Vulnerabilities / Threats
12/16/2008
04:27 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

PGP Whole Disk Encryption Approved For Use Within U.K. Goverment

Baseline approval provides assurance against data loss from laptops and desktops

London and Menlo Park, CA/16 December 2008 - PGP Corporation, a global leader in enterprise data protection, today announced that PGP(r) Whole Disk Encryption has been formally approved by the National Technical Authority for Information Assurance (CESG) as suitable for use by Her Majesty's Government (HMG) in the UK, as well as other appropriate organizations. The approval underlines PGP Corporation's ongoing commitment to provide high-grade encryption software that offers protection against the loss of corporate data and personal information, thus enabling organizations to conduct business in a secure fashion without disrupting user productivity.

With high-profile data loss incidents plaguing organisations worldwide, the safeguarding of corporate data and personal information has never been more important. In the UK alone, the Government's handling of sensitive information has led to increased demand for technologies such as encryption to be implemented more widely within the public sector. In a recent speech at the RSA Europe conference, the Information Commissioner, Richard Thomas, highlighted over 176 examples of serious data breaches within the UK public sector[1][1].

PGP Corporation has been working closely with the CESG to gain approval for the use of PGP(r) software within UK Government organisations. The CESG manages and formalises the usage of cryptographic products within HMG and the UK public sector with its CESG Assisted Products Service (CAPS) - an approval scheme that is specific to the UK Government market. For any product to achieve CAPS approval and be advertised as suitable for purchase by HMG, it must be verified by the CESG to meet exacting security standards.

Now CAPS approved, PGP Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops and laptops. The encrypted data is transparently safeguarded from unauthorised access, providing strong security for intellectual property, personal information, customer and partner data, and corporate brand equity. Existing PGP(r) customers can benefit from the same high-grade encryption software that has been approved by the CESG for its CAPS Baseline certification, through the insertion of CESG supplied key material. This differentiates the PGP(r) solution from other offerings, which require the purchase of a separate product.

"Breaches have a significant and detrimental impact on public confidence, hence protecting corporate data and personal information has never been more important," said Phillip Dunkelberger, President and CEO, PGP Corporation. "CAPS approval gives assurance to government and public sector users that the PGP(r) products have been tested to the highest possible standard."

Government approvals and validations - such as CAPS and FIPS 140-2 - provide global companies with a high level of assurance that the PGP products adhere to rigorous encryption and compliance standards with international security organizations. PGP Universal(tm) Server and PGP Universal(tm) Gateway Email recently completed the thorough Common Criteria Evaluation Assurance Level 2 (EAL2) certification; as well PGP(r) Whole Disk Encryption which is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. There are currently 25 countries involved in the Common Criteria Mutual Recognition Arrangement (CCRA), including the United States and Canadian governments, and the EU.

Availability

CAPS approved PGP(r) Whole Disk Encryption is generally available today, for more information please contact a PGP(r) reseller.

About CESG

The National Technical Authority for Information Assurance (CESG) is the Information Assurance (IA) arm of the UK's Government Communications Headquarters (GCHQ), based in Cheltenham, Gloucestershire; its purpose is to provide advice and assistance to UK HMG, the wider public sector and UK Armed Forces regarding the security of communications and electronic data.

About CAPS

CESG Assisted Products Service (CAPS) is the way in which the CESG ensures the availability of products that address all HMG cryptographic requirements for use within HMG and other appropriate organisations. CAPS was introduced by CESG to meet the increasing demand within HMG for encryption and formalise the services that CESG has provided for a number of years. For a product to receive CAPS approval, it must be cryptographically verified by CESG to meet exacting security standards.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP(r) Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP(r) platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-7839
Published: 2014-11-25
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

CVE-2014-8001
Published: 2014-11-25
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

CVE-2014-8002
Published: 2014-11-25
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?