The Target of Evaluation (TOE) is the Cigent PBA Software v2.0. The TOE is software that provides pre-boot authentication (PBA) suitable for authenticating users and passing a Border Encryption Value (BEV) to a Self-Encrypting Drive (SED), which encrypts data written to and decrypts data read from the SED.
\r\nThe TOE’s Pre-Boot user Authentication (PBA) for Opal 2.0 compliant SEDs supporting MBR Shadowing. It has been evaluated with the Cigent M.2 2230 SED in order to exercise all functionality.
\r\nThe TOE’s PBA software is installed on a 128MB read-only Shadow partition on the storage device. After installation, the PBA allows the user to authenticate, which unlocks the SED and boots to the protected OS environment.
\r\nThe Cigent M.2 2230 SED provides encrypted storage to protect data until the SED has successfully received the Border Encryption Validation (BEV) from an Authorization Acquisition component (like Cigent’s PBA).
\r\nThe Cigent PBA Software acts as an Authorization Acquisition component that supplies the Border Encryption Validation (BEV) to an Encryption Engine component (like Cigent’s M.2 2230). The PBA software can interoperate with any FDE EE certified SSD supporting Opal 2.0 and MBR shadowing.
","evaluation_configuration":"The Target of Evaluation (TOE) is the Cigent PBA Software v2.0.
","security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Cigent Cigent Single and Multidrive PBA Installation Guide and User Manual June 2025, PBA Version 2.0.0 document, satisfies all of the security functional requirements stated in the Cigent PBA Software v2.0 Security Target, Version 1.4, August 27, 2025. The project underwent CCEVS Validator review. The evaluation was completed in August 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11638-2025) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of the PBA Software are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\nCryptographic support:
\r\nThe TOE includes cryptographic functionality for key management, user authentication, and block-based encryption including: symmetric key generation, encryption/decryption, cryptographic hashing, keyed-hash message authentication, and password-based key derivation. These functions are supported with suitable random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key destruction. These primitive cryptographic functions are used to protect key chain keys related to validating and transforming user supplied authorization factors.
\r\nSecurity management:
\r\nThe TOE provides each of required management services to manage the full drive encryption using a graphical user interface.
\r\nProtection of the TSF:
\r\nThe TOE implements a number of features to protect itself to ensure the reliability and integrity of its security features. It protects key and key material, and includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt. If any of the self-tests fails, the TOE will not go into an operational mode
","features":[{"id":319,"feature_name":"Cryptographic Hashing"},{"id":317,"feature_name":"Cryptographic Signature Verification"},{"id":314,"feature_name":"DRBG"},{"id":311,"feature_name":"Full Drive Encryption"},{"id":323,"feature_name":"Key Destruction"},{"id":320,"feature_name":"Keyed-hash message authentication"},{"id":316,"feature_name":"Symmetric Key Generation"}]}