INNOVATION announces FDRERASE; First IBM z/OS Secure Erase Disk Utility to earn Common Criteria EAL2+ certification
Little Falls, NJ. August 19, 2005--INNOVATION, using the SHARE 2005 Users Group Conference in Boston as a backdrop, is announcing that its FDRERASE V5.4 L50 is the first secure erase disk utility for the IBM z/OS environment to earn a place on the Common Criteria Evaluation and Validation Scheme (CCEVS) Validated Products List for Sensitive Data Protection with a conformance claim of EAL2+.
"FDRERASE today, is the only CC qualified solution available for securely erasing z/OS disks (DASD). We specifically set out designing FDRERASE V5.4 L50 to comply with current US Government guidelines for erasing computer disks and have just received our congratulatory notice on successful completion of a Common Criteria EAL2 Augmented Evaluation from NIAP CCEVS, the validating authority here in the US, explains Thomas J. Meehan, INNOVATION Data Processing Vice President of Advance Technology; adding, we also have concurrence that the erasure technique FDRERASE employs for Secure Erase satisfies the requirements specified in the Assistant Secretary of Defense (ASD C3I) Memorandum, of June 4 2001, on Disposition of Unclassified DoD Computer Hard Drives, the definitive Department of Defense directive on the subject."
According to the CCEVS evaluation description FDRERASE is an application that runs under the IBM z/OS operating system on a mainframe computer that provides two CCEVS security validated disk erasure functions: ERASE and SECUREERASE that overwrite DASD to ensure the risk of residual data remaining, if any, is appropriate with the risk of a person scavenging for that data. FDRERASE also provides a CCEVS security validated audit function enabling a user to confirm that the physical tracks of the DASD have indeed been overwritten sufficiently that no residual information remains. This is the VERIFY function.
"FDRERASE, according to Meehan, has become quite popular with banks, card payment service providers, computer services providers, educational institutions, financial intuitions, government agencies, hospitals, insurance companies and telecommunication companies to securely erase data when leaving a DR site or disposing of disk storage systems. Always the fastest way to securely erase data in these circumstances, CCEVS EAL2+ certification now puts FDRERASE V54 L50 squarely in the forefront when it comes to meeting compliance requirements."
"It is very clear now; commercial as well as government organizations have the same requirements to erase data when leaving a DR site and when disposing of disk storage systems, as they have to protect that data from unauthorized access while it's in their possession." Meehan went on, "you expect DoD (Department of Defense) and NSA (National Security Agency) to have strict rules, but there are also industry guide lines and federal codes, as well as national legislation in this and countries around the world requiring sensitive information be cleared from disks prior to disposal or reuse."
HIPAA (Health Insurance Portability and Accountability Act), requires sensitive information be cleared from equipment and media prior to disposal or reuse. GLBA (Gramm-Leach-Bliley Act) imposes criminal penalties on financial institutions for failing to preserve privacy of current or legacy client financial data. The Payment Card Industry (e.g. MasterCard, Visa, American Express, Diners Card, Discover and JCB) Data Security Standard requires banks, members, merchants and merchants' service providers to have data disposal plans, i.e. purge electronic media so cardholder data cannot be reconstructed.
FDRERASE V5.4 L50 General Availability is September 30, 2005, Further information is available by calling 973-890-7300, e-mailing questions to firstname.lastname@example.org or visiting our web site at http://www.innovationdp.fdr.com/products/fdrerase/index.cfm
About FDRERASE Security Functions (ERASE, SECUREERASE and VERIFY)
Disk erasures are actually performed by overwriting the stored data to make the original data unrecoverable. ERASE, by default, overwrites each track on a volume once making all data unrecoverable by any normal program running anywhere that has access through the disk control unit or direct access to the disk.
Overwrites each track on a volume a minimum of three times. This multiple overwrite process (optionally up to eight overwrites) renders the original data unrecoverable, even by sophisticated laboratory techniques applied to hard drives removed from the control unit.
The audit function VERIFY samples tracks on volumes to insure that they have been erased, verifying a percentage of the volume by default or the entire volume if needed.
About INNOVATION Data Processing
The leading independent software vendor in the world today, providing business data protection, non-disruptive business continuance and information life cycle management solutions for IBM eServer z/OS, zLinux, UNIX on zServers, OS/390 and S/390 Linux attached enterprise storage, as well as for Windows, UNIX and Linux, SAN, NAS and LAN distributed storage.
CCEVS FDRERASE V54 L50 Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS). Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ADV_SPM.1 and ALC_FLR.2 family of assurance requirements. FDRERASE V54 L50 earning the right to display the international Common Criteria Recognition Arrangement (CCRA) certification mark (interlocking CC on globe), results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-05-0109, dated 5 August 2005) prepared by CCEVS.
About NIAP CCEVS
The National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme (NIAP CCEVS) Validation Body, is an activity jointly managed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). The CCEVS focus is to establish a national program for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security. Further information on CCEVS is available at http://niap.nist.gov/cc-scheme/index.html
About Science Applications International Corporation (SAIC)
SAIC is an NIAP approved Common Criteria Testing Laboratory (CCTL) accredited to conduct IT security evaluations for conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 15408:1999. Further information on SAIC is available at http://www.saic.com/
FDRERASE is a service mark, trademark and/or registered trademarks of Innovation Data Processing Corporation. IBM and z/OS are trademarks or registered trademarks of International Business Machines Corporation. All other service marks, trademarks or registered trademarks are the property of their respective owners.