Data Security
Self-Encrypting Drives & Security Certifications
Data security protects digital information across its entire lifecycle. Data resides on storage longer than when used by the CPU, making data at rest more vulnerable. Data-at-Rest Security is crucial; it shields your information from unauthorized access, modification, and disclosure, ensuring its safety when not actively being processed.
"RedData helps to address your Data-at-Rest Security challenges."
Self-Encrypting Drives offer hardware full disk encryption at interface speeds. They feature a dedicated security subsystem for managing data protection, allowing you to set access controls and perform cryptographic erasures for fast data removal. This integrated approach ensures your stored information is secure and easily manageable.
"RedData carries a wide selection of Self-Encrypting Drive products."
Data-at-Rest Security combines data encryption and access controls to protect stored information. Self-Encrypting Drives are a prime example, built with integrated, high-speed encryption and access controls. This ensures that all your data, when not actively used, is safe from unauthorized access, modification, and disclosure.
"RedData assists with Data-at-Rest Security solution deployments."
Data-at-Rest Security
Why
The primary use case for a Self-Encrypting Drive (SED) is to safeguard stored data from unauthorized access or disclosure.
How
A Self-Encrypting Drive (SED) automatically encrypts all data written to it and decrypts all data read from it. This encryption happens seamlessly without user intervention. Furthermore, SEDs incorporate a locking mechanism that allows for restricting access to specific data or the entire drive.
What
Self-Encrypting Drives are storage devices, such as Solid-State Drives (SSDs) or Hard Disk Drives (HDDs), enhanced with built-in security features.
Self-Encrypting Drives
How
Based on customer requirements, the product manufacturer determines the necessary security certifications. The manufacturer then hires an accredited laboratory to evaluate their product. Acting as a trusted intermediary between the manufacturer and the certification scheme, the laboratory submits all required evidence to the certification organization.
Why
Self-Encrypting Drives (SEDs) enhance security, but end-users need confidence that their security features are implemented properly. Incorrect implementation can compromise the device's security, increasing the risk of unauthorized data disclosure. This is where independent security evaluations play a crucial role.
Security Certifications
What
Security evaluation schemes, such as NIAP's Common Criteria and NIST's Cryptographic Module Validation Program, establish requirements for security functionality. Independent, accredited laboratories then validate that commercial off-the-shelf products correctly implement these security requirements.
Common Criteria Evaluation
The National Information Assurance Partnership (NIAP) manages the U.S. Common Criteria program for the evaluation of commercial off-the-shelf security products and is a signatory to the international Common Criteria Recognition Agreement (CCRA). Under this program, NIAP manages both approved Protection Profiles and the evaluation of products against them. This includes the "collaborative Protection Profile for Full Drive Encryption," which is used to evaluate the security of self-encrypting drives. Approved Common Criteria accredited laboratories perform the evaluations; products that pass are certified and added to NIAP's Product Compliant List (PCL).
Visit the NIAP CCEVS website for more information about the program.
Cryptographic Module Validation
The Cryptographic Module Validation Program (CMVP) is a joint US and Canadian program that verifies cryptographic modules against the latest NIST FIPS 140 standard, currently FIPS 140-3. To obtain validation, products are tested by one of the CMVP-accredited laboratories. Successful products receive a certificate and are listed on the CMVP Validated Modules page.
Visit the NIST CMVP website for more information about the program.
Cryptographic Algorithm Validation
The NIST Cryptographic Algorithm Validation Program (CAVP) validates implementations of cryptographic algorithms. NIST-accredited laboratories conduct these evaluations using algorithm-specific tests. Successful implementations receive a CAVP certificate and are listed on the NIST CAVP website. Importantly, CAVP certification is a prerequisite for both NIST FIPS 140 certification and NIAP Common Criteria evaluations.
Visit the NIST CAVP website for more information about the program.
Commercial Solutions for Classified
The NSA's Commercial Solutions for Classified (CSfC) program allows the use of commercially available products in US Government national security systems if they meet specific security requirements. These products must undergo CSfC approval before being deployed in a layered security solution. The Data-at-Rest Capability Package (DAR CP) within CSfC outlines approved components and designs for protecting classified data at rest. It mandates two layers of data encryption. Self-Encrypting Drives (SEDs) are recognized as an approved Hardware Full Disk Encryption (HWFDE) component within the DAR CP when listed on the designated Hardware Full Drive Encryption Product List.
Visit the CSfC program website for more information about program.