Compliant Product - DIGISTOR TCG OPAL SSC FIPS SSD Series, firmware version SCPG13.0/ECPG13.0/ECPM13.1
Certificate Date: 2023.03.14CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11297-2023
Product Type: Encrypted Storage
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201
CC Testing Lab: Lightship Security USA, Inc.
The Target of Evaluation (TOE) is a solid state self-encrypting drive that provides encryption and decryption of stored user data. The TOE provides full drive encryption to protect data at rest on a lost or stolen device. The Encryption Engine (EE) ensures that the data is encrypted using FIPS-validated algorithms. It manages the encryption and decryption of the stored data, policy enforcement, and key management.
The evaluated configuration consists of the following models and versions:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the DIGISTOR TCG OPAL SSC FIPS SSD Series, firmware version SCPG13.0/ECPG13.0/ECPM13.1 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the DIGISTOR TCG OPAL SSC FIPS SSD Series, firmware version SCPG13.0/ECPG13.0/ECPM13.1 Common Criteria Guide, Version 1.3, January 2023, satisfies all the security functional requirements stated in the DIGISTOR TCG OPAL SSC FIPS SSD Series, firmware version SCPG13.0/ECPG13.0/ECPM13.1 Security Target, Version 1.7, March 2023. The project underwent CCEVS Validator review. The evaluation was completed in March 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11297-2023) prepared by CCEVS.
The TOE is comprised of the following security features which are described in more detail in the subsections below.
The TOE ensures key material used for storage encryption is properly generated and protected from disclosure. It also implements cryptographic key and key material destruction during transitioning to a Compliant power saving state, or when all keys and key material are no longer needed.
The TOE performs cryptographic operations as shown in relevant Cryptographic Algorithm Validation Program (CAVP) certificates.
User Data Protection
The TOE enables encryption and decryption of user data on a SED to protect it from unauthorized disclosure.
The TOE enables management of its security functions, including:
i) Changing and erasing the DEK
ii) Updating the TOE firmware
Protection of the TSF
The TOE ensures the authenticity and integrity of firmware updates through digital signatures using RSA 2048 with SHA-256. The TOE supports the D3 compliant power saving state dependent on the OS parameters or user-initiated request.
The TOE ensures its integrity and operation by performing self-tests.
Murray Ellis II