Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Toshiba’s Self-Encrypting Hard Drives Get FIPS 140-2 Stamp

Toshiba announced on Tuesday that its MQ01ABUxxxBW series hard disk drives (HDD) has achieved validation to U.S. Federal Information Processing Standard 140-2 (FIPS 140-2).

Toshiba announced on Tuesday that its MQ01ABUxxxBW series hard disk drives (HDD) has achieved validation to U.S. Federal Information Processing Standard 140-2 (FIPS 140-2).

Under certain regulations, U.S. federal agencies must use FIPS-140 certified systems in order to meet security requirements to protect sensitive information in computer, telecommunication systems and other IT-related products.

This is the first Toshiba self-encrypting drive (SED) validated to the FIPS 140-2 standard, the company said.

Self-Encrypting Hard DriveDesigned to the Trusted Computing Group’s (TCG) industry-standard “Opal” Security Sub-Classification, Toshiba’s SED models implement protocols created to help IT and security professionals better manage data security and reduce the risk of costly data breaches.

Related: What Happens to Stolen Data After a Breach?

Toshiba’s drives underwent cryptographic module validation testing by a U.S. National Institute of Standards and Technology (NIST)-certified testing laboratory in order to be validated by the U.S. Federal Information Processing standard.

The FIPS-validated model also provides tamper-evident labeling for additional security, with a resulting validation to Level 2 of the FIPS 140-2 standard, Toshiba said.

As a result of the validation, the Toshiba HDD series is now available for deployment in highly regulated and security-sensitive storage applications, such as government systems.

Unlike software-based encryption products, SEDs perform encryption securely within the drive’s hardware at full interface speeds, helping to improve system performance and reduce integration concerns versus software encryption, which performs encryption as a background task.

Advertisement. Scroll to continue reading.

Additionally, use of self-encrypting drives can eliminate the need for “re-encryption” during initial client configuration, and the drive’s embedded encryption cannot be disabled, thus decreasing the risk that security practices required by policy for legal compliance might be put at risk by end-user actions.

“Some makers of printers, copiers and other OEM commercial systems apply the added security enabled by Toshiba’s unique wipe technology,” the company said. “Wipe technology helps make it so that self-encrypting drives in such systems can be easily and securely cryptographically erased to protect against data breaches when systems are retired from service, re-deployed or returned to a 3rd party service provider.”

FIPS 140-2 validation is also required by national agencies in Canada and is recognized in Europe and Australia.

Toshiba’s MQ01ABUxxxBW series is available now.

Details on this model’s FIPS 140-2 validation can be seen on the US NIST CMVP website

A full list of validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules from NIST can be seen online

RelatedPreparing for the Inevitable Data Breach

RelatedAll Data Is Not Valued Equally

RelatedWhat Happens to Stolen Data After a Breach?

RelatedUnderstanding IT Risk from the Business Perspective

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...