GLBA News

First Enterprise Scale Data Protection Solution for Secure Open System Disk Erase Accepted for Common Criteria EAL2+ Evaluation

(April 16, 2007)--INNOVATION Data Processing, announces FDRERASE/OPEN as the first enterprise scale data protection solution for secure Open System disk erasure to earn a place on the Common Criteria Evaluation and Validation Scheme (CCEVS) Products and Protection Profiles in Evaluation List for Sensitive Data Protection with a conformance claim of EAL2+.

“FDRERASE/OPEN is the only enterprise scale solution in CCEVS evaluation available today for securely erasing any disk that is accessed by its host computer across a SCSI or Fibre channel connection. Disks can be physical hard drives, or logical disk volumes resident in enterprise disk storage systems (including RAID systems) such as those provided by EMC, Hitachi, IBM, SUN and other vendors.

According to the CCEVS iVOR description FDRERASE/OPEN is an interactive GUI application and a supporting operating system that runs on an x86 architecture computer providing two security erasure functions ERASE and SECUREERASE for the secure removal of data from any disk that is attached to its host computer by a SCSI or Fibre channel connection: ERASE and SECUREERASE overwrite disk to ensure the risk of any data remaining on a disk, is reduced to a level commensurate with the risk of a person scavenging for that data. FDRERASE/OPEN also provides a security audit function enabling a user to confirm that the physical sectors of the disk have indeed been overwritten sufficiently so that no residual information remains. This is the VERIFY function. FDRERASE/OPEN also maintains a History Report as a permanent record of all disks that it erases.

“FDRERASE/OPEN,” according to Meehan, ”is the open system solution that banks, card payment service providers, computer services providers, educational institutions, financial institutions, government agencies, hospitals, insurance companies and telecommunication companies have been asking for to complement FDRERASE the INNOVATION z/OS solution they are already using to securely erase mainframe data when leaving a DR site or disposing of disk storage systems. The fastest way to securely erase open system data in these same circumstances, the listing as in CCEVS EAL2+ evaluation puts FDRERASE/OPEN squarely in the forefront to meet user’s compliance requirements.”

“It is very clear now; commercial as well as government organizations have the same requirements to erase open system resident data from disk when leaving a DR site and when disposing of disk storage systems, as they have to protect mainframe data from unauthorized access.” Meehan went on, ”you expect the DoD (Department of Defense) and NSA (National Security Agency) to have rules, but there is also an abundance of strict industry guidelines and federal codes and national legislation in countries around the world requiring sensitive information be cleared from disks prior to disposal or reuse. HIPAA (Health Insurance Portability and Accountability Act), requires sensitive information be cleared from equipment and media prior to disposal or reuse. GLBA (Gramm-Leach-Bliley Act) imposes criminal penalties on financial institutions for failing to preserve privacy of current or legacy client financial data. The Payment Card Industry (e.g. MasterCard, Visa, American Express, Diners Card, Discover and JCB) Data Security Standard requires banks, members, merchants and merchants’ service providers to have a data disposal plan, i.e. to purge electronic media so cardholder data cannot be reconstructed.”

Share or bookmarklet this web page at: