www.WhiteCanyon.com | Sales@WhiteCanyon.com | 1 (801) 224-8900

WipeDrive Enterprise:Common Criteria EAL2+ Certification

www.WhiteCanyon.com | Sales@WhiteCanyon.com | 1 (801) 224-8900

COMMON CRITERIA CERTIFICATIONCommon Criteria is a certification program by 30 member nations to mutually approve and recognize IT security products. The program provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. Vendors implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they meet the claims.

EVALUATION ASSURANCE LEVEL 2+Evaluation Assurance Level corresponds to the package of security assurance requirements which covers the complete development of a product, with a given level of strictness. Higher EALs do not necessarily imply "better security", they only mean that the claimed security assurance of the target of evaluation has been more extensively verified.

WipeDrive Enterprise obtained EAL 2+ certification on a data erasure security target and received evaluation by a Common Criteria certified lab. The evaluation process constitutes assessing the evaluation documentation, in-depth testing of the software and results of the examination. The evaluation serves to validate claims made about the target.

To be of practical use, the evaluation must verify the target's security features. This is done through the following:

The Security Target document that identifies the security properties of the target of evaluation. The ST may claim conformance with one or more PPs. The TOE is evaluated against the SFRs (Security Functional Requirements) established in its ST, no more and no less. This allows vendors to tailor the evaluation to accurately match the intended capabilities of their product. This means that a network firewall does not have to meet the same functional requirements as a database management system, and that different firewalls may in fact be evaluated against completely different lists of requirements. The ST is usually published so that potential customers may determine the specific security features that have been certified by the evaluation.

MEMBER COUNTRIESAs well as the Common Criteria standard, there is also a sub-treaty level Common Criteria MRA (Mutual Recognition Arrangement), whereby each party thereto recognizes evaluations against the Common Criteria standard done by other parties. The Arrangement has since been renamed Common Criteria Recognition Arrangement (CCRA) and membership continues to expand. Within the CCRA EAL2 certifications are recognized by all member countries.

CONCLUSIONThe Common Criteria certification of WipeDrive provides accreditation of the data erasure tool in the performance of drive erasure. This certification validates WipeDrive for use in any of the following countries: Australia, Austria, Canada, Czech Republic, Denmark, Ethiopia, Finland, France, Germany, Greece, Hungary, India, Indonesia, Israel, Italy, Japan, Malaysia, Netherlands, New Zealand, Norway, Pakistan, Poland, Qatar, Singapore, South Korea, Spain, Sweden, Turkey, United Kingdom, and United States.

For more information on WipeDrive Enterprise and Common Criteria EAL2+ certification, please contact Sales at 801.224.8900.

Australia, Canada, France, Germany, India, Italy, Japan, Malaysia, Netherlands, New Zealand,

Norway, South Korea, Singapore, Spain, Sweden, Turkey, United Kingdom, United States, Austria, Czech Republic, Denmark, Ethiopia, Finland, Greece, Hungary, Indonesia, Israel, Pakistan, Poland, and Qatar.WHAT IS COMMON CRITERIA?The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification managed by 32 member countries.

2+When

a drive arrives from a manufacturer they may or may not need to be formatted. The format process establishes a chosen partition on a drive to be used by an operating system. There are many different types of formatting – FAT32, NTFS, HFS+, ExFAT, etc. These formats are for specific use applications but overall, they allow data to be stored and read from a drive.

In the 1980’s and 1990’s formatting was seen as a viable method to sanitize a drive. IT assets were reformatted, which would remove the addressable areas on the drive and then donated or sold throughout the world. Security agencies would test these IT assets in the wild and find that data could still be recovered from them. Luckily, data recovery tools were not sophisticated as they are today and it would take considerable resources to retrieve the data. In the present-day, any data recovery tool on the internet can easily recover data from a formatted drive. In fact, most advertise that they can recover data from reformatted memory sticks, SSD and hard drives.

There are still groups that rely on a Low-Level Format for data erasure. These groups feel that the LLF will securely erase all the data on the drive at no cost. Unfortunately, the new IDE and ATA drives do not allow true LLF on their drives because of a change in manufacturing. New drives now have the formatting done on a servowriter before the disk is assembled into the drive in the factory. These drives no longer support LLF. Formatting a drive, whether low-level, deep or quick is not a viable option for a secure data sanitization process.

Formatting Can Cause the Following Issues:

OEM DRIVE TOOLSOEM tools are designed to manage and erase manufacturer’s own drives. The OEM tools provide a list of functions, like format, partition and erase. Though each OEM tool is unique, most of the tools provide a cryptographic key removal and securely erasing all the data on the

WipeDrive Enterprise:Common Criteria EAL2+ Certification

WHAT IS COMMON CRITERIA?

The Common Criteria for Information Technology Security Evaluation is an

international standard for computer security

certification managed by 30 member countries.

www.WhiteCanyon.com | Sales@WhiteCanyon.com | 1 (801) 224-8900

COMMON CRITERIA CERTIFICATIONCommon Criteria is a certification program by 30 member nations to mutually approve and recognize IT security products. The program provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. Vendors implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they meet the claims.

EVALUATION ASSURANCE LEVEL 2+Evaluation Assurance Level corresponds to the package of security assurance requirements which covers the complete development of a product, with a given level of strictness. Higher EALs do not necessarily imply "better security", they only mean that the claimed security assurance of the target of evaluation has been more extensively verified.

WipeDrive Enterprise obtained EAL 2+ certification on a data erasure security target and received evaluation by a Common Criteria certified lab. The evaluation process constitutes assessing the evaluation documentation, in-depth testing of the software and results of the examination. The evaluation serves to validate claims made about the target.

To be of practical use, the evaluation must verify the target's security features. This is done through the following:

The Security Target document that identifies the security properties of the target of evaluation. The ST may claim conformance with one or more PPs. The TOE is evaluated against the SFRs (Security Functional Requirements) established in its ST, no more and no less. This allows vendors to tailor the evaluation to accurately match the intended capabilities of their product. This means that a network firewall does not have to meet the same functional requirements as a database management system, and that different firewalls may in fact be evaluated against completely different lists of requirements. The ST is usually published so that potential customers may determine the specific security features that have been certified by the evaluation.

MEMBER COUNTRIESAs well as the Common Criteria standard, there is also a sub-treaty level Common Criteria MRA (Mutual Recognition Arrangement), whereby each party thereto recognizes evaluations against the Common Criteria standard done by other parties. The Arrangement has since been renamed Common Criteria Recognition Arrangement (CCRA) and membership continues to expand. Within the CCRA EAL2 certifications are recognized by all member countries.

CONCLUSIONThe Common Criteria certification of WipeDrive provides accreditation of the data erasure tool in the performance of drive erasure. This certification validates WipeDrive for use in any of the following countries: Australia, Austria, Canada, Czech Republic, Denmark, Ethiopia, Finland, France, Germany, Greece, Hungary, India, Indonesia, Israel, Italy, Japan, Malaysia, Netherlands, New Zealand, Norway, Pakistan, Poland, Qatar, Singapore, South Korea, Spain, Sweden, Turkey, United Kingdom, and United States.

For more information on WipeDrive Enterprise and Common Criteria EAL2+ certification, please contact Sales at 801.224.8900.

Australia, Canada, France, Germany, India, Italy, Japan, Malaysia, Netherlands, New Zealand,

Norway, South Korea, Singapore, Spain, Sweden, Turkey, United Kingdom, United States, Austria, Czech Republic, Denmark, Ethiopia, Finland, Greece, Hungary, Indonesia, Israel, Pakistan, Poland, and Qatar.WHAT IS COMMON CRITERIA?The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification managed by 32 member countries.

2+When

a drive arrives from a manufacturer they may or may not need to be formatted. The format process establishes a chosen partition on a drive to be used by an operating system. There are many different types of formatting – FAT32, NTFS, HFS+, ExFAT, etc. These formats are for specific use applications but overall, they allow data to be stored and read from a drive.

In the 1980’s and 1990’s formatting was seen as a viable method to sanitize a drive. IT assets were reformatted, which would remove the addressable areas on the drive and then donated or sold throughout the world. Security agencies would test these IT assets in the wild and find that data could still be recovered from them. Luckily, data recovery tools were not sophisticated as they are today and it would take considerable resources to retrieve the data. In the present-day, any data recovery tool on the internet can easily recover data from a formatted drive. In fact, most advertise that they can recover data from reformatted memory sticks, SSD and hard drives.

There are still groups that rely on a Low-Level Format for data erasure. These groups feel that the LLF will securely erase all the data on the drive at no cost. Unfortunately, the new IDE and ATA drives do not allow true LLF on their drives because of a change in manufacturing. New drives now have the formatting done on a servowriter before the disk is assembled into the drive in the factory. These drives no longer support LLF. Formatting a drive, whether low-level, deep or quick is not a viable option for a secure data sanitization process.

Formatting Can Cause the Following Issues:

OEM DRIVE TOOLSOEM tools are designed to manage and erase manufacturer’s own drives. The OEM tools provide a list of functions, like format, partition and erase. Though each OEM tool is unique, most of the tools provide a cryptographic key removal and securely erasing all the data on the

WipeDrive Enterprise:Common Criteria EAL2+ Certification