Compliant Product - Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives
Certificate Date:
2022.04.07
CC Certificate
Security Target
*
Validation Report
Validation Report Number: CCEVS-VR-VID11248-2022 Product Type: Encrypted Storage Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 CC Testing Lab: Leidos Common Criteria Testing Laboratory Maintenance Releases: Assurance Activity Administrative Guide
*
This is the Security Target (ST) associated with the latest Maintenance Release.
To view previous STs for this TOE, click here.
Product Description
The TOE comprises the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives (SEDs) provided by Seagate Technology, LLC. The TOE model numbers and firmware versions are identified in the table below. The Seagate SEDs implement FIPS-approved and NIST-recommended cryptographic algorithms. The CAVP certificates are identified in Section 6.2 of the security target (ST). The SEDs provide an Instant Secure Erase (ISE) function and full protection of customer data-at-rest with self-encrypting drive locking. The Seagate Secure Drives are designed in accordance with Trusted Computing Group (TCG) specifications. The TOE provides the Full Disk Encryption (FDE) Encryption Engine functionality as defined by [CPPFDE_EE]. In particular, the TOE provides data encryption, policy enforcement, and key management functions. The TOE provides for the generation, update, protection, and destruction of the data encryption key (DEK) and other intermediate keys under its control. Seagate terminology refers to the DEK as the Media Encryption Key (MEK).
Evaluated Configuration
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product satisfies all of the security functional requirements stated in the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives Security Target, version 1.0, March 10, 2022, when delivered and configured as identified in the product documentation listed in the aforementioned security target. The evaluation underwent CCEVS Validator review. The evaluation was completed in April 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
Seagate Secure TCG Enterprise SSC and TCG Opal SSC Self-Encrypting Drives enforce the following TOE security functional policies as specified in the ST. Cryptographic Support The TOE includes NIST-approved cryptographic algorithms supporting cryptographic functions. The TOE provides Key Wrapping, Key Derivation, and BEV Validation. The TOE performs Full Drive Encryption such that the drive contains no plaintext user data. The TOE performs user data encryption by default in the out-of-the-box configuration using XTS-AES-256 mode. The TOE supports management functions for changing and erasing the DEK, for initiating the TOE firmware updates, and for configuring the number of failed validation attempts required to trigger corrective action. The TOE provides trusted firmware update and access control functions; protects Key and Key Material; and supports a Compliant power saving state. The TOE runs a suite of self-tests during initial start-up (on power on), before the function is first invoked. Vendor InformationSeagate Technology, LLC Cathy Sand-Soll (720) 684-2008 (720) 684-2008 catherine.sand-soll@seagate.com www.seagate.com |