INNOVATION, using the SHARE 2008 Users Group Conference in Orlando as a backdrop, is announcing that FDRERASE/OPEN and FDRERASE for z/OS both earn US Government EAL2+ Certification for secure erasure of open systems and z/OS sensitive data. FDRERASE/OPEN and FDRERASE for z/OS meet US Government standards for purging and sanitizing large amounts of data on EMC, HDS and IBM disk storage systems. FDRERASE quickly and safely erases data from disks prior to disposal, reallocation or following a disaster recovery test and provides full verification of results and reports to auditors for review.
“FDRERASE, in the combination of FDRERASE/OPEN and FDRERASE for z/OS, is the only US Government and international CCEVS certified data protection solution for the fast, secure and verifiable removal of all accessible data from enterprise disk systems shared by z/OS mainframe and open system servers. Joining FDRERASE for z/OS and FDRERASE/OPEN users now have a way to remove critical privileged financial and personal identity information from enterprise disk storage they might be disposing of, repurposing and especially important a way of scrubbing that information before leaving a DR site that is US Government (CCEVS) certified, said Thomas J. Meehan, INNOVATION Data Processing Vice President Advancing Technology. Having just received notice on successful completion of our EAL2+ from NIAP CCEVS, the validating authority here in the US, Meehan explains, FDRERASE/OPEN complies with all current US Government guidelines for erasing computer disks and employs Secure Erase techniques that satisfy the (ASD C3I) Memorandum, on Disposition of Unclassified DoD Computer Hard Drives, the definitive US Department of Defense directive on the subject.”
“PCIDSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act) and other privileged information and personal identity protection regulations require banks, card payment service providers, computer services providers, educational institutions, financial intuitions, government agencies, hospitals, insurance companies, telecommunication and a host of others to have data disposal plans. Consequently, according to Meehan, FDRERASE is already quite popular with organizations that must comply with these data protection regulations as they have a responsibility to securely erase disks when disposing of them, repurposing systems and, of increasing concern, on leaving a DR site. FDRERASE is always going to be the fastest way to securely erase specific disk volumes.” Meehan adding “now that FDRERASE/OPEN, which comes complete with History Reports that document erase and verification to satisfy the most stringent requirements, has government certification it is a user’s top choice when it comes to meeting compliance requirements on open systems, just as FDRERASE for z/OS is for mainframe storage”.
About FDRERASE/OPEN Security Functions (ERASE, SECUREERASE and VERIFY)
FDRERASE/OPEN
A GUI application and its supporting operating system, FDRERASE/OPEN runs on an x86 architecture computer to provide US Government (CCEVS) certified security functions for ERASE and SECURE ERASE of data from SCSI and Fibre direct and SAN attached enterprise disk storage systems. VERIFY, its US Government (CCEVS) certified audit function, enables users to confirm that disks have indeed been overwritten sufficiently that no residual information remains. FDRERASE/OPEN ensures the risk of residual data remaining on an open systems volume, if any, is at a level of protection appropriate to match the risk of someone scavenging for privileged and personal information being able to recover that data. FDRERASE/OPEN provides:
ERASE
Disk erasures are performed by overwriting stored data to make it unrecoverable. ERASE, by default, overwrites each track on a volume once making its data unrecoverable by any program that accesses data from a disk storage system or through a disk control unit.
SECUREERASE
Overwriting each track on a volume a minimum of three times in accordance with DoD specifications, this multiple overwrite process (optionally up to eight overwrites) renders disk data unrecoverable, even by programs applying sophisticated laboratory techniques to hard drives removed from a disk storage system or by direct access to the disk.
VERIFY
The FDRERASE/OPEN EAL2+ certified audit function VERIFY samples tracks on a disk to insure that they have been erased, verifying a percentage of the volume by default or the entire volume as needed.
CCEVS Security Evaluation Summary
The evaluation of FDRERASE/OPEN was carried out by Science Applications International Corporation (SAIC) in accordance US Government requirements and the international Common Criteria Evaluation and Validation Scheme (CCEVS) for an assurance level EAL 2 augmented with ALC_FLR. FDRERASE/OPEN earning the right to display the international Common Criteria Recognition Arrangement (CCRA) certification mark (interlocking CC on globe), results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (CCEVS-VR-VID10232-2008, dated 29 January 2008) located at
http://niap-ccevs.org/cc-scheme/st/index.cfm/vid/10232
About INNOVATION Data Processing
A leading independent software vendor, INNOVATION Data Processing provides non-disruptive, high performance, business data protection, business continuance and privileged information protection solutions for enterprise scale mainframe z/OS, Linux on System z, Linux, Windows, and UNIX storage that improve business resiliency for customers’ worldwide. Further information on INNOVATION Data Processing is available at. http://www.innovationdp.fdr.com
About CCEVS
The National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme (NIAP CCEVS) Validation Body, is an activity jointly managed by the US National Institute of Standards and Technology (NIST) and the US National Security Agency (NSA) for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security. Further information on CCEVS is available at http://niap.nist.gov/cc-scheme/index.html
About Science Applications International Corporation (SAIC)
SAIC is an NIAP approved Common Criteria Testing Laboratory (CCTL) accredited to conduct IT security evaluations for conformance to the international Common Criteria. Further information on SAIC is available at http://www.saic.com/
FDRERASE/OPEN and FDRERASE for z/OS are service marks, trademarks and/or registered trademarks of Innovation Data Processing Corporation. IBM and z/OS are trademarks or registered trademarks of International Business Machines Corporation. All other service marks, trademarks or registered trademarks are the property of their respective owners.
Contacts:
Thomas J. Meehan, 973-890-7300
tmeehan@fdrinnovation.com
or
Lori
Fabisiak, 973-473-6643
lori@weinrichadv.com
