What is Common Criteria (ISO/IEC 15408)?

Common Criteria is an international standard for computer security certification, ensuring that IT products meet specific security claims for government and enterprise use.

Why is Common Criteria important for data erasure software?

It provides independent verification that the software's security functions, such as its erasure algorithms and reporting, perform as specified.

Certification & Compliance

Common Criteria Certified Data Wiping Software

D-Secure Drive Eraser is Common Criteria certified for Evaluation Assurance Level 2 (EAL2), solidifying its status as a trusted and certified data erasure solution.

What is Common Criteria Certification?

Common Criteria Certified software undergoes rigorous testing and verification by a competent Common Criteria Test Laboratory (CCTL). These test laboratories are spread globally across Certificate Authorizing Member countries that are part of the Common Criteria Recognition Arrangement (CCRA).

About CCRA

The Common Criteria Recognition Arrangement (CCRA) is a multiparty international agreement to mutually recognize and accept the evaluation of IT products based on the Common Criteria Certification methodology. There are 18 member countries including Australia, Canada, France, Germany, India, Japan, Netherlands, and more.

Certification Authorities Worldwide

India - IC3S

The Indian CC Certification Scheme (IC3S) operates within the Standardization Testing and Quality Certification Directorate (STQC), part of the Ministry of Electronics & Information Technology under the Government of India.

Netherlands - TrustCB

TrustCB B.V., accredited by the Dutch Accreditation Council, certifies IT security products, processes, and services according to international and industry standards.

D-Secure Drive Eraser Evaluation Process

D-Secure Drive Eraser underwent exhaustive testing for Common Criteria certification with the following evaluation methodology:

Evaluation Framework

• Software evaluated based on Common Criteria Standard Version 3.1 Revision 5
• Testing performed at accredited Common Criteria Test Laboratory (CCTL)
• Compliance with EAL2 (Evaluation Assurance Level 2) requirements

Testing Components for EAL2 Compliance

Developer Testing

Comprehensive test coverage analysis

Independent Testing

Evaluation team verification

Penetration Testing

Security vulnerability assessment

Evaluation Results & Findings

Developer Testing Results

Evaluators analyzed the developer's test coverage and found them complete and satisfactory. The correspondence between tests identified in developer documentation and the functional specification was complete.

Independent Testing Results

The evaluation team simulated the developer's tests and successfully reproduced them at CCTL. They analyzed code snippets to ascertain erasure algorithm implementations meet requirements of standards. The product was found to comply with the Security Target.

Vulnerability & Penetration Testing

No vulnerabilities were found in the public domain. The application has no external interfaces with IP addresses or network-level access, and no vulnerabilities have ever been reported. Testing revealed the software contains no exploitable vulnerability for 'Basic Attack Potential.'

Official Validator Comments

"The results of the evaluation of product and process documentation, testing, and vulnerability assessment confirm that D-Secure Drive Eraser satisfies all the security functional requirements and assurance requirements as defined. Hence, the TOE (Target of Evaluation) is recommended for EAL2 Certification."

Following this comprehensive evaluation, D-Secure Drive Eraser received the prestigious Common Criteria EAL2 Certification, establishing it as a trusted, tested, and certified data erasure solution.

What EAL2 Certification Means for You

For Enterprises

Confidence that your data erasure solution has been independently verified by international authorities. Meets stringent security requirements for government and regulated industries.

For ITAD Providers

Offer your clients proven, certified data destruction services. Differentiate your business with internationally recognized credentials.

For Compliance Officers

Demonstrate due diligence with certified tools. Simplify audit processes with independent third-party validation.

For EaaS Providers

If you're offering Erasure as a Service (EaaS), use certified drive-wiping software that meets the highest international standards.

Trusted. Tested. Certified.

Choose D-Secure Drive Eraser for Common Criteria EAL2 certified data erasure. Proven security, international recognition, and complete compliance assurance.

Request Free Demo View Certifications

Frequently Asked Questions

Comments (0)

Your email address will not be published. Providing an email is optional.

No comments yet. Be the first to comment.

Have Questions About This Topic?

Send us an enquiry regarding: Common Criteria