FAQ
Seagate Government Solutions keeps you informed and involved.
Have a different question? Submit inquiries through our Contact page.
The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.
Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs). Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
The National Information Assurance Partnership (NIAP) is a United States government initiative to meet the security testing needs of both information technology consumers and producers that is operated by the National Security Agency (NSA), and was originally a joint effort between NSA and the National Institute of Standards and Technology (NIST).
Common Criteria certification is the only standard that evaluates the NIST Special Pub 800-88 (Strong Media Sanitization e.g. Cryptoerase) and NIST Special Pub 800-57(Security Requirements). Combined with FIPS-140v2L2 certification this ensures that data is both encrypted and when encryption keys are erased validations that erasure.
TAA (Trade Agreements Act: 19 U.S.C. § 2501–2581) fosters fair and open international trade between nations, requiring that products are produced or undergo “substantial transformation” within the United States or designated country. While TAA compliance is often thought of in relation to storage systems, it also applies to individual components, such as hard drives and SSDs.
Four types of designated countries having reciprocal trade agreements with the US:
Non-TAA countries include:
TAA countries are Approved and Recorded in the Federal Register
Seagate’s TAA-compliant solutions for enterprise and notebook hard drives are the only solutions approved and recorded in the Federal Register. This eliminates the requirement for waivers for TAA storage and meets the encryption requirements set by the US Government for both US Government entities and contractors.
Any supplier having a GSA Schedule or other US Government contract, such as DOD and IDIQs, must ensure their products comply with TAA standards. Non-compliance could lead to bid award cancellation, significant fines and potential exclusion from Federal contracting. Additionally, TAA cannot be ignored if order values are below the dollar threshold, which is currently $203,000 for goods and services. GSA states,
Since the estimated dollar value of each Schedule exceeds the established TAA threshold, TAA is applicable to all Schedules. In accordance with TAA, only U.S.-made or designated country end products shall be offered and sold under Schedule contracts. Based on this ruling, that means all products offered under GSA Schedule https://www.gsa.gov/buying-selling/purchasing-programs/gsa-schedules/schedule-buyers
Yes, Seagate has enclosures from 2U12 to the highest density enclosure on the market 4U106. A complete list of Seagate’s enclosures can be found here. https://www.seagate.com/enterprise-storage/systems/exos/?utm_source=eol&utm_medium=redirect&utm_campaign=modular-enclosures
Ponemon Institute, 2008 Annual Study: U.S. Cost of a Data Breach, February, 2009, www.ponemon.org, as quoted in Data-breach costs rising, study finds, Ellen Messmer, Network World, 02/02/09.
Intel Study: Stolen Laptops Cost to Business; eWeek, April 23, 2009; Ponemon Institute Study, April 2009.
