Vulnerabilities / Threats
12/16/2008
04:27 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

PGP Whole Disk Encryption Approved For Use Within U.K. Goverment

Baseline approval provides assurance against data loss from laptops and desktops

London and Menlo Park, CA/16 December 2008 - PGP Corporation, a global leader in enterprise data protection, today announced that PGP(r) Whole Disk Encryption has been formally approved by the National Technical Authority for Information Assurance (CESG) as suitable for use by Her Majesty's Government (HMG) in the UK, as well as other appropriate organizations. The approval underlines PGP Corporation's ongoing commitment to provide high-grade encryption software that offers protection against the loss of corporate data and personal information, thus enabling organizations to conduct business in a secure fashion without disrupting user productivity.

With high-profile data loss incidents plaguing organisations worldwide, the safeguarding of corporate data and personal information has never been more important. In the UK alone, the Government's handling of sensitive information has led to increased demand for technologies such as encryption to be implemented more widely within the public sector. In a recent speech at the RSA Europe conference, the Information Commissioner, Richard Thomas, highlighted over 176 examples of serious data breaches within the UK public sector[1][1].

PGP Corporation has been working closely with the CESG to gain approval for the use of PGP(r) software within UK Government organisations. The CESG manages and formalises the usage of cryptographic products within HMG and the UK public sector with its CESG Assisted Products Service (CAPS) - an approval scheme that is specific to the UK Government market. For any product to achieve CAPS approval and be advertised as suitable for purchase by HMG, it must be verified by the CESG to meet exacting security standards.

Now CAPS approved, PGP Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops and laptops. The encrypted data is transparently safeguarded from unauthorised access, providing strong security for intellectual property, personal information, customer and partner data, and corporate brand equity. Existing PGP(r) customers can benefit from the same high-grade encryption software that has been approved by the CESG for its CAPS Baseline certification, through the insertion of CESG supplied key material. This differentiates the PGP(r) solution from other offerings, which require the purchase of a separate product.

"Breaches have a significant and detrimental impact on public confidence, hence protecting corporate data and personal information has never been more important," said Phillip Dunkelberger, President and CEO, PGP Corporation. "CAPS approval gives assurance to government and public sector users that the PGP(r) products have been tested to the highest possible standard."

Government approvals and validations - such as CAPS and FIPS 140-2 - provide global companies with a high level of assurance that the PGP products adhere to rigorous encryption and compliance standards with international security organizations. PGP Universal(tm) Server and PGP Universal(tm) Gateway Email recently completed the thorough Common Criteria Evaluation Assurance Level 2 (EAL2) certification; as well PGP(r) Whole Disk Encryption which is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. There are currently 25 countries involved in the Common Criteria Mutual Recognition Arrangement (CCRA), including the United States and Canadian governments, and the EU.

Availability

CAPS approved PGP(r) Whole Disk Encryption is generally available today, for more information please contact a PGP(r) reseller.

About CESG

The National Technical Authority for Information Assurance (CESG) is the Information Assurance (IA) arm of the UK's Government Communications Headquarters (GCHQ), based in Cheltenham, Gloucestershire; its purpose is to provide advice and assistance to UK HMG, the wider public sector and UK Armed Forces regarding the security of communications and electronic data.

About CAPS

CESG Assisted Products Service (CAPS) is the way in which the CESG ensures the availability of products that address all HMG cryptographic requirements for use within HMG and other appropriate organisations. CAPS was introduced by CESG to meet the increasing demand within HMG for encryption and formalise the services that CESG has provided for a number of years. For a product to receive CAPS approval, it must be cryptographically verified by CESG to meet exacting security standards.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP(r) Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP(r) platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5316
Published: 2014-09-21
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

CVE-2014-5320
Published: 2014-09-21
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.

CVE-2014-5321
Published: 2014-09-21
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319...

CVE-2014-5322
Published: 2014-09-21
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.

CVE-2014-6602
Published: 2014-09-21
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.

Best of the Web
Dark Reading Radio