Mercury Systems
ASURRE
-Stor
®
SSD
Administrative Guidance
Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision)
Rev. 1.5.1 February 2020 © 2020 Mercury Systems. All rights reserved
Mercury Systems, Inc. • (602) 437-1520 •
12
15
Operating environment assumptions and requirements
The guidance for the
ASURRE-S
tor
®
SSD makes the following assumptions:
•
The TOE encrypts all data with AES-256 XTS. There are no configuration options or support for different key sizes.
•
The TOE is not dependent on the operational environment to perform DEK purging or memory clear operations.
All operations that perform clear and purge operations, once triggered, operate indecently of the host SATA
interface.
•
The
ASURRE-S
tor
®
SSD does not support TCG or require a trusted platform module for secure operation.
•
The
ASURRE-S
tor
®
SSD is located in a secure environment during the initial secure configuration.
•
The Administrator or Crypto Officer connects the
ASURRE-S
tor
®
SSD to a host system that includes the electrical
and software interface support necessary to implement an industry standard SATA interface as defined by the
Serial ATA specification, revision 2.6.
•
When configuring the TOE using a custom designed utility, the Administrator shall verify that the custom utility
configures the TOE to the same configuration described by the
SSD Secure Configuration Programmer’s
Guide
configuration procedure.
•
Administrators preferably fill the password, BLACK key, and BEV(KEK) over the standard SATA interface using the
MDU utility. The BLACK key and BEV(KEK) can also fill from a 2-pin serial interface located on pins P14 and P15 of
the SATA connector. This interface is only used when filling with COMSEC controlled DS-101 key fill devices.
When utilizing COMSEC key fill devices, P14 acts as a 3.3 V, RS-232 Rx signal and Pin P15 acts as a 3.3 V, RS-232 Tx
signal. The protocol settings for the key fill device should be set to 2400 baud, 8 data bits, 1 stop bit, and no
parity. Mercury Systems provides technical support to help interface with COMSEC key fill devices and can
provide the technical details needed to create custom key fill cables and any needed voltage translation.
•
The Administrator and/or system designers shall implement application techniques, safeguards, and/or
procedures to assure that power is removed from the TOE, state D3 (cold), when the host system is left
unattended. On removal of power, the TOE purges the DEK key and enters a full-off state in less than 20
milliseconds.
•
The Administrator shall verify that TOE users are trained on how to power-off the host system and TOE.
•
The
ASURRE-S
tor
®
SSD accepts passwords lengths of up to 64, 8-bit bytes. Administrators and Crypto Officers
shall enforce password lengths and complexity to provide suitable security strength.
•
After completing the secure configuration of the TOE, the Administrator or Crypto Officer will verify that the TOE
is operating in a CC compliant configuration. Use the SSD Secure Configuration Programmer's Guide to determine
the SATA commands required to verify this information.
•
The TOE product is compliant to the EE and AA protection profiles. It is assumed that the external interface
providing the password to the AA portion of the TOE, is in close enough proximity to the TOE during operation
that a threat agent has very little opportunity to interpose itself in the channel between the two without the user
noticing and taking appropriate actions.
•
The Administrator understands that Mercury Systems supplies the TOE in an erased state. The TOE contains no
data when delivered by Mercury systems. The Administrator shall not store information on the TOE until after
completing the initial secure configuration procedure.
•
The Administrator shall implement methods and procedures to assure that the host system is free of malware that
could interfere with the correct operation and power-off procedures of the host system connected to the TOE.
•
The Administrator is responsible for completing the initial secure configuration of the TOE and for generating
password, BEV(KEK), and BLACK key values that meet the requirements of the EE and AA protection profiles for
both strength and entropy.
•
The Administrator shall train any users involved in the provisioning of the TOE in the methods and procedures to
properly handle, store, and secure the password, BEV(KEK) and BLACK key values. For example, the password and
BLACK key values should be stored separately from the host system and the TOE.
