/a

 

#4183

1/27/2026

 

 

 

 

G150/350/370

 

#3305

#3279

9/3/2023

n/a

 

 

 

 

 

F350/370

 

#3305

#3279

9/3/2023

n/a

 

 

 

 

 

G700/900

eDKB(SAS)

#3305

n/a

 

#3278

9/3/2023

 

 

 

 

F700/900

eDKB(SAS)

#3305

n/a

 

#3278

9/3/2023

 

 

 

 

G400/600/800

eDKB(SAS)

#3305

n/a

 

#2462

Historical

 

 

02-C-001384

83-01-04

G200

 

#3305

#2694

Historical

n/a

 

 

 

02-C-001384

83-01-04

HUS VM

eDKB(SAS)

#2787

#2232

Historical

n/a

 

 

#C0513

02-C-001332

 

HUS 150

eDKB(SAS)

#2787

#2232

Historical

n/a

 

#C0419

 

 

 

HCP - Cloudscale

 

 

#4239

8/22/2024

n/a

 

 

 

 

 

Hitachi Vantara Vulnerability Disclosure Policy

1. Policy introduction & policy purpose

The purpose of this policy is to establish a method all Hitachi Vantara customers and external stakeholders should follow to report any potential vulnerabilities and threats.

This policy’s objective is to ensure Hitachi Vantara’s customers trust by continuously addressing potential vulnerabilities and threats to reduce potential risks that may have an impact to Hitachi Vantara operations, infrastructure, and services.

2. Scope

This policy applies to all divisions and geographies, unless noted otherwise within this document, and is intended for all employees with a direct or indirect relationship with customers and third parties to whom Hitachi Vantara does business.

The following situations are excluded from this policy:

  • When a Hitachi Vantara customer or third-party requests actions beyond a valid contract extension.

3. Process to report potential vulnerabilities and threats

3.1. Any Hitachi Vantara customer or third party may submit a report to notify about potential vulnerabilities or threats. A report submission should include the following information, but not limited to:

  • Details of affected Hitachi Vantara product or solution
  • Versions of software and/or microcode of Hitachi Vantara components
  • A detailed description of the identified vulnerability or threat, and
  • Any other relevant information such as evidence or proof of concept, where the identified vulnerability is already published, and where the individual reporting is committed to coordinated disclosure.

3.2. Contact information to report any potential vulnerability or threat:

  • When a potential security vulnerability in Hitachi Vantara’s products is discovered, customers or third parties are encouraged to report the vulnerability by contacting Hitachi Vantara’s Global Support Center (GSC).
  • The GSC team will work in conjunction with Hitachi Vantara’s Cybersecurity team to investigate the issue in accordance with customer contract requirements and GSC standard operating procedures.
  • Hitachi Vantara recommends using an encryption program to securely transmit any confidential and personal data.
  • While Hitachi Vantara will review reports submitted through the GSC, weaknesses in existing customer installation due to their individual designs, third-party components, or compromised access credentials are not considered a vulnerability within Hitachi Vantara’s products.
  • For all entities without a customer relationship with Hitachi Vantara, you can report security vulnerabilities to Cybersecurity team here. (security.vulnerabilities@hitachivantara.com)

3.3. With the agreement of the reporting customers or third party, Hitachi Vantara must recognize the customer or third party with credit for the discovery of the vulnerability as part of the official Hitachi Vantara process. Hitachi Vantara does not have a “Bug Bounty” program in place. Therefore, Hitachi Vantara does recognize the vulnerability researchers through the vulnerability (CVE - Common Enumeration of Vulnerabilities) publication when applies, or a recognition letter for their contributions.

3.4. Hitachi Vantara’s product vulnerability handling generally consists of the following:

  • First response,
  • Initial triage,
  • Investigation and planning,
  • Remediation, and
  • Disclosure & notification.

While Hitachi Vantara makes all effort to timely remediate vulnerabilities posing a high risk for Hitachi Vantara, its customers, and third parties, remediation times may vary depending on vulnerability complexity or threat conditions. Assuming the reported information is not known publicly, it is the intention of the customer or third-party reporting a vulnerability and Hitachi Vantara do not release any related information until there is remediation.

4. Disclaimer

The information contained herein is subject to change at any time without notice. The statements in this policy do not modify, supersede, or otherwise amend any customer rights, obligations, or terms between Hitachi Vantara LLC and any other party. The use of the information or links included in this policy is done at your own risk.