Common Criteria EAL 2+ Certified Disk Wiping Software
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification managed by 30 member countries. WipeDrive Enterprise obtained EAL 2+ certification on a data erasure security target and received evaluation by a Common Criteria certified lab. This rigorous certification is the most comprehensive certification currently available.
WipeDrive's NIAP Certification means that it complies with all of the following U.S. and international disk wiping standards:
- Common Critera EAL 2+
- US DoD 5220.22-M
- NIST 800-88 REV 1 Compliant
- Meets the Common Criteria Evaluation and Validation Scheme
- FACTA standards
- US Army AR380-19
- US Air Force System Security Instruction 5020
- US Navy Staff Office Publication P-5329-26
- US National Computer Security Center TG-025
- NATO NIAPC
- GB HMG Infosec Standard #5 Baseline
- GB HMG Infosec Standard #5 Enhanced
- German VSITR
- Australian Defense Signals Directorate ACSI-33(X0-PD)
- Australian Defense Signals Directorate ACSI-33(X1-P-PD)
- Canadian RCMP TSSIT OPS-II Standard Wipe
- CIS GOST P50739-95
- CSEC ITSG-06
- Standard single pass overwrite
The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, verbal, electronic, etc.
The HIPAA Seal of Compliance has become the health care industry standard for verification that the federally-mandated HIPAA standards, regulated by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), are fully addressed and incorporated into an effective, oranization-wide compliance program.
NATO NIAPC Certified
The NATO Information Assurance Product Catalogue (NIAPC) established under Directive AC/322-D(2010)0042 (22-09-2010), provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet operational requirements.
According to NATO NIAPC “WipeDrive is a disk sanitizing tool that permanently erases all data from hard drives and other data storage devices. This includes but is not exclusive to: HPA partitions, DCO partitions, remapped sectors, operating systems, programs, and user files. This data is permanently destroyed as to make any type of forensic data recovery impossible.”
NYCE Certificate of Compliance
WipeDrive Enterprise has achieved NYCE Certificate of Compliance with Mexican Standard NMX-I_9126-2-NYCE-2011 as a data erasure solution. NYCE is a strategic partner of the software industry and provides safety and confidence evaluations. With more than 20 years of operation in Mexico, NYCE is a certification trusted by Mexico's largest companies and government agencies.
NYCE evaluated and confirmed that WipeDrive complies with standards established at the national (NOM or NMX) and international (ISO and IEC) evaluation levels. NYCE reviews the results of a series of tests, and analysis to evaluate each of the characteristics required by the regulation and certifies WipeDrive Enterprise as compliant.
The ADISA certification process is multi-layered and requires testing a Solid State Storage Device chipset against known threats and data residue after it has been securely overwritten by WipeDrive.
The testing process for each claims test follows the published ADISA test methodology. This certification verifies that any SSD securely overwritten by WipeDrive meets all criteria specified in the ADISA Threat Matrix. The ADISA Threat Matrix defines a series of capabilities and risks that various threat agents can pose on the security of a device.
National Cyber Security Centre
The National Cyber Security Centre (NCSC) is the UK’s authority on cyber security. The NCSC has access to some of the most sophisticated capabilities available to government. Their main purpose is to reduce the cyber security risk to the UK by improving its cyber security and cyber resilience.
NCSC uses CPA standards to evaluate commercial off-the-shelf products, and their developers, against published security and development standards.
A security product that passes assessment is awarded Foundation Grade certification. This means the product is proven to demonstrate good commercial security practice and is suitable for lower threat environments.
Why Is Certification Important
Certification vs. Compliance
There is a significant difference between software claiming to comply with standards and the National Security Agency (NSA) certifying compliance. We don’t believe our customers should have to verify that our software does what we claim, so we are Certified by NIAP to EAL 2+, higher than any other software wiping tool. This certification took over a year and cost literally hundreds of thousands of dollars, but they verify that WipeDrive works the way it is designed.
When you see wiping software that claims to “comply” with standards, all it means is that they believe they comply but there is no outside body that has independently verified and authenticated that they comply.