The Target of Evaluation (TOE) is Shift5, Inc. Software Full Drive Encryption (Shift5 SW FDE) version 1.2.3. The Shift5, Inc. Software Full Drive Encryption is a software package that Shift5 integrates into its software images running on their Manifold product line. These products possess a computing system running SUSE Linux Micro 6.0. The Product provides full drive encryption of its removable USB data drive and accepts an administratively provided passphrase to unlock the drive. After receiving the passphrase (the authorization factor), the Product validates the passphrase, and if correct, utilizes it to decrypt the Data Encryption Key ultimately used to encrypt/decrypt derive the data on the removable drive. The Product also uses its SW FDE to additionally encrypt/protect the system/boot drive within the Manifold; however, this application of the FDE does not comply with the FDE protection profile requirements as the Manifold uses its TPM to unlock at boot—as opposed to using an administratively supplied password at each boot. As a result, this evaluation focuses on the FDE protection of the removable drive.
","evaluation_configuration":"The Target of Evaluation (TOE) is Shift5, Inc. Software Full Drive Encryption (Shift5 SW FDE) version 1.2.3.
","security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Shift5 Shift5 – Full Disk Encryption (FDE) Administrator Guidance Document, August 19, 2025 document, satisfies all of the security functional requirements stated in the Shift5, Inc. Software Full Drive Encryption Security Target, Version 0.3, September 24, 2025. The project underwent CCEVS Validator review. The evaluation was completed in September 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11628-2025) prepared by CCEVS
","environmental_strengths":"The logical boundaries of the Shift5, Inc. Software Full Drive Encryption are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Cryptographic support:
\r\nThe TOE includes cryptographic functionality for key management, user authentication, and block-based encryption including: symmetric key generation, encryption/decryption, cryptographic hashing, keyed-hash message authentication, and password-based key derivation. These functions are supported with suitable random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key destruction. These primitive cryptographic functions are used to encrypt Data-At-Rest (including the generation and protection of keys and key encryption keys) used by the TOE.
\r\nUser data protection:
\r\nThe TOE performs Full Drive Encryption on all partitions on the removable drive (so that no plaintext exists) and does so without user intervention.
\r\nSecurity management:
\r\nThe TOE provides each of required management services to manage the full drive encryption using a locally accessed Web User Interface (WebUI).
\r\nProtection of the TSF:
\r\nThe TOE implements a number of features to protect itself to ensure the reliability and integrity of its security features. It protects key and key material, and includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt. If any of the self-tests fail, the TOE will not go into an operational mode.
","features":[{"id":1902,"feature_name":"Cryptographic Hashing"},{"id":1901,"feature_name":"Cryptographic Signature Verification"},{"id":1899,"feature_name":"DRBG"},{"id":1897,"feature_name":"Full Drive Encryption"},{"id":1898,"feature_name":"Key Destruction"},{"id":1903,"feature_name":"Keyed-hash message authentication"},{"id":1900,"feature_name":"Symmetric Key Generation"}]}