Mercury Systems ASURRE-Stor ADR256 Administrative Guidance Download Page 14 | Manualshive

Page: 14 / 23

background image

Mercury Systems

ASURRE

-Stor

®

SSD

Administrative Guidance

Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision)

Rev. 1.5.1 February 2020 © 2020 Mercury Systems. All rights reserved

Mercury Systems, Inc. • (602) 437-1520 •

14

Direct Configuration

The initial secure configuration of the TOE can be accomplished using standard SATA commands and referencing
reg

ister level descriptions defined in the SSD Programmer’s Guide and the SSD Secure Configuration Programmer’s

Guide.

During  the  secure  configuration  procedure,  specific  configuration  parameters  are  configured  to  CC compliant  values.
The TOE parameters that do not affect CC compliance are allowed but were not evaluated.  Examples of parameters
required for CC compliance are listed below.

a.

“KEK and BLACK DEK” mode must be set to “KEK and BLACK DEK”.

b.

The “Key Source” selection is determined by the CO as requi

red by the fielded application.

c.

“Require the ATA user password…” (enables the KEK with BLACK key and ATA Password mode). Set the “ATA Password Length” to 64

bytes.

d.

Enable the “Secure Erase Trigger” option.

e.

Select a “Default Secure Erase Operation”. All e

rase operations erase the key and are CC compliant.

f.

Enable the “Authentication Penalty” by selecting a value of 1, 5, 10

, or 15.

g.

To prevent the user from changing the firmware after configuration completes, select “Disable” for the “Firmware Updates” opt

ion.

h.

Disable the “Password Recovery” feature.

i.

Verify that the “MSD Settings Log” is set to a value of “Version 3”.

j.

Disable the

“Intermediate Power Save Mode” option.

k.

Define the Configuration Password.

l.

Issue

the “Execute Security Command” and define a Use

r ATA password.

m.

Define and install the BEV(KEK) and BLACK key values.

n.

Cycle TOE power, and then verify the TOE is in a (CSfC) CC compliant mode.

The detailed commands to perform these steps are found (in sequential order, with all implementation details
r

eferenced) in section 2 of the SSD Secure Configuration Programmer’s Guide.

Figure 4: Diagram of operation in Mode 6, ATA Password with KEK and BLACK key

«
...
12
13
14
15
16
...
»

Summary of Contents for ASURRE-Stor ADR256

Page 1: ...20 Mercury Systems All rights reserved Mercury Systems ASURRE Stor SSD Administrative Guidance Mercury Systems ASURRE Stor ASD256 512 and ADR256 512 Solid State Self Encrypting Drives Non Proprietary...

Page 2: ...oduct Identification 8 11 Evaluated Configuration 9 12 Part numbers 10 13 Scope of evaluation 11 14 Operating Environment 11 15 Operating environment assumptions and requirements 12 16 Unattended oper...

Page 3: ...y 17 Table 7 LED Indicator Port 17 Table 8 Password strength in bits 21 List of Figures Figure 1 View of the holographic label located in the center of the main label 9 Figure 2 Images of the ASURRE S...

Page 4: ...ration of the TOE Please note that use of the MDU utility is optional and not part of the evaluation Programmer s Guide or SSD Programmer s Guide ssdProgrammersGuide pdf This document provides detaile...

Page 5: ...Maximum which determine how the TOE behaves when the Master Password issued to unlock the device Refer to the ATA7 specification V1 page 22 MDU MDU Utility Mercury Systems Drive Utility MDU is a Windo...

Page 6: ...r unencrypted shadow MBR sectors or 3rd party Opal software The ASURRE Stor SSD was evaluated against the Common Criteria Collaborative Protection Profile for Full Drive Encryption Encryption Engine v...

Page 7: ...erformed on the TOE The CO configures the TOE using MDU or a similar custom utility program to operate in Mode 6 The CO fills the BEV KEK and enters a password of up to 64 characters The TOE condition...

Page 8: ...ower is removed from the TOE the TOE enters power state D3 cold a fully powered off condition Only power state D0 allows access to plain text data Since SSDs never receive warning of imminent power lo...

Page 9: ...ommand described in SSD Secure Configuration Programmer s Guide section 2 2 to verify that the TOE reports Firmware revision number 1 5 1 Alternatively the MDU utility can be used Refer to MDU section...

Page 10: ...0 Standard product 1 Electrically isolate enclosure 2 Erase pin 1 option Trigger an erase sanitize operation from SATA pin P1 Option Field z 0 Standard product 1 Legacy erase option Same as field y O...

Page 11: ...and is conditioned by PBKDF SP 800 132 to create an intermediate derived key that is used to AES key wrap AES KW 256 SP 800 38F the DEK The wrapped DEK is saved in NVRAM During normal operation On ea...

Page 12: ...fill cables and any needed voltage translation The Administrator and or system designers shall implement application techniques safeguards and or procedures to assure that power is removed from the TO...

Page 13: ...g mode prior to deployment 18 Secure Configuration Prior to configuration the Administrator must determine the appropriate key management mode for operation Selecting the mode impacts how the host sys...

Page 14: ...lication c Require the ATA user password enables the KEK with BLACK key and ATA Password mode Set the ATA Password Length to 64 bytes d Enable the Secure Erase Trigger option e Select a Default Secure...

Page 15: ...nce are listed below a KEK and BLACK DEK mode must be set to KEK and BLACK DEK b The Key Source selection is determined by the CO as required by the fielded application c Require the ATA user password...

Page 16: ...the ATA password and issue the Get Drive Information command and verify that the TOE is in a CC compliant mode 21 Changing the User or Master ATA Password after the TOE is configured The TOE supports...

Page 17: ...t 23 Installing the TOE into a host system ESD The ASURRE Stor SSD utilizes both active and passive techniques to mitigate damage caused by severe electro static discharge Mercury Systems recommends f...

Page 18: ...SSD SATA Connector Warning The power segments of most commercial SATA connectors have every three pins shorted Refer to images in Figure 7 P1 P2 and P3 3 3V shorted P4 P5 and P6 GND shorted P7 P8 and...

Page 19: ...oves the encrypted result to the NAND media The User Role after successful authentication can access previously encrypted data stored in the NAND media Prior to authentication the User Role cannot wri...

Page 20: ...components in the TOE use production grade materials The printed circuit board is conformal coated and all BGA devices are under filled with a hard opaque epoxy to prevent easy probing of individual...

Page 21: ...ion prevents an attacker from attempting to change to a different firmware version in the field The Crypto Officer shall enforce the use of 8 character minimum password lengths for the User ATA Passwo...

Page 22: ...bel for signs of removal at least once per year While not intended as a tamper seal the label can be difficult to remove and can show signs of damage such as tearing discoloration or other damage if i...

Page 23: ...ugust 16 2017 8 23 17 Modified per Evaluation findings Rev 1 5 1 Bob Laz Sabrina Pi a 8 21 2019 Updates for re certification Document Dates footers and cPP versions updated 11 25 2019 Updated Mercury...

Reviews:

No comments

Related manuals for ASURRE-Stor ADR256

SO MOBILE OTB HELLO KITTY

Brand: DANE-ELEC Pages: 16

G-DRIVE mobile USB

Brand: G-Technology Pages: 13

Brand: Hamlet Pages: 10

Brand: Sans Digital Pages: 2

Brand: Macally Pages: 37

HyperDrive COLORSPACE

Brand: SANHO Pages: 31

Brand: Buffalo Pages: 2

Brand: MSW Pages: 46

Brand: LaCie Pages: 37

Rapid Mount 9909-3-02

Brand: Weather Guard Pages: 9

Brand: Fantom Drives Pages: 2

EonStor DS B Series

Brand: Infotrend Pages: 157

Brand: morse Pages: 5

Brand: morse Pages: 6

Brand: NewerTech Pages: 12

Brand: Partners Data Systems Pages: 96

Brand: Drazice Pages: 27

Brand: Clarke Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands