NIAP: Archived U.S. Government Approved Protection Profile - Protection Profile for Full Disk Encryption
NIAP/CCEVS

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Protection Profile for Full Disk Encryption

Short Name: pp_fde_v1.0

Technology Type: Encrypted Storage

CC Version: 3.1

Date: 01 December 2011

Transition End Date: 29 May 2012

Succeeded By: pp_swfde_v1.0

Sunset Date: 25 February 2013 [Sunset Icon]

Conformance Claim: None

 

PP OVERVIEW

Transition Window

The Transition Window for this PP is from the date of publication through 1 June 2012.  During the Transition Window, products will be accepted into evaluation against the PP or against an ST at EAL2 with a Letter of Intent.  Once the Transition Window closes, all relevant products submitted for evaluation will only be evaluated against the PP. 

 

Full Disk Encryption Overview

This is the NIAP approved Protection Profile for Full Disk Encryption products.  The Target of Evaluation (TOE) defined in this Protection Profile (PP) is a full disk encryption product used for mitigating the risk of a lost or stolen hard disk.  As defined by NIST: “Full Disk Encryption (FDE), also known as whole disk encryption, is the process of encrypting all the data on the hard drive used to boot a computer, including the computer’s OS, and permitting access to the data only after successful authentication to the FDE product.”[1]  Note that software encryption products will leave a portion of the drive unencrypted for the Master Boot Record (MBR) and the initial bootable partition. For this Protection Profile, the term “disk encryption” will be interpreted as per the NIST definition of full disk encryption modified to allow software disk encryption products to leave a portion of the drive unencrypted for the MBR and bootable partition as long as no information is written there that could contain user data.

 Usage Scenario

The TOE is used to protect data at rest.  The set of objectives and security functional requirements is limited to a device (generally a laptop) that has been lost or stolen while powered off without any prior access by an adversary.   

 

Threat Addressed

This PP addresses the threat that an adversary will obtain a lost or stolen hard disk (e.g., a disk contained in a laptop or a portable external hard disk drive) containing sensitive data. 


[1] NIST, “GUIDE TO STORAGE ENCRYPTION TECHNOLOGIES FOR END USER DEVICES”, NIST Special Pub 800-111, November 2007.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home