Common Criteria is a certification program by 30 member nations to mutually approve and recognize IT security products. The program provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. Vendors implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they meet the claims.
Evaluation Assurance Level corresponds to the package of security assurance requirements which covers the complete development of a product, with a given level of strictness. Higher EALs do not necessarily imply "better security", they only mean that the claimed security assurance of the target of evaluation has been more extensively verified.
WipeDrive Enterprise obtained EAL 2+ certification on a data erasure security target and received evaluation by a Common Criteria certified lab. The evaluation process constitutes assessing the evaluation documentation, in-depth testing of the software and results of the examination. The evaluation serves to validate claims made about the target.
To be of practical use, the evaluation must verify the target's security features. This is done through the following:
The Security Target document that identifies the security properties of the target of evaluation. The ST may claim conformance with one or more PPs. The TOE is evaluated against the SFRs (Security Functional Requirements) established in its ST, no more and no less. This allows vendors to tailor the evaluation to accurately match the intended capabilities of their product. This means that a network firewall does not have to meet the same functional requirements as a database management system, and that different firewalls may in fact be evaluated against completely different lists of requirements. The ST is usually published so that potential customers may determine the specific security features that have been certified by the evaluation.
As well as the Common Criteria standard, there is also a sub-treaty level Common Criteria MRA (Mutual Recognition Arrangement), whereby each party thereto recognizes evaluations against the Common Criteria standard done by other parties. The Arrangement has since been renamed Common Criteria Recognition Arrangement (CCRA) and membership continues to expand. Within the CCRA EAL2 certifications are recognized by all member countries.
The Common Criteria certification of WipeDrive provides accreditation of the data erasure tool in the performance of drive erasure. This certification validates WipeDrive for use in any of the following countries: Australia, Austria, Canada, Czech Republic, Denmark, Ethiopia, Finland, France, Germany, Greece, Hungary, India, Indonesia, Israel, Italy, Japan, Malaysia, Netherlands, New Zealand, Norway, Pakistan, Poland, Qatar, Singapore, South Korea, Spain, Sweden, Turkey, United Kingdom, and United States.
For more information on WipeDrive Enterprise and Common Criteria EAL2+ certification, please contact Sales at 1.801.224.8900.