diff --git a/manila/share/drivers/netapp/dataontap/client/client_cmode.py b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
index f92227c1de..8ba456fc43 100644
--- a/manila/share/drivers/netapp/dataontap/client/client_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
@@ -1383,6 +1383,36 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
                     errors[0].get_child_content('error-code'),
                     errors[0].get_child_content('error-message'))
 
+    @na_utils.trace
+    def set_volume_security_style(self, volume_name, security_style='unix'):
+        """Set volume security style"""
+        api_args = {
+            'query': {
+                'volume-attributes': {
+                    'volume-id-attributes': {
+                        'name': volume_name,
+                    },
+                },
+            },
+            'attributes': {
+                'volume-attributes': {
+                    'volume-security-attributes': {
+                        'style': security_style,
+                    },
+                },
+            },
+        }
+        result = self.send_request('volume-modify-iter', api_args)
+        failures = result.get_child_content('num-failed')
+        if failures and int(failures) > 0:
+            failure_list = result.get_child_by_name(
+                'failure-list') or netapp_api.NaElement('none')
+            errors = failure_list.get_children()
+            if errors:
+                raise netapp_api.NaApiError(
+                    errors[0].get_child_content('error-code'),
+                    errors[0].get_child_content('error-message'))
+
     @na_utils.trace
     def set_volume_name(self, volume_name, new_volume_name):
         """Set flexvol name."""
diff --git a/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py b/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
index 7ce58aeecf..95cfbdf0df 100644
--- a/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
@@ -33,6 +33,10 @@ class NetAppCmodeCIFSHelper(base.NetAppBaseHelper):
         self._client.create_cifs_share(share_name)
         self._client.remove_cifs_share_access(share_name, 'Everyone')
 
+        # Ensure 'ntfs' security style
+        self._client.set_volume_security_style(share_name,
+                                               security_style='ntfs')
+
         # Return a callback that may be used for generating export paths
         # for this share.
         return (lambda export_address, share_name=share_name:
diff --git a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
index d370bb5201..206bd835ee 100644
--- a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
@@ -2597,6 +2597,49 @@ class NetAppClientCmodeTestCase(test.TestCase):
                           fake.SHARE_NAME,
                           10)
 
+    @ddt.data(None, 'ntfs')
+    def test_set_volume_security_style(self, security_style):
+
+        api_response = netapp_api.NaElement(fake.VOLUME_MODIFY_ITER_RESPONSE)
+        self.mock_object(self.client,
+                         'send_request',
+                         mock.Mock(return_value=api_response))
+        kwargs = {'security_style': security_style} if security_style else {}
+
+        self.client.set_volume_security_style(fake.SHARE_NAME, **kwargs)
+
+        volume_modify_iter_args = {
+            'query': {
+                'volume-attributes': {
+                    'volume-id-attributes': {
+                        'name': fake.SHARE_NAME
+                    }
+                }
+            },
+            'attributes': {
+                'volume-attributes': {
+                    'volume-security-attributes': {
+                        'style': security_style or 'unix',
+                    },
+                },
+            },
+        }
+        self.client.send_request.assert_called_once_with(
+            'volume-modify-iter', volume_modify_iter_args)
+
+    def test_set_volume_security_style_api_error(self):
+
+        api_response = netapp_api.NaElement(
+            fake.VOLUME_MODIFY_ITER_ERROR_RESPONSE)
+        self.mock_object(self.client,
+                         'send_request',
+                         mock.Mock(return_value=api_response))
+
+        self.assertRaises(netapp_api.NaApiError,
+                          self.client.set_volume_security_style,
+                          fake.SHARE_NAME,
+                          'ntfs')
+
     def test_volume_exists(self):
 
         api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)
diff --git a/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py b/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
index 143ba018b9..ef18c4d688 100644
--- a/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
@@ -55,6 +55,8 @@ class NetAppClusteredCIFSHelperTestCase(test.TestCase):
             fake.SHARE_NAME)
         self.mock_client.remove_cifs_share_access.assert_called_once_with(
             fake.SHARE_NAME, 'Everyone')
+        self.mock_client.set_volume_security_style.assert_called_once_with(
+            fake.SHARE_NAME, security_style='ntfs')
 
     def test_delete_share(self):
 
diff --git a/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml b/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml
new file mode 100644
index 0000000000..351016aec9
--- /dev/null
+++ b/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - The NetApp ONTAP driver has been fixed to ensure the "security style" on
+    CIFS shares is always "ntfs".