We are pleased to announce that PGP® Whole Disk Encryption successfully achieved Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification.
Level 4 is the highest possible level that is mutually recognized by all countries participating in the Common Criteria certification (the plus denotes augmentation of ALC_FLR.1 Flaw Remediation).
PGP Corporation is one of the only vendors to have an integrated whole disk encryption and management server solution that is Common Criteria certified. PGP® Whole Disk Encryption is also the first disk encryption product to be awarded validation against Common Criteria Evaluation Scheme CC v3.1/CEM v3.1.
PGP® Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops, laptops, and removable media. The encrypted data is transparently safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.
Common Criteria evaluation of security products is critical for global enterprises and frequently mandated for commercial information security products purchased by governments worldwide, including the U.S. government for use in its national security systems.
PGP® Whole Disk Encryption managed by PGP® UniversalTM Server was evaluated by the Canadian Communications Security Establishment’s (CSE) Common Criteria Evaluation and Certification Scheme (CCS), globally recognized as a certificate member of the Common Criteria Mutual Recognition Arrangement (CCRA).
The CCRA is a pact that was designed to allow all evaluations up to EAL4 to be recognized by all participating countries, regardless of where the evaluation was completed. A complete list of all CCRA certified products is maintained here.
For those not familiar with Common Criteria, it is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predefined evaluation assurance levels, each one more stringent than the last.
Common Criteria enables vendors to have their products tested against a chosen level by an independent third-party testing laboratory and provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous and standard manner.