Vulnerabilities / Threats
12/16/2008
04:27 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

PGP Whole Disk Encryption Approved For Use Within U.K. Goverment

Baseline approval provides assurance against data loss from laptops and desktops

London and Menlo Park, CA/16 December 2008 - PGP Corporation, a global leader in enterprise data protection, today announced that PGP(r) Whole Disk Encryption has been formally approved by the National Technical Authority for Information Assurance (CESG) as suitable for use by Her Majesty's Government (HMG) in the UK, as well as other appropriate organizations. The approval underlines PGP Corporation's ongoing commitment to provide high-grade encryption software that offers protection against the loss of corporate data and personal information, thus enabling organizations to conduct business in a secure fashion without disrupting user productivity.

With high-profile data loss incidents plaguing organisations worldwide, the safeguarding of corporate data and personal information has never been more important. In the UK alone, the Government's handling of sensitive information has led to increased demand for technologies such as encryption to be implemented more widely within the public sector. In a recent speech at the RSA Europe conference, the Information Commissioner, Richard Thomas, highlighted over 176 examples of serious data breaches within the UK public sector[1][1].

PGP Corporation has been working closely with the CESG to gain approval for the use of PGP(r) software within UK Government organisations. The CESG manages and formalises the usage of cryptographic products within HMG and the UK public sector with its CESG Assisted Products Service (CAPS) - an approval scheme that is specific to the UK Government market. For any product to achieve CAPS approval and be advertised as suitable for purchase by HMG, it must be verified by the CESG to meet exacting security standards.

Now CAPS approved, PGP Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops and laptops. The encrypted data is transparently safeguarded from unauthorised access, providing strong security for intellectual property, personal information, customer and partner data, and corporate brand equity. Existing PGP(r) customers can benefit from the same high-grade encryption software that has been approved by the CESG for its CAPS Baseline certification, through the insertion of CESG supplied key material. This differentiates the PGP(r) solution from other offerings, which require the purchase of a separate product.

"Breaches have a significant and detrimental impact on public confidence, hence protecting corporate data and personal information has never been more important," said Phillip Dunkelberger, President and CEO, PGP Corporation. "CAPS approval gives assurance to government and public sector users that the PGP(r) products have been tested to the highest possible standard."

Government approvals and validations - such as CAPS and FIPS 140-2 - provide global companies with a high level of assurance that the PGP products adhere to rigorous encryption and compliance standards with international security organizations. PGP Universal(tm) Server and PGP Universal(tm) Gateway Email recently completed the thorough Common Criteria Evaluation Assurance Level 2 (EAL2) certification; as well PGP(r) Whole Disk Encryption which is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. There are currently 25 countries involved in the Common Criteria Mutual Recognition Arrangement (CCRA), including the United States and Canadian governments, and the EU.

Availability

CAPS approved PGP(r) Whole Disk Encryption is generally available today, for more information please contact a PGP(r) reseller.

About CESG

The National Technical Authority for Information Assurance (CESG) is the Information Assurance (IA) arm of the UK's Government Communications Headquarters (GCHQ), based in Cheltenham, Gloucestershire; its purpose is to provide advice and assistance to UK HMG, the wider public sector and UK Armed Forces regarding the security of communications and electronic data.

About CAPS

CESG Assisted Products Service (CAPS) is the way in which the CESG ensures the availability of products that address all HMG cryptographic requirements for use within HMG and other appropriate organisations. CAPS was introduced by CESG to meet the increasing demand within HMG for encryption and formalise the services that CESG has provided for a number of years. For a product to receive CAPS approval, it must be cryptographically verified by CESG to meet exacting security standards.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP(r) Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP(r) platform-enabled applications allow organisations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune 100, 75 percent of the Fortune Global 100, 87 percent of the German DAX Index, and 51 percent of the UK FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.