INNOVATION Announces FDRERASE; First IBM z/OS Secure Erase Disk Utility to earn Common Criteria EAL2+ Certification.LITTLE FALLS, N.J. -- INNOVATION, using the SHARE 2005 Users Group Conference in Boston as a backdrop, is announcing that its FDRERASE V5.4 L50 is the first secure erase disk utility for the IBM z/OS environment to earn a place on the Common Criteria Evaluation and Validation Scheme (CCEVS See Common Criteria. ) Validated Products List for Sensitive Data Protection with a conformance claim of EAL2+.
"FDRERASE today, is the only CC qualified solution available for securely erasing z/OS disks (DASD (Direct Access Storage Device) Pronounced "daz-dee." A peripheral device that is directly addressable, such as a disk or drum. The term is used in the mainframe world.
DASD - Direct-Access Storage Device ). We specifically set out designing FDRERASE V5.4 L50 to comply with current US Government guidelines for erasing computer disks and have just received our congratulatory notice on successful completion of a Common Criteria EAL2 Augmented Evaluation from NIAP See Common Criteria. CCEVS, the validating authority here in the US, explains Thomas J. Meehan, INNOVATION Data Processing Vice President of Advance Technology; adding, we also have concurrence that the erasure technique FDRERASE employs for Secure Erase satisfies the requirements specified in the Assistant Secretary of Defense (ASD C3I) Memorandum, of June 4 2001, on Disposition of Unclassified DoD Computer Hard Drives, the definitive Department of Defense directive on the subject."
According to the CCEVS evaluation description FDRERASE is an application that runs under the IBM z/OS operating system on a mainframe computer that provides two CCEVS security validated disk erasure functions: ERASE and SECUREERASE that overwrite (1) A data entry mode that writes over existing characters on screen when new characters are typed in. Contrast with insert mode.
(2) To record new data on top of existing data such as when a disk record or file is updated. DASD to ensure the risk of residual data remaining, if any, is appropriate with the risk of a person scavenging for that data. FDRERASE also provides a CCEVS security validated audit function enabling a user to confirm that the physical tracks of the DASD have indeed been overwritten sufficiently that no residual information remains. This is the VERIFY function.
"FDRERASE, according to Meehan, has become quite popular with banks, card payment service providers, computer services providers, educational institutions, financial intuitions, government agencies, hospitals, insurance companies and telecommunication companies to securely erase data when leaving a DR site or disposing of disk storage systems. Always the fastest way to securely erase data in these circumstances, CCEVS EAL2+ certification now puts FDRERASE V54 L50 squarely in the forefront when it comes to meeting compliance requirements."
"It is very clear now; commercial as well as government organizations have the same requirements to erase data when leaving a DR site and when disposing of disk storage systems, as they have to protect that data from unauthorized access while it's in their possession." Meehan went on, "you expect DoD (Department of Defense) and NSA (National Security Agency) to have strict rules, but there are also industry guide lines and federal codes, as well as national legislation in this and countries around the world requiring sensitive information be cleared from disks prior to disposal or reuse."
HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, (Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when ), requires sensitive information be cleared from equipment and media prior to disposal or reuse. GLBA (Gramm-Leach-Bliley Act) imposes criminal penalties on financial institutions for failing to preserve privacy of current or legacy client financial data. The Payment Card Industry (e.g. MasterCard, Visa, American Express, Diners Card, Discover and JCB) Data Security Standard requires banks, members, merchants and merchants' service providers to have data disposal plans, i.e. purge electronic media so cardholder data cannot be reconstructed.
FDRERASE V5.4 L50 General Availability is September 30, 2005. Further information is available by calling 973-890-7300, e-mailing questions to email@example.com or visiting our web site at http://www.innovationdp.fdr.com/products/fdrerase/index.cfm
About FDRERASE Security Functions (ERASE, SECUREERASE and VERIFY)
Disk erasures are actually performed by overwriting Overwriting
An options strategy that involves the sale of call or put options on stocks that are believed to be overpriced or underpriced. The options are not expected to be exercised.
Also referred to as overriding. the stored data to make the original data unrecoverable. ERASE, by default, overwrites each track on a volume once making all data unrecoverable by any normal program running anywhere that has access through the disk control unit or direct access to the disk.
Overwrites each track on a volume a minimum of three times. This multiple overwrite process (optionally up to eight overwrites) renders the original data unrecoverable, even by sophisticated laboratory techniques applied to hard drives removed from the control unit.
The audit function VERIFY samples tracks on volumes to insure that they have been erased, verifying a percentage of the volume by default or the entire volume if needed.
About INNOVATION Data Processing
The leading independent software vendor in the world today, providing business data protection, non-disruptive business continuance and information life cycle management solutions for IBM eServer z/OS, zLinux, UNIX UNIX
Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). on zServers, OS/390 and S/390 Linux attached enterprise storage, as well as for Windows, UNIX and Linux, SAN, NAS (1) See network access server.
(2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular and LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. distributed storage.
CCEVS FDRERASE V54 L50 Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS). Science Applications International Corporation (SAIC) determined that the evaluation assurance level The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. (EAL) for the product is EAL 2 augmented with ADV_SPM SPM - Sequential Parlog Machine .1 and ALC (Assembly Language Coding) A generic term for IBM mainframe assembly languages.
1. ALC - Assembly Language Compiler.
2. ALC - Airline Line Control. _FLR.2 family of assurance requirements. FDRERASE V54 L50 earning the right to display the international Common Criteria Recognition Arrangement (CCRA) certification mark (interlocking CC on globe), results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-05-0109, dated 5 August 2005) prepared by CCEVS.
About NIAP CCEVS
The National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme (NIAP CCEVS) Validation Body, is an activity jointly managed by the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST) and the National Security Agency (NSA). The CCEVS focus is to establish a national program for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security. Further information on CCEVS is available at http://niap.nist.gov/cc-scheme/index.html
About Science Applications
International Corporation (SAIC)SAIC is an NIAP approved Common Criteria Testing Laboratory A Common Criteria Testing Laboratory (CCTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct IT security evaluations for conformance to the Common Criteria international standard. (CCTL) accredited accredited
recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria.
cattle herds which have achieved a low level of reactors to, e.g. to conduct IT security evaluations for conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC ISO/IEC International Organization for Standardization/International Electrotechnical Commission (ITU-T M 3000) 15408:1999. Further information on SAIC is available at http://www.saic.com/
FDRERASE is a service mark, trademark and/or registered trademarks of Innovation Data Processing Corporation. IBM and z/OS are trademarks or registered trademarks of International Business Machines Corporation. All other service marks, trademarks or registered trademarks are the property of their respective owners.