Vulnerabilities / Threats
04:27 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

PGP Whole Disk Encryption Approved For Use Within U.K. Goverment

Baseline approval provides assurance against data loss from laptops and desktops

London and Menlo Park, CA/16 December 2008 - PGP Corporation, a global leader in enterprise data protection, today announced that PGP(r) Whole Disk Encryption has been formally approved by the National Technical Authority for Information Assurance (CESG) as suitable for use by Her Majesty's Government (HMG) in the UK, as well as other appropriate organizations. The approval underlines PGP Corporation's ongoing commitment to provide high-grade encryption software that offers protection against the loss of corporate data and personal information, thus enabling organizations to conduct business in a secure fashion without disrupting user productivity.

With high-profile data loss incidents plaguing organisations worldwide, the safeguarding of corporate data and personal information has never been more important. In the UK alone, the Government's handling of sensitive information has led to increased demand for technologies such as encryption to be implemented more widely within the public sector. In a recent speech at the RSA Europe conference, the Information Commissioner, Richard Thomas, highlighted over 176 examples of serious data breaches within the UK public sector[1][1].

PGP Corporation has been working closely with the CESG to gain approval for the use of PGP(r) software within UK Government organisations. The CESG manages and formalises the usage of cryptographic products within HMG and the UK public sector with its CESG Assisted Products Service (CAPS) - an approval scheme that is specific to the UK Government market. For any product to achieve CAPS approval and be advertised as suitable for purchase by HMG, it must be verified by the CESG to meet exacting security standards.

Now CAPS approved, PGP Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops and laptops. The encrypted data is transparently safeguarded from unauthorised access, providing strong security for intellectual property, personal information, customer and partner data, and corporate brand equity. Existing PGP(r) customers can benefit from the same high-grade encryption software that has been approved by the CESG for its CAPS Baseline certification, through the insertion of CESG supplied key material. This differentiates the PGP(r) solution from other offerings, which require the purchase of a separate product.

"Breaches have a significant and detrimental impact on public confidence, hence protecting corporate data and personal information has never been more important," said Phillip Dunkelberger, President and CEO, PGP Corporation. "CAPS approval gives assurance to government and public sector users that the PGP(r) products have been tested to the highest possible standard."

Government approvals and validations - such as CAPS and FIPS 140-2 - provide global companies with a high level of assurance that the PGP products adhere to rigorous encryption and compliance standards with international security organizations. PGP Universal(tm) Server and PGP Universal(tm) Gateway Email recently completed the thorough Common Criteria Evaluation Assurance Level 2 (EAL2) certification; as well PGP(r) Whole Disk Encryption which is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. There are currently 25 countries involved in the Common Criteria Mutual Recognition Arrangement (CCRA), including the United States and Canadian governments, and the EU.


CAPS approved PGP(r) Whole Disk Encryption is generally available today, for more information please contact a PGP(r) reseller.

About CESG

The National Technical Authority for Information Assurance (CESG) is the Information Assurance (IA) arm of the UK's Government Communications Headquarters (GCHQ), based in Cheltenham, Gloucestershire; its purpose is to provide advice and assistance to UK HMG, the wider public sector and UK Armed Forces regarding the security of communications and electronic data.

About CAPS

CESG Assisted Products Service (CAPS) is the way in which the CESG ensures the availability of products that address all HMG cryptographic requirements for use within HMG and other appropriate organisations. CAPS was introduced by CESG to meet the increasing demand within HMG for encryption and formalise the services that CESG has provided for a number of years. For a product to receive CAPS approval, it must be cryptographically verified by CESG to meet exacting security standards.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP(r) Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP(r) platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web