NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives

Certificate Date:  2022.04.07

Validation Report Number:  CCEVS-VR-VID11248-2022

Product Type:    Encrypted Storage

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

Maintenance Releases:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The TOE comprises the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives (SEDs) provided by Seagate Technology, LLC. The TOE model numbers and firmware versions are identified in the table below.

The Seagate SEDs implement FIPS-approved and NIST-recommended cryptographic algorithms.  The CAVP certificates are identified in Section 6.2 of the security target (ST).  The SEDs provide an Instant Secure Erase (ISE) function and full protection of customer data-at-rest with self-encrypting drive locking.   The Seagate Secure Drives are designed in accordance with Trusted Computing Group (TCG) specifications.

The TOE provides the Full Disk Encryption (FDE) Encryption Engine functionality as defined by [CPPFDE_EE]. In particular, the TOE provides data encryption, policy enforcement, and key management functions. The TOE provides for the generation, update, protection, and destruction of the data encryption key (DEK) and other intermediate keys under its control. Seagate terminology refers to the DEK as the Media Encryption Key (MEK).

Product Name

Model #

Standard

Firmware

Exos X18 3.5” SAS HDD

ST18000NM007J

ST16000NM007J

ST14000NM007J

ST12000NM007J

ST10000NM016G

Enterprise SSC

EF02

Exos X18 3.5” SATA HDD

 

ST18000NM025J

 

Opal SSC

ATA Security

MF01

 

Exos X18 3.5” SAS HDD

ST18000NM026J

 

Opal SSC

Security

KF01

Exos 7E10 3.5” SAS HDD

ST10000NM022B

ST10000NM011B

ST8000NM022B

ST8000NM011B

ST6000NM024B

ST6000NM013B

ST4000NM013B

ST4000NM029B

ST4000NM017B

Enterprise SSC

EF01

KF01

NF01

Exos 7E10 3.5” SATA HDD

ST10000NM021B

ST8000NM021B

ST6000NM023B

ST4000NM012B

ST4000NM028B

Enterprise SSC

ATA Security

SF01

TF01

 


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product satisfies all of the security functional requirements stated in the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives Security Target, version 1.0, March 10, 2022, when delivered and configured as identified in the product documentation listed in the aforementioned security target.

The evaluation underwent CCEVS Validator review. The evaluation was completed in April 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Seagate Secure TCG Enterprise SSC and TCG Opal SSC Self-Encrypting Drives enforce the following TOE security functional policies as specified in the ST.

Cryptographic Support

The TOE includes NIST-approved cryptographic algorithms supporting cryptographic functions.  The TOE provides Key Wrapping, Key Derivation, and BEV Validation.

User Data Protection

The TOE performs Full Drive Encryption such that the drive contains no plaintext user data. The TOE performs user data encryption by default in the out-of-the-box configuration using XTS-AES-256 mode.

Security Management

The TOE supports management functions for changing and erasing the DEK, for initiating the TOE firmware updates, and for configuring the number of failed validation attempts required to trigger corrective action.

Protection of the TSF

The TOE provides trusted firmware update and access control functions; protects Key and Key Material; and supports a Compliant power saving state.  The TOE runs a suite of self-tests during initial start-up (on power on), before the function is first invoked.


Vendor Information


Seagate Technology, LLC
Cathy Sand-Soll
(720) 684-2008
(720) 684-2008
catherine.sand-soll@seagate.com

www.seagate.com
Site Map              Contact Us              Home