Compliant Product - Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives
Certificate Date: 2022.04.07CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11248-2022
Product Type: Encrypted Storage
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The TOE comprises the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives (SEDs) provided by Seagate Technology, LLC. The TOE model numbers and firmware versions are identified in the table below.
The Seagate SEDs implement FIPS-approved and NIST-recommended cryptographic algorithms. The CAVP certificates are identified in Section 6.2 of the security target (ST). The SEDs provide an Instant Secure Erase (ISE) function and full protection of customer data-at-rest with self-encrypting drive locking. The Seagate Secure Drives are designed in accordance with Trusted Computing Group (TCG) specifications.
The TOE provides the Full Disk Encryption (FDE) Encryption Engine functionality as defined by [CPPFDE_EE]. In particular, the TOE provides data encryption, policy enforcement, and key management functions. The TOE provides for the generation, update, protection, and destruction of the data encryption key (DEK) and other intermediate keys under its control. Seagate terminology refers to the DEK as the Media Encryption Key (MEK).
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product satisfies all of the security functional requirements stated in the Seagate Secure® TCG Opal and Enterprise SSC Self-Encrypting Drives Security Target, version 1.0, March 10, 2022, when delivered and configured as identified in the product documentation listed in the aforementioned security target.
The evaluation underwent CCEVS Validator review. The evaluation was completed in April 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Seagate Secure TCG Enterprise SSC and TCG Opal SSC Self-Encrypting Drives enforce the following TOE security functional policies as specified in the ST.
The TOE includes NIST-approved cryptographic algorithms supporting cryptographic functions. The TOE provides Key Wrapping, Key Derivation, and BEV Validation.
The TOE performs Full Drive Encryption such that the drive contains no plaintext user data. The TOE performs user data encryption by default in the out-of-the-box configuration using XTS-AES-256 mode.
The TOE supports management functions for changing and erasing the DEK, for initiating the TOE firmware updates, and for configuring the number of failed validation attempts required to trigger corrective action.
The TOE provides trusted firmware update and access control functions; protects Key and Key Material; and supports a Compliant power saving state. The TOE runs a suite of self-tests during initial start-up (on power on), before the function is first invoked.
Seagate Technology, LLC