Archived U.S. Government Approved Protection Profile - Protection Profile for Full Disk Encryption
Short Name: pp_fde_v1.0 Technology Type: Encrypted Storage CC Version: 3.1 Date: 2011.12.01 Transition End Date: 2012.05.29 Succeeded By: pp_swfde_v1.0 Sunset Date: 2013.02.25 Conformance Claim: None Protection Profile
PP OVERVIEWTransition Window The Transition Window for this PP is from the date of publication through 1 June 2012. During the Transition Window, products will be accepted into evaluation against the PP or against an ST at EAL2 with a Letter of Intent. Once the Transition Window closes, all relevant products submitted for evaluation will only be evaluated against the PP.
Full Disk Encryption Overview This is the NIAP approved Protection Profile for Full Disk Encryption products. The Target of Evaluation (TOE) defined in this Protection Profile (PP) is a full disk encryption product used for mitigating the risk of a lost or stolen hard disk. As defined by NIST: “Full Disk Encryption (FDE), also known as whole disk encryption, is the process of encrypting all the data on the hard drive used to boot a computer, including the computer’s OS, and permitting access to the data only after successful authentication to the FDE product.”[1] Note that software encryption products will leave a portion of the drive unencrypted for the Master Boot Record (MBR) and the initial bootable partition. For this Protection Profile, the term “disk encryption” will be interpreted as per the NIST definition of full disk encryption modified to allow software disk encryption products to leave a portion of the drive unencrypted for the MBR and bootable partition as long as no information is written there that could contain user data. Usage Scenario The TOE is used to protect data at rest. The set of objectives and security functional requirements is limited to a device (generally a laptop) that has been lost or stolen while powered off without any prior access by an adversary.
Threat Addressed This PP addresses the threat that an adversary will obtain a lost or stolen hard disk (e.g., a disk contained in a laptop or a portable external hard disk drive) containing sensitive data. [1] NIST, “GUIDE TO STORAGE ENCRYPTION TECHNOLOGIES FOR END USER DEVICES”, NIST Special Pub 800-111, November 2007. This U.S. Government Approved Protection Profile is not assigned to any Validated ProductsThis U.S. Government Approved Protection Profile does not have any related Technical DecisionsPlease forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT). Please forward any general questions to our Q&A tool. |