PGP Corporation, a global leader in enterprise data protection, today announced that PGP® Whole Disk Encryption is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. PGP® Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops laptops, and removable media. The encrypted data is transparently safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.
“At PGP Corporation, we recognize that in order for our public and private sector customers to operate as secure, global businesses 24×7, they must adhere to the rigorous security standards and international compliance laws,” said Jon Callas, chief technology officer of PGP Corporation. “PGP Corporation continues to be one of the leading enterprise security vendors to comply with all of the industry and government evaluations so that our customers can be assured of our product’s strength and quality to protect their data security initiatives and assets.”
Common Criteria evaluation of security products is important for global enterprises and frequently mandated for commercial information security products purchased by governments worldwide, including the U.S. government for use in national security systems. The evaluation of PGP® Whole Disk Encryption managed by PGP® Universal Server is being performed by the Canadian Communications Security Establishment’s (CSE) Common Criteria Evaluation and Certification Scheme (CCS), globally recognized as a certificate member of the Common Criteria Mutual Recognition Arrangement (CCRA). The CCRA is a pact which was designed to allow all evaluations up to EAL4 to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 25 countries involved in the CCRA, including the United States and Canadian governments, and the EU.
Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predefined evaluation assurance levels, each one more stringent than the last. Common Criteria enables vendors to have their products tested against a chosen level by an independent third-party testing laboratory. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.
Common Criteria certification of security products is mandated by the U.S. government for federal purchases. The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires agencies to purchase only those commercial security products which have met specified third-party assurance requirements and have been tested by an accredited national laboratory.
In order to facilitate the prompt completion of the Common Criteria evaluation process, PGP Corporation has partnered with InfoGard Laboratories and DOMUS IT Security Laboratory for Common Criteria; and AEGISOLVE, Inc. for FIPS certification. InfoGard is the first private IT security laboratory to become accredited by the United States National Institute of Standards and Technology (NIST), Payment Card Industry (PCI) Security Council and Postal authorities. DOMUS is an accredited Common Criteria and FIPS test laboratory based in Ottawa, Canada with over 12 years of experience.
PGP® Universal Server, the foundation of the PGP® Encryption Platform, is also undergoing the Common Criteria evaluation process.