Toshiba Self-Encrypting 7mm HDD Achieved FIPS 140-2 Standard

Toshiba Corporation announced that the MQ01ABUxxxBW series, a 7mm HDD with self-encrypting technology, including the company’s wipe technology, erasing data when an HDD is accessed by an unregistered system, has achieved validation to U.S. Federal Information Processing Standard 140-2 (FIPS 140-2).

This is the first Toshiba self-encrypting drive (SED) validated to the FIPS 140-2 standard. The company’s SED models are designed to the Trusted Computing Group’s ‘Opal’ security sub-classification. This standard, implements protocols created to help IT managers, security management application providers and client security professionals to manage data security and to help prevent damaging and costly breaches to information. The FIPS-validated model also provides tamper-evident labeling for additional security, with a resulting validation to Level 2 of the FIPS 140-2 standard.

The disk underwent cryptographic module validation testing by a U.S. National Institute of Standards and Technology (NIST)-certified testing laboratory in order to be validated by the U.S. Federal Information Processing standard. As a result of this validation, it is available for use in regulated and security-sensitive storage applications, such as government systems. The combination of support for ATA (Advanced Technology Attachment) enhanced secure cryptographic erase function, the TCG-Opal SSC (Security Subsystem Class) protocols, the company wipe technology extensions of the Opal protocols, and the FIPS 140-2 module level validation makes it suitable for encrypting confidential data stored on mobile and desktop computers protected by security management applications.

Unlike software-based encryption products, SEDs perform encryption within the drive’s hardware at interface speeds. This helps to improve system performance, and reduce support burden and integration concerns versus software encryption which performs encryption as a background software task that can impact user productivity. In addition, SED use can eliminate the need for a ‘re-encryption’ cycle during initial client configuration and the drive’s embedded SED encryption cannot be disabled, thus decreasing the risk that security practices required by policy for legal compliance might be put at risk by end-user actions.

Some makers of printers, copiers and other OEM commercial systems apply the added security enabled by the wipe technology. It helps make it so that self-encrypting drives in such systems can be cryptographically erased to protect against data breaches when systems are retired from service, re-deployed or returned to a third party service provider.

Toshiba’s MQ01ABUxxxBW series is currently shipping.

FIPS 140-2 validation, certificate number 2082