Compliant Product - Cigent PBA Software v1.0.6
Certificate Date:
2023.10.24
CC Certificate Validation Report Number: CCEVS-VR-VID11378-2023 Product Type: Encrypted Storage Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201 CC Testing Lab: Lightship Security USA, Inc. ![[PDF]](/assets/images/icon_pdf.gif){kind=icon}
Security Target
Validation Report
Assurance Activity
Administrative Guide: Cigent PBA Software v1.0.6 Common Criteria Guide Version 1.2
Administrative Guide: Cigent PBA Installation Guide and User Manual
Product Description
The TOE is software that provides pre-boot authentication (PBA) for use with a self-encrypting drive (SED).
Evaluated Configuration
The TOE is Cigent PBA Software v1.0.6. The physical boundary of the TOE encompasses the Cigent PBA Software v1.0.6. Users may download the software after purchase from Cigent’s web portal (https://download.cigent.com/Cigent_PBA_v1.0.6.zip). The TOE runs on Ubuntu 22.04 and is provided and installed as a single software package. Alternatively, the TOE may come preinstalled on a partner original equipment manufacturer (OEM) Opal2 compatible solid state drive (SSD).
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cigent PBA Software v1.0.6 TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Cigent PBA Software v1.0.6 Common Criteria Guide, v1.2, satisfies all of the security functional requirements stated in the Cigent PBA Software v1.0.6 Security Target, v2.5. The project underwent CCEVS Validator review. The evaluation was completed in October 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
Data Protection The TOE enables encryption of data on a storage device to protect it from unauthorized disclosure. The TOE enables the data encryption function of a SED drive by providing pre-boot user authentication and key management capabilities. Secure Key Material The TOE ensures key material used for storage encryption is properly generated and protected from disclosure. It also implements cryptographic key and key material destruction during transitioning to a Compliant power saving state, or when all keys and key material are no longer needed. Secure Management The TOE enables management of its security functions. Trusted Update The TOE ensures the authenticity and integrity of software updates through digital signatures using Rivest Shamir Adleman (RSA) 4096 with Secure Hash Algorithm (SHA) SHA-512. Cryptographic Operations The TOE implements a cryptographic module. The cryptographic module uses t Cryptographic Algorithm Validation Program CAVP) validated cryptographic algorithms. Vendor InformationCigent Tom Ricoy (844) 256-1825 tom.ricoy@cigent.com https://www.cigent.com/ |