INNOVATION, using the SHARE 2008 Users Group Conference in Orlando as a backdrop, is announcing that FDRERASE/OPEN and FDRERASE for z/OS both earn US Government EAL2+ Certification for secure erasure of open systems and z/OS sensitive data.

FDRERASE/OPEN and FDRERASE for z/OS meet US Government standards for purging and sanitizing large amounts of data on EMC, HDS and IBM disk storage systems. FDRERASE quickly and safely erases data from disks prior to disposal, reallocation or following a disaster recovery test and provides full verification of results and reports to auditors for review.

“FDRERASE, in the combination of FDRERASE/OPEN and FDRERASE for z/OS, is the only US Government and international CCEVS certified data protection solution for the fast, secure and verifiable removal of all accessible data from enterprise disk systems shared by z/OS mainframe and open system servers. Joining FDRERASE for z/OS and FDRERASE/OPEN users now have a way to remove critical privileged financial and personal identity information from enterprise disk storage they might be disposing of, repurposing and especially important a way of scrubbing that information before leaving a DR site that is US Government (CCEVS) certified," said Thomas J. Meehan, INNOVATION Data Processing Vice President Advancing Technology. "Having just received notice on successful completion of our EAL2+ from NIAP CCEVS, the validating authority here in the US, Meehan explains, FDRERASE/OPEN complies with all current US Government guidelines for erasing computer disks and employs Secure Erase techniques that satisfy the (ASD C3I) Memorandum, on Disposition of Unclassified DoD Computer Hard Drives, the definitive US Department of Defense directive on the subject.”

PCIDSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act) and other privileged information and personal identity protection regulations require banks, card payment service providers, computer services providers, educational institutions, financial intuitions, government agencies, hospitals, insurance companies, telecommunication and a host of others to have data disposal plans. Consequently, according to Meehan, FDRERASE is already quite popular with organizations that must comply with these data protection regulations as they have a responsibility to securely erase disks when disposing of them, repurposing systems and, of increasing concern, on leaving a DR site. FDRERASE is always going to be the fastest way to securely erase specific disk volumes. Meehan adding: “Now that FDRERASE/OPEN, which comes complete with History Reports that document erase and verification to satisfy the most stringent requirements, has government certification it is a user’s top choice when it comes to meeting compliance requirements on open systems, just as FDRERASE for z/OS is for mainframe storage”.

FDRERASE/OPEN
A GUI application and its supporting operating system, FDRERASE/OPEN runs on an x86 architecture computer to provide US Government (CCEVS) certified security functions for ERASE and SECURE ERASE of data from SCSI and Fibre direct and SAN attached enterprise disk storage systems. VERIFY, its US Government (CCEVS) certified audit function, enables users to confirm that disks have indeed been overwritten sufficiently that no residual information remains. FDRERASE/OPEN ensures the risk of residual data remaining on an open systems volume, if any, is at a level of protection appropriate to match the risk of someone scavenging for privileged and personal information being able to recover that data. FDRERASE/OPEN provides:

ERASE
Disk erasures are performed by overwriting stored data to make it unrecoverable. ERASE, by default, overwrites each track on a volume once making its data unrecoverable by any program that accesses data from a disk storage system or through a disk control unit.

SECUREERASE
Overwriting each track on a volume a minimum of three times in accordance with DoD specifications, this multiple overwrite process (optionally up to eight overwrites) renders disk data unrecoverable, even by programs applying sophisticated laboratory techniques to hard drives removed from a disk storage system or by direct access to the disk.

VERIFY
The FDRERASE/OPEN EAL2+ certified audit function VERIFY samples tracks on a disk to insure that they have been erased, verifying a percentage of the volume by default or the entire volume as needed.

CCEVS Security Evaluation Summary
The evaluation of FDRERASE/OPEN was carried out by Science Applications International Corporation (SAIC) in accordance US Government requirements and the international Common Criteria Evaluation and Validation Scheme (CCEVS) for an assurance level EAL 2 augmented with ALC_FLR. FDRERASE/OPEN earning the right to display the international Common Criteria Recognition Arrangement (CCRA) certification mark (interlocking CC on globe), results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (CCEVS-VR-VID10232-2008, dated 29 January 2008) located at http://niap-ccevs.org/cc-scheme/st/index.cfm/vid/10232

INNOVATION Data Processing

CCEVS

Science Applications International Corporation (SAIC)