FDRERASE/OPEN; First Enterprise Scale Data Protection Solution for
Secure Open System Disk Erase Accepted for Common Criteria EAL2+ Evaluation.
May 21, 2007, Little Falls, NJ-Innovation Data Processing, announces FDRERASE/OPEN as the first enterprise scale data protection solution for secure Open System disk erasure to earn a place on the Common Criteria Evaluation and Validation Scheme (CCEVS) Products and Protection Profiles in Evaluation List for Sensitive Data Protection with a conformance claim of EAL2+.
“FDRERASE/OPEN is the only enterprise scale solution in CCEVS evaluation available today for securely erasing any disk that is accessed by its host computer across a SCSI or Fibre channel connection. Disks can be physical hard drives, or logical disk volumes resident in enterprise disk storage systems (including RAID systems) such as those provided by EMC, Hitachi, IBM, SUN and other vendors.
Following our successful delivery of FDRERASE for z/OS, the only CCEVS validated solution for secure erase of IBM z/OS mainframe disk, INNOVATION set out to develop a complementary solution to comply with current US Government guidelines for erasing open system data resident in large scale enterprise storage systems. That effort has paid off as we have now received notice on successful completion of the Initial Validation Oversight Review (iVOR) placing FDRERASE/OPEN into Common Criteria EAL2 Augmented Evaluation here in the US.”, explains Thomas J. Meehan, INNOVATION Data Processing Vice President of Advance Technology; adding “FDRERASE/OPEN employs the same techniques as FDRERASE for z/OS for Secure Erase that satisfies the requirements specified in the Assistant Secretary of Defense (ASD C3I) Memorandum, on Disposition of Unclassified DoD Computer Hard Drives, the definitive Department of Defense directive on the subject.”
According to the CCEVS iVOR description FDRERASE/OPEN is an interactive GUI application and a supporting operating system that runs on an x86 architecture computer providing two security erasure functions ERASE and SECUREERASE for the secure removal of data from any disk that is attached to its host computer by a SCSI or Fibre channel connection: ERASE and SECUREERASE overwrite disk to ensure the risk of any data remaining on a disk, is reduced to a level commensurate with the risk of a person scavenging for that data. FDRERASE/OPEN also provides a security audit function enabling a user to confirm that the physical sectors of the disk have indeed been overwritten sufficiently so that no residual information remains. This is the VERIFY function. FDRERASE/OPEN also maintains a History Report as a permanent record of all disks that it erases.
“FDRERASE/OPEN”, according to Meehan “is the open system solution that banks, card payment service providers, computer services providers, educational institutions, financial institutions, government agencies, hospitals, insurance companies and telecommunication companies have been asking for to complement FDRERASE the INNOVATION z/OS solution they are already using to securely erase mainframe data when leaving a DR site or disposing of disk storage systems. The fastest way to securely erase open system data in these same circumstances, the listing as in CCEVS EAL2+ evaluation puts FDRERASE/OPEN squarely in the forefront to meet user’s compliance requirements.”
“It is very clear now; commercial as well as government organizations have the same requirements to erase open system resident data from disk when leaving a DR site and when disposing of disk storage systems, as they have to protect mainframe data from unauthorized access.” Meehan went on, “you expect the DoD (Department of Defense) and NSA (National Security Agency) to have rules, but there is also an abundance of strict industry guidelines and federal codes and national legislation in countries around the world requiring sensitive information be cleared from disks prior to disposal or reuse. HIPAA (Health Insurance Portability and Accountability Act), requires sensitive information be cleared from equipment and media prior to disposal or reuse. GLBA (Gramm-Leach-Bliley Act) imposes criminal penalties on financial institutions for failing to preserve privacy of current or legacy client financial data. The Payment Card Industry (e.g. MasterCard, Visa, American Express, Diners Card, Discover and JCB) Data Security Standard requires banks, members, merchants and merchants’ service providers to have a data disposal plan, i.e. to purge electronic media so cardholder data cannot be reconstructed.”
FDRERASE/OPEN is shown as in evaluation on the Common Criteria Evaluation and Validation Scheme website Products and Protection Profiles in Evaluation page at http://niap.bahialab.com/cc-scheme/in_evaluation.cfm
About FDRERASE/OPEN (ERASE, SECUREERASE and VERIFY) Security Functions
Disk erasures are actually performed by overwriting the stored data to make the original data unrecoverable. ERASE, by default, overwrites each sector on a disk once making all data unrecoverable by any normal program running anywhere that has access to the disk.
Overwriting each sector on a disk a minimum of three times, (optionally up to eight overwrites), SECUREERASE renders the original data on a disk unrecoverable, even by sophisticated laboratory techniques applied to hard drives removed from the control unit.
The audit function VERIFY samples sectors on disks to insure that they have been erased, verifying a percentage of the disk by default, or if directed the entire disk.
CCEVS Initial Validation Oversight Review (iVOR) Summary
The purpose of an Initial Validation Oversight Review (iVOR) is to ensure compliance with CCEVS policies 10 and 13 and to ensure SAIC’s correct performance of the ASE evaluation activities against the Innovation Data Processing, FDRERASE/OPEN, Version 02, Level 05 Security Target (ST). The result of the iVOR is the listing of FDRERASE/OPEN on the Common Criteria Evaluation and Validation Scheme Validation website Products and Protection Profiles in Evaluation page as in evaluation http://niap.bahialab.com/cc-scheme/in_evaluation.cfm
About NIAP CCEVS
The National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme (NIAP CCEVS) Validation Body, is an activity jointly managed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). The CCEVS focus is to establish a national program for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security. Further information on CCEVS is available at http://niap.bahialab.com/cc-scheme/
About Science Applications International Corporation (SAIC)
SAIC is an NIAP approved Common Criteria Testing Laboratory (CCTL) accredited to conduct IT security evaluations for conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 15408:1999. Further information on SAIC is available at http://www.saic.com
About Assistant Secretary of Defense (ASD C3I) Memorandum, of June 4 2001, on Disposition of Unclassified DoD Computer Hard Drives, the definitive Department of Defense directive on the subject http://iase.disa.mil/policy-guidance/asd_hd_disposition_memo060401.pdf
FDRERASE for z/OS and FDRERASE/OPEN are service marks, trademarks and/or registered trademarks of Innovation Data Processing Corporation. IBM and z/OS are trademarks or registered trademarks of International Business Machines Corporation. All other service marks, trademarks or registered trademarks are the property of their respective owners.
INNOVATION Data Processing, Little Falls NJ, is the leading independent software vendor in the world today providing business data protection and non-disruptive business continuance solutions that enhance business resiliency for users of IBM eServer z/OS, zLinux, UNIX on zServers, OS/390 and S/390 Linux attached enterprise storage, as well as for Windows, UNIX and Linux, SAN, NAS and LAN distributed storage.
FDRERASE/OPEN is now general availability for ordering. Further information is available by calling 973-890-7300, e-mailing questions to email@example.com or visiting our website at http://www.innovationdp.fdr.com/products/fdreraseopen/index.cfm