NIAP: U.S. Government Approved Protection Profile - collaborative Protection Profile for Full Drive Encryption - Authorization Acqu...
NIAP/CCEVS

Short Name: cpp_fde_aa_v2.0

Technology Type: Encrypted Storage

CC Version: 3.1

Date: 09 September 2016

Transition End Date: 09 March 2017

Preceded By: cpp_fde_aa_v1.0

Conformance Claim: None

 

PP OVERVIEW

The purpose of the Collaborative Protection Profiles (cPPs) for Full Drive Encryption (FDE): Authorization Acquisition (AA) and Encryption Engine (EE) is to provide requirements for Data-at-Rest protection for a lost device that contains storage. These cPPs allow FDE solutions based in software and/or hardware to meet the requirements. The form factor for a storage device may vary, but could include: system hard drives/solid state drives in servers, workstations, laptops, mobile devices, tablets, and external media. A hardware solution could be a Self-Encrypting Drive or other hardware-based solutions; the interface (USB, SATA, etc.) used to connect the storage device to the host machine is outside the scope of this cPP.          

Full Drive Encryption encrypts all data (with certain exceptions) on the storage device and permits access to the data only after successful authorization to the FDE solution. The exceptions include the necessity to leave a portion of the storage device (the size may vary based on implementation) unencrypted for such things as the Master Boot Record (MBR) or other AA/EE pre-authentication software. These FDE cPPs interpret the term “full drive encryption” to allow FDE solutions to leave a portion of the storage device unencrypted so long as it contains plaintext user or plaintext authorization data.     

The FDE cPP - Authorization Acquisition describes the requirements for the Authorization Acquisition piece and details the security requirements and assurance activities necessary to interact with a user and result in the availability of sending a Border Encryption Value (BEV) to the Encryption Engine.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Related Technical Decisions

  • 0312 – FIT Technical Decision for Key and Key Material Protection
  • 0311 – FIT Technical Decision on CC Conformance Claims
  • 0309 – FIT Technical Decision for Random Bit Generation
  • 0308 – FIT Technical Decision for Cryptographic Operation Signature Verification and Hash Algorithm
  • 0233 – FIT Technical Decision for Contents in Selected Long Message Test – Bit-oriented Mode
  • 0229 – FIT Technical Decision for Validation attemp threshold config.

Please forward any questions or comments to pp-comments@niap-ccevs.org

Site Map              Contact Us              Home