SMI-S Conformance Testing Program (SMI-S CTP)

FINAL_Conformance_mark.jpg

The SMI-S 1.8 CTP Test Suite is now available!

SNIA’s Storage Management Initiative Specification (SMI-S) Conformance Testing Program (CTP) allows manufacturers to test their products with a vendor-neutral test suite to validate conformance to the SMI-S specification.

SNIA validates that a company's products conform to a particular version of the SMI-S specification for storage management using the SMI-Provider Test. The SMI-Provider Test is a collection of file driven test scripts written by SNIA. The scripts validate conformance to SMI-S profile rules, use of combinations of profiles and use of the profile rules to complete simple data storage tasks such as allocating a LUN to a server or setting and verifying the configuration of a SAN switch.

You should be asking your vendor for products conforming to the latest version of the SMI-Provider Test.  Look for versions of 1.5.0.1123 or higher, 1.6.1.1123 or higher and 1.8.0.1183 or higher.

Beginning June 01, 2020, the HTTP Security tests in CTP have been deprecated. The results of passing or failing these tests will no longer be reported for test results submitted on or after this date on the CTP web page. 
 
Background:
These tests were originally developed in 2016, and used to foster adoption of a minimum security posture in the SMI-S standard.  The tests succeeded at raising awareness of the need of supporting up-to-date encryption protocol implementation in storage management providers, as well as specifically disallowing support for older, insecure protocols.   In the intervening timeframe, the security industry has evolve to include extensive TLS testing as part of most security vulnerability scanning tools (e.g., Nessus, QualysGuard, etc.) and the output of the tools typically independently drive changes in customer infrastructure and vendor products when something like older versions of SSL or TLS are detected.  Because of the security industry’s activities and the unique TLS requirements for some environments (e.g., the U.S. Government) there is no longer a need to include TLS-specific tests as part of the SMI CTP.

Watch this short video for an introduction to SMI-S CTP.


SMI-S CTP Test Results

View the list of the companies which have taken the SMI-Provider Test. The information given on the page includes:

  • Version of test taken
  • Software product tested
  • Hardware manageable by tested the software product

SMI-S CTP Participation and How to Get The Test

Is your company interested in having SMI-S enabled products tested? Follow these guidelines to enable your developers to successfully certify your SMI-S implementations.