Compliant Product - NetApp Volume Encryption (NVE) Appliances running ONTAP 9.7P13
Certificate Date:
2021.09.08
CC Certificate Validation Report Number: CCEVS-VR-VID11175-2021 Product Type: Encrypted Storage Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201 collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 CC Testing Lab: Leidos Common Criteria Testing Laboratory Maintenance Releases: ![]() ![]() ![]() Assurance Activity ![]() Administrative Guide ![]() Administrative Guide ![]() Administrative Guide ![]() Administrative Guide ![]() Administrative Guide ![]()
*
This is the Security Target (ST) associated with the latest Maintenance Release.
To view previous STs for this TOE, click here.
Product Description
The Target of Evaluation (TOE) is NetApp Volume Encryption (NVE) Appliances running ONTAP 9.7P13. The TOE provides both authorization acquisition and encryption engine components in support of full drive encryption. The authorization acquisition component derives a Border Encryption Value (BEV) from an administrator-supplied authorization factor (namely, a passphrase) and provides it to the encryption engine, which uses it to unlock the Drive Encryption Key (DEK) used to encrypt data on disk storage devices.
Evaluated Configuration
The TOE comprises a range of disk storage appliances, consisting of storage controllers and one or more enclosures of disk storage devices, running ONTAP 9.7P13. Supported disk storage devices include hard disk drive (HDD), solid state drive (SSD) and non-volatile memory express (NVMe) flash drives. The NetApp appliances included in the evaluated configuration are as follows:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the NetApp Volume Encryption (NVE) Appliances running ONTAP 9.7P13 Security Target. The evaluation was completed in August 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
Cryptographic Support The TOE includes NIST CAVP-validated cryptographic algorithms supporting cryptographic functions. The TOE provides key wrapping, key derivation, validation of the Border Encryption Value (BEV), and data encryption. User Data Protection The TOE performs full drive encryption, such that the drive contains no plaintext user data. The TOE performs user data encryption by default in the out-of-the-box configuration using 256 bit AES in XTS mode. Security Management The TOE supports management functions for changing and erasing the DEK and initiating TOE firmware updates, using a command line interface. Protection of the TSF The TOE provides trusted firmware updates, protects keys and key material, and supports Compliant power saving states. The TOE runs a suite of self-tests during initial start-up (on power on). Vendor InformationNetApp, Inc. Tim Chevalier 4088226000 Tim.Chevalier@netapp.com www.netapp.com |