PREMIER MINISTRE
Secrétariat général de la défense et de la sécurité nationale
Agence nationale de la sécurité des systèmes d’information
Certification Report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Paris, 27th
January 2012
Courtesy Translation
Certification report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Page 2 out 13 ANSSI-CC-CER-F-07EN.007
Warning
This report is designed to provide sponsors with a document enabling them to assess the
security level of a product under the conditions of use and operation defined in this report for
the evaluated version. It is also designed to provide the potential purchaser of the product with
the conditions under which he may operate or use the product so as to meet the conditions of
use for which the product has been evaluated and certified; that is why this certification report
must be read alongside the evaluated user and administration guidance, as well as with the
product security target, which presents threats, environmental assumptions and the supposed
conditions of use so that the user can judge for himself whether the product meets his needs in
terms of security objectives.
Certification does not, however, constitute a recommendation product from ANSSI (French
Network and Information Security Agency), and does not guarantee that the certified product
is totally free of all exploitable vulnerabilities.
Any correspondence about this report has to be addressed to:
Secrétariat général de la défense et de la sécurité nationale
Agence nationale de la sécurité des systèmes d'information
Centre de certification
51, boulevard de la Tour Maubourg
75700 PARIS cedex 07 SP
France
certification.anssi@ssi.gouv.fr
Reproduction of this document without any change or cut is authorised.
Blancco Erasure Software for x86 architecture,
version 5.1.0 Certification report ANSSI-CC-2012/04
ANSSI-CC-CER-F-07EN.007 Page 3 out 13
Certification report reference
ANSSI-CC-2012/04
Product name
Blancco Erasure Software for x86 architecture
Product reference
Version 5.1.0, Build 1.1.0.b20101214
Protection profile conformity
None
Evaluation criteria and version
Common Criteria version 3.1 revision 3
Evaluation level
EAL 3 augmented
ALC_FLR.3
Developer
Blancco Oy Ltd.
Länsikatu 15, 80110 FIN-Joensuu, Finland
Sponsor
Blancco Oy Ltd.
Länsikatu 15, 80110 FIN-Joensuu, Finland
Evaluation facility
Amossys
4 bis allée du bâtiment, 35000 Rennes, France
Tél : +33 (0)2 99 23 15 79, mél : frederic.remi@amossys.fr
Recognition arrangements
CCRA SOG-IS
Certification report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Page 4 out 13 ANSSI-CC-CER-F-07EN.007
Introduction
The Certification
Security certification for information technology products and systems is governed by decree
number 2002-535 dated April, 18th 2002, modified. This decree stipulates that:
• The French Network and Information Security Agency draws up certification
reports. These reports indicate the features of the proposed security targets. They may
include any warnings that the authors feel the need to mention for security reasons.
They may or may not be transmitted to third parties or made public, as the sponsors
desire (article 7).
• The certificates issued by the Prime Minister certify that the copies of the products or
systems submitted for evaluation fulfil the specified security features. They also
certify that the evaluations have been carried out in compliance with applicable rules
and standards, with the required degrees of skill and impartiality (article 8).
The procedures are available on the Internet site www.ssi.gouv.fr.
Blancco Erasure Software for x86 architecture,
version 5.1.0 Certification report ANSSI-CC-2012/04
ANSSI-CC-CER-F-07EN.007 Page 5 out 13
Contents
1. THE PRODUCT........................................................................................................................... 6
1.1. PRESENTATION OF THE PRODUCT........................................................................................... 6
1.2. EVALUATED PRODUCT DESCRIPTION ..................................................................................... 6
1.2.1. Product identification.................................................................................................... 6
1.2.2. Security services............................................................................................................ 6
1.2.3. Architecture................................................................................................................... 6
1.2.4. Life cycle ....................................................................................................................... 7
1.2.5. Evaluated configuration................................................................................................ 7
2. THE EVALUATION.................................................................................................................... 8
2.1. EVALUATION REFERENTIAL ................................................................................................... 8
2.2. EVALUATION WORK ............................................................................................................... 8
2.3. CRYPTOGRAPHIC MECHANISMS ROBUSTNESS ANALYSIS....................................................... 8
2.4. RANDOM NUMBER GENERATOR ANALYSIS ............................................................................ 8
3. CERTIFICATION........................................................................................................................ 9
3.1. CONCLUSION.......................................................................................................................... 9
3.2. RESTRICTIONS........................................................................................................................ 9
3.3. RECOGNITION OF THE CERTIFICATE..................................................................................... 10
3.3.1. European recognition (SOG-IS).................................................................................. 10
3.3.2. International common criteria recognition (CCRA)................................................... 10
ANNEX 1. EVALUATION LEVEL OF THE PRODUCT.......................................................... 11
ANNEX 2. EVALUATED PRODUCT REFERENCES .............................................................. 12
ANNEX 3. CERTIFICATION REFERENCES ........................................................................... 13
Certification report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Page 6 out 13 ANSSI-CC-CER-F-07EN.007
1. The product
1.1. Presentation of the product
The evaluated product is « Blancco Erasure Software for x86 architecture, Version 5.1.0 »
developed by Blancco Oy Ltd.
The main function of the Blancco Erasure Software (BES) is to perform hardware detection
on a host computer, to display a list of available storage devices to the user, and to erase the
selected target devices according to a chosen erasure standard. The software also prepares an
erasure report after the erasure has finished. This report contains the detailed information
about the erasure process, including timing information and a list of problems encountered
during the erasure.
BES is notably designed for end of life management of computer assets.
1.2. Evaluated product description
The security target [ST] defines the evaluated product, its evaluated security functionalities
and its operational environment.
1.2.1. Product identification
The configuration list [CONF] identifies the product’s constituent elements.
The certified version of the product correspond to the software designed for x86 architecture.
The version number of BES can be found in the main window of the product, associated to
the build number “1.1.0.b20101214”.
1.2.2. Security services
The main security service provided by this product is data erasure.
1.2.3. Architecture
The product consists of the following elements:
- Services module;
- Configuration module;
- Detection module;
- Drivers module;
- Erasure module (the TOE itself, in red in the figure below).
Blancco Erasure Software for x86 architecture,
version 5.1.0 Certification report ANSSI-CC-2012/04
ANSSI-CC-CER-F-07EN.007 Page 7 out 13
1.2.4. Life cycle
The product has been developed on the following site:
Blancco Oy Ltd.
Länsikatu 15
80110 FIN-Joensuu
Finlande
1.2.5. Evaluated configuration
The certificate applies to its standalone configurations (on a live CD), without net work
connection.
Certification report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Page 8 out 13 ANSSI-CC-CER-F-07EN.007
2. The evaluation
2.1. Evaluation referential
The evaluation has been performed in compliance with Common Criteria version 3.1
revision 3 [CC] and with the Common Evaluation Methodology [CEM].
2.2. Evaluation work
The evaluation technical report [ETR], delivered to ANSSI the 19th
January 2012, provides
details on the work performed by the evaluation facility and assesses that all evaluation tasks
are “pass”.
2.3. Cryptographic mechanisms robustness analysis
The robustness of cryptographic mechanisms has not been analysed.
2.4. Random number generator analysis
The robustness of the random generator has not been analysed.
Blancco Erasure Software for x86 architecture,
version 5.1.0 Certification report ANSSI-CC-2012/04
ANSSI-CC-CER-F-07EN.007 Page 9 out 13
3. Certification
3.1. Conclusion
The evaluation was carried out according to the current rules and standards, with the required
competency and impartiality of a licensed evaluation facility. All the work performed permits
the release of a certificate in conformance with the decree 2002-535.
This certificate testifies that the product “Blancco Erasure Software for x86 architecture,
Version 5.1.0” submitted for evaluation fulfils the security features specified in its security
target [ST] for the evaluation level EAL 3 augmented.
3.2. Restrictions
This certificate only applies on the product specified in chapter 1.2 of this certification report.
The user of the certified product shall respect the security objectives for the operational
environment, as specified in the security target [ST], and shall respect the recommendations in
the guidance [GUIDES], in particular:
- Personnel using the TOE must have been trained, competent and follow all applicable
guidance documentation (OE.Competent_personnel);
- Personnel using the TOE must ensure that the hardware to be erased is set in such
way, that the storage devices of the system can be detected in the correct way
(OE.Operational_procedures);
- Personnel using the TOE must ensure that the BIOS clock in the system to be erased
has correct values (OE.Reliable_clock).
Certification report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Page 10 out 13 ANSSI-CC-CER-F-07EN.007
3.3. Recognition of the certificate
3.3.1. European recognition (SOG-IS)
This certificate is released in accordance with the provisions of the SOG-IS agreement [SOG-
IS].
The European Recognition Agreement made by SOG-IS in 2010 allows recognition from
Signatory States of the agreement1
, of ITSEC and Common Criteria certificates. The
European recognition is applicable up to ITSEC E3 Basic and CC EAL4 levels. The
certificates that are recognized in the agreement scope are released with the following
marking:
3.3.2. International common criteria recognition (CCRA)
This certificate is released in accordance with the provisions of the CCRA [CC RA].
The Common Criteria Recognition Arrangement allows the recognition, by signatory
countries2
, of the Common Criteria certificates. The mutual recognition is applicable up to the
assurance components of CC EAL4 level and also to ALC_FLR family. The certificates that
are recognized in the agreement scope are released with the following marking:
1 The signatory countries of the SOG-IS agreement are: Austria, Finland, France, Germany, Italy, The
Netherlands, Norway, Spain, Sweden and United Kingdom.
2 The signatory countries of the CCRA arrangement are: Australia, Austria, Canada, Czech Republic, Denmark,
Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Republic of Korea, Malaysia,
Netherlands, New-Zealand, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, the United Kingdom and the
United States of America.
Blancco Erasure Software for x86 architecture,
version 5.1.0 Certification report ANSSI-CC-2012/04
ANSSI-CC-CER-F-07EN.007 Page 11 out 13
Annex 1. Evaluation level of the product
Components by assurance level Assurance level of the product
Class Family
EAL
1
EAL
2
EAL
3
EAL
4
EAL
5
EAL
6
EAL
7
EAL
3+
Name of the component
ADV_ARC 1 1 1 1 1 1 1
Security architecture
description
ADV_FSP 1 2 3 4 5 5 6 3
Functional specification with
complete summary
ADV_IMP 1 1 2 2
ADV_INT 2 3 3
ADV_SPM 1 1
ADV
Development
ADV_TDS 1 2 3 4 5 6 2 Architectural design
AGD_OPE 1 1 1 1 1 1 1 1 Operational user guidance
AGD
Guidance AGD_PRE 1 1 1 1 1 1 1 1 Preparative procedures
ALC_CMC 1 2 3 4 4 5 5 3 Authorisation controls
ALC_CMS 1 2 3 4 5 5 5 3
Implementation
representation CM coverage
ALC_DEL 1 1 1 1 1 1 1 Delivery procedures
ALC_DVS 1 1 1 2 2 1
Identification of security
measures
ALC_FLR 3 Systematic flaw remediation
ALC_LCD 1 1 1 1 2 1
Developer defined life-cycle
model
ALC
Life-cycle
support
ALC_TAT 1 2 3 3
ASE_CCL 1 1 1 1 1 1 1 1 Conformance claims
ASE_ECD 1 1 1 1 1 1 1 1
Extended components
definition
ASE_INT 1 1 1 1 1 1 1 1 ST introduction
ASE_OBJ 1 2 2 2 2 2 2 2 Security objectives
ASE_REQ 1 2 2 2 2 2 2 2
Derived security
requirements
ASE_SPD 1 1 1 1 1 1 1 Security problem definition
ASE
Security
Target
Evaluation
ASE_TSS 1 1 1 1 1 1 1 1 TOE summary specification
ATE_COV 1 2 2 2 3 3 2 Analysis of coverage
ATE_DPT 1 1 3 3 4 1 Testing: basic design
ATE_FUN 1 1 1 1 2 2 1 Functional testing
ATE
Tests
ATE_IND 1 2 2 2 2 2 3 2 Independent testing: sample
AVA
Vulnerability
assessment
AVA_VAN 1 2 2 3 4 5 5 2 Vulnerability analysis
Certification report ANSSI-CC-2012/04
Blancco Erasure Software for x86 architecture,
version 5.1.0
Page 12 out 13 ANSSI-CC-CER-F-07EN.007
Annex 2. Evaluated product references
[ST] Reference security target for the evaluation:
- « BLANCCO ERASURE SOFTWARE SECURITY
TARGET », reference ID 96, version 5.0.
[RTE] Evaluation technical report :
- « ALBUS - BLANCCO OY LTD - EVALUATION
TECHNICAL REPORT », reference BLA002-RTE01, version
1.90.
[CONF] Software configuration list:
- « Configuration list of Albus v5.1.0 », reference ID 70, version
2.0;
Documentation configuration list:
- « Documentation configuration list of Albus v5.1.0 », reference
ID 50, version 5.0.
[GUIDES] Product’s guidance
- « BLANCCO ERASURE SOFTWARE - User manual for x86
Erasure Software version 5.1.0 », reference ID 55, version 4.0.
Blancco Erasure Software for x86 architecture,
version 5.1.0 Certification report ANSSI-CC-2012/04
ANSSI-CC-CER-F-07EN.007 Page 13 out 13
Annex 3. Certification references
Decree number 2002-535, 18th April 2002, modified related to the security evaluations
and certifications for information technology products and systems.
[CER/P/01] Procedure CER/P/01 - Certification of the security provided by IT
products and systems, DCSSI.
[CC] Common Criteria for Information Technology Security Evaluation :
Part 1: Introduction and general model,
July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-001;
Part 2: Security functional components,
July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-002;
Part 3: Security assurance components,
July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-003.
[CEM] Common Methodology for Information Technology Security Evaluation :
Evaluation Methodology,
July 2009, version 3.1, revision 3 Final, ref CCMB-2009-07-004.
[CC RA] Arrangement on the Recognition of Common criteria certificates in the
field of information Technology Security, May 2000.
[SOG-IS] « Mutual Recognition Agreement of Information Technology Security
Evaluation Certificates », version 3.0, 8th
January 2010, Management
Committee.