FDRERASE/OPEN a ´Secure Erase Utility for Enterprise Disk´ earns US Government EAL2+ Certification


    INNOVATION, using the SHARE 2008 Users Group Conference in Orlando
    as a backdrop, is announcing that FDRERASE/OPEN and FDRERASE for z/OS
    both earn US Government EAL2+ Certification for secure erasure of open
    systems and z/OS sensitive data. FDRERASE/OPEN and FDRERASE for z/OS
    meet US Government standards for purging and sanitizing large amounts
    of data on EMC, HDS and IBM disk storage systems. FDRERASE quickly and
    safely erases data from disks prior to disposal, reallocation or
    following a disaster recovery test and provides full verification of
    results and reports to auditors for review.

    "FDRERASE, in the combination of FDRERASE/OPEN and FDRERASE for
    z/OS, is the only US Government and international CCEVS certified data
    protection solution for the fast, secure and verifiable removal of all
    accessible data from enterprise disk systems shared by z/OS mainframe
    and open system servers. Joining FDRERASE for z/OS and FDRERASE/OPEN
    users now have a way to remove critical privileged financial and
    personal identity information from enterprise disk storage they might
    be disposing of, repurposing and especially important a way of
    scrubbing that information before leaving a DR site that is US
    Government (CCEVS) certified, said Thomas J. Meehan, INNOVATION Data
    Processing Vice President Advancing Technology. Having just received
    notice on successful completion of our EAL2+ from NIAP CCEVS, the
    validating authority here in the US, Meehan explains, FDRERASE/OPEN
    complies with all current US Government guidelines for erasing
    computer disks and employs Secure Erase techniques that satisfy the
    (ASD C3I) Memorandum, on Disposition of Unclassified DoD Computer Hard
    Drives, the definitive US Department of Defense directive on the
    subject."

    "PCIDSS (Payment Card Industry Data Security Standard), HIPAA
    (Health Insurance Portability and Accountability Act), GLBA
    (Gramm-Leach-Bliley Act) and other privileged information and personal
    identity protection regulations require banks, card payment service
    providers, computer services providers, educational institutions,
    financial intuitions, government agencies, hospitals, insurance
    companies, telecommunication and a host of others to have data
    disposal plans. Consequently, according to Meehan, FDRERASE is already
    quite popular with organizations that must comply with these data
    protection regulations as they have a responsibility to securely erase
    disks when disposing of them, repurposing systems and, of increasing
    concern, on leaving a DR site. FDRERASE is always going to be the
    fastest way to securely erase specific disk volumes." Meehan adding
    "now that FDRERASE/OPEN, which comes complete with History Reports
    that document erase and verification to satisfy the most stringent
    requirements, has government certification it is a user´s top choice
    when it comes to meeting compliance requirements on open systems, just
    as FDRERASE for z/OS is for mainframe storage".

    About FDRERASE/OPEN Security Functions (ERASE, SECUREERASE and
    VERIFY)

    FDRERASE/OPEN

    A GUI application and its supporting operating system,
    FDRERASE/OPEN runs on an x86 architecture computer to provide US
    Government (CCEVS) certified security functions for ERASE and SECURE
    ERASE of data from SCSI and Fibre direct and SAN attached enterprise
    disk storage systems. VERIFY, its US Government (CCEVS) certified
    audit function, enables users to confirm that disks have indeed been
    overwritten sufficiently that no residual information remains.
    FDRERASE/OPEN ensures the risk of residual data remaining on an open
    systems volume, if any, is at a level of protection appropriate to
    match the risk of someone scavenging for privileged and personal
    information being able to recover that data. FDRERASE/OPEN provides:

    ERASE

    Disk erasures are performed by overwriting stored data to make it
    unrecoverable. ERASE, by default, overwrites each track on a volume
    once making its data unrecoverable by any program that accesses data
    from a disk storage system or through a disk control unit.

    SECUREERASE

    Overwriting each track on a volume a minimum of three times in
    accordance with DoD specifications, this multiple overwrite process
    (optionally up to eight overwrites) renders disk data unrecoverable,
    even by programs applying sophisticated laboratory techniques to hard
    drives removed from a disk storage system or by direct access to the
    disk.

    VERIFY

    The FDRERASE/OPEN EAL2+ certified audit function VERIFY samples
    tracks on a disk to insure that they have been erased, verifying a
    percentage of the volume by default or the entire volume as needed.

    CCEVS Security Evaluation Summary

    The evaluation of FDRERASE/OPEN was carried out by Science
    Applications International Corporation (SAIC) in accordance US
    Government requirements and the international Common Criteria
    Evaluation and Validation Scheme (CCEVS) for an assurance level EAL 2
    augmented with ALC_FLR. FDRERASE/OPEN earning the right to display the
    international Common Criteria Recognition Arrangement (CCRA)
    certification mark (interlocking CC on globe), results of the
    evaluation can be found in the Common Criteria Evaluation and
    Validation Scheme Validation Report, (CCEVS-VR-VID10232-2008, dated 29
    January 2008) located at

    http://niap-ccevs.org/cc-scheme/st/index.cfm/vid/10232

    About INNOVATION Data Processing

    A leading independent software vendor, INNOVATION Data Processing
    provides non-disruptive, high performance, business data protection,
    business continuance and privileged information protection solutions
    for enterprise scale mainframe z/OS, Linux on System z, Linux,
    Windows, and UNIX storage that improve business resiliency for
    customers´ worldwide. Further information on INNOVATION Data
    Processing is available at. http://www.innovationdp.fdr.com

    About CCEVS

    The National Information Assurance Partnership Common Criteria
    Evaluation and Validation Scheme (NIAP CCEVS) Validation Body, is an
    activity jointly managed by the US National Institute of Standards and
    Technology (NIST) and the US National Security Agency (NSA) for the
    evaluation of information technology products for conformance to the
    International Common Criteria for Information Technology Security.
    Further information on CCEVS is available at
    http://niap.nist.gov/cc-scheme/index.html

    About Science Applications International Corporation (SAIC)

    SAIC is an NIAP approved Common Criteria Testing Laboratory (CCTL)
    accredited to conduct IT security evaluations for conformance to the
    international Common Criteria. Further information on SAIC is
    available at http://www.saic.com/

    FDRERASE/OPEN and FDRERASE for z/OS are service marks, trademarks
    and/or registered trademarks of Innovation Data Processing
    Corporation. IBM and z/OS are trademarks or registered trademarks of
    International Business Machines Corporation. All other service marks,
    trademarks or registered trademarks are the property of their
    respective owners.