Vulnerabilities / Threats
04:27 PM
Dark Reading
Dark Reading
Products and Releases

PGP Whole Disk Encryption Approved For Use Within U.K. Goverment

Baseline approval provides assurance against data loss from laptops and desktops

London and Menlo Park, CA/16 December 2008 - PGP Corporation, a global leader in enterprise data protection, today announced that PGP(r) Whole Disk Encryption has been formally approved by the National Technical Authority for Information Assurance (CESG) as suitable for use by Her Majesty's Government (HMG) in the UK, as well as other appropriate organizations. The approval underlines PGP Corporation's ongoing commitment to provide high-grade encryption software that offers protection against the loss of corporate data and personal information, thus enabling organizations to conduct business in a secure fashion without disrupting user productivity.

With high-profile data loss incidents plaguing organisations worldwide, the safeguarding of corporate data and personal information has never been more important. In the UK alone, the Government's handling of sensitive information has led to increased demand for technologies such as encryption to be implemented more widely within the public sector. In a recent speech at the RSA Europe conference, the Information Commissioner, Richard Thomas, highlighted over 176 examples of serious data breaches within the UK public sector[1][1].

PGP Corporation has been working closely with the CESG to gain approval for the use of PGP(r) software within UK Government organisations. The CESG manages and formalises the usage of cryptographic products within HMG and the UK public sector with its CESG Assisted Products Service (CAPS) - an approval scheme that is specific to the UK Government market. For any product to achieve CAPS approval and be advertised as suitable for purchase by HMG, it must be verified by the CESG to meet exacting security standards.

Now CAPS approved, PGP Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops and laptops. The encrypted data is transparently safeguarded from unauthorised access, providing strong security for intellectual property, personal information, customer and partner data, and corporate brand equity. Existing PGP(r) customers can benefit from the same high-grade encryption software that has been approved by the CESG for its CAPS Baseline certification, through the insertion of CESG supplied key material. This differentiates the PGP(r) solution from other offerings, which require the purchase of a separate product.

"Breaches have a significant and detrimental impact on public confidence, hence protecting corporate data and personal information has never been more important," said Phillip Dunkelberger, President and CEO, PGP Corporation. "CAPS approval gives assurance to government and public sector users that the PGP(r) products have been tested to the highest possible standard."

Government approvals and validations - such as CAPS and FIPS 140-2 - provide global companies with a high level of assurance that the PGP products adhere to rigorous encryption and compliance standards with international security organizations. PGP Universal(tm) Server and PGP Universal(tm) Gateway Email recently completed the thorough Common Criteria Evaluation Assurance Level 2 (EAL2) certification; as well PGP(r) Whole Disk Encryption which is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. There are currently 25 countries involved in the Common Criteria Mutual Recognition Arrangement (CCRA), including the United States and Canadian governments, and the EU.


CAPS approved PGP(r) Whole Disk Encryption is generally available today, for more information please contact a PGP(r) reseller.

About CESG

The National Technical Authority for Information Assurance (CESG) is the Information Assurance (IA) arm of the UK's Government Communications Headquarters (GCHQ), based in Cheltenham, Gloucestershire; its purpose is to provide advice and assistance to UK HMG, the wider public sector and UK Armed Forces regarding the security of communications and electronic data.

About CAPS

CESG Assisted Products Service (CAPS) is the way in which the CESG ensures the availability of products that address all HMG cryptographic requirements for use within HMG and other appropriate organisations. CAPS was introduced by CESG to meet the increasing demand within HMG for encryption and formalise the services that CESG has provided for a number of years. For a product to receive CAPS approval, it must be cryptographically verified by CESG to meet exacting security standards.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP(r) Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP(r) platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.