Australasian Agencies Have Additional Protection Against Unauthorised Data Access

Australasian Agencies Now Have Additional Protection Against Unauthorised Data Access

Government data and asset managers in Australia and New Zealand can now confidently use Blancco Drive Eraser (BDE) to sanitise end-of-life data from loose hard disk drives and solid-state drives, as well as those in PCs, laptops and servers.

In June of 2020, the Australasian Certification Authority (ACA) awarded BDE 6.9.1 Common Criteria (CC) certification via its Australasian Information Security Evaluation Program (AISEP). This assures government users that Blancco Drive Eraser has met evaluation criteria recognised by all members of the Common Criteria Recognition Arrangement (CCRA), including Australia and New Zealand.

This is good news for agencies that adhere to data sanitisation requirements within

  • the Australian Government Information Security Manual (ISM),
  • the Australian Privacy Principles guidelines (APP) 11.2,
  • the New Zealand Information Security Manual (NZISM),
  • the New Zealand Privacy Act (1993) and
  • other mandates regarding data erasure, such as the GDPR’s data minimisation and “right to be forgotten” articles.

The Common Criteria certificate is valid for five years from the award date unless it is renewed.

Common Criteria Certification and the EPL

In the past, the Australian Cyber Security Centre (ACSC) posted CC-certified products on its Evaluated Products List (EPL). Recently, however, the ACSC decided to list AISEP’s Common Criteria-certified products only on the Common Criteria Portal’s Certified Products List (CPL). This decision provides a ‘single point of truth’ for ACSC CC-certified products and affirms government use of CPL products.

NOTE:

Products listed on the Common Criteria Portal’s Certified Products list are considered Evaluated Products for purposes of the ISM. The Common Criteria Mutual Recognition Arrangement means these products are recognised at the EAL2 level, or against the relevant appropriate Protection Profiles of their evaluation. These products do not need to be dual listed on the EPL.

Blancco Driver Eraser and the Common Criteria Evaluation

Why is the Common Criteria certification important to Australasian government organisations?

Common Criteria (CC) is an internationally recognised standard (ISO 15408) for evaluating information and communications technology (ICT) security products. The Common Criteria Recognition Arrangement (CCRA) is an international arrangement that recognises CC-certified products among its 31 member nations after rigorous evaluation by independent, licensed laboratories. These government licensed laboratories adhere to specified criteria and assessment methods to evaluate the security properties of a security product.

To continue reading, download the full PDF above.