Have a different question? Submit inquiries through our Contact page.
The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.
Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs). Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
TAA (Trade Agreements Act: 19 U.S.C. § 2501–2581) fosters fair and open international trade between nations, requiring that products are produced or undergo “substantial transformation” within the United States or designated country. While TAA compliance is often thought of in relation to storage systems, it also applies to individual components, such as hard drives and SSDs.
Four types of designated countries having reciprocal trade agreements with the US:
Non-TAA countries include:
TAA countries are Approved and Recorded in the Federal Register
Seagate’s TAA-compliant solutions for enterprise and notebook hard drives are the only solutions approved and recorded in the Federal Register. This eliminates the requirement for waivers for TAA storage and meets the encryption requirements set by the US Government for both US Government entities and contractors.
Any supplier having a GSA Schedule or other US Government contract, such as DOD and IDIQs, must ensure their products comply with TAA standards. Non-compliance could lead to bid award cancellation, significant fines and potential exclusion from Federal contracting. Additionally, TAA cannot be ignored if order values are below the dollar threshold, which is currently $203,000 for goods and services. GSA states,
Since the estimated dollar value of each Schedule exceeds the established TAA threshold, TAA is applicable to all Schedules. In accordance with TAA, only U.S.-made or designated country end products shall be offered and sold under Schedule contracts. Based on this ruling, that means all products offered under GSA Schedule https://www.gsa.gov/buying-selling/purchasing-programs/gsa-schedules/schedule-buyers
Seagate’s FedRAMP Security Control documentation saves a CSP or Federal Agency significant time and money as they implement their FedRAMP SSP and obtain FedRAMP Authorization for their cloud infrastructure.
Seagate’s FedRAMP documentation contains Seagate specific information for the following FedRAMP controls:
Media Protection Controls