Video Screencast Help

PGP Command Line not CAPS accredited?

Created: 30 Jan 2013 | 3 comments

I need to ability the automate the encryption and decryption of files in an IL3 environment.  Unfortunately as far as I can tell PGP Command Line is not CESG CAPS approved.  This raises couple of questions:

  1. Am I correct and PGP command line is not CAPS approved?
  2. If command line is not CAPS approved is there an approved tool capabile of automating file encryption and decryption?
  3. If there is no approved tool and I need to go down the risk acceptance route of PGP Command Line what are the risks?  Why is command line less secure than PGP zip.?

 

Comments 3 CommentsJump to latest comment

Alex_CST's picture

All i know is an older version of PGP WDE is CAPS approved

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

dfinkelstein's picture

PGP Command Line does not have CAPS accredation.  PGPZip is not accredited either; it is PGP Whole Disk Encryption that has accredation.

PGP Command Line does use FIPS 140-2 validated cryptography.  US Government, defence, and financial institutions rely on it for secure data processing.

I can certainly talk with Product Managment about the idea of getting CAPS or CPA for PGP Command Line.

Regards,

--------

David Finkelstein

Symantec R&D

mike.dun's picture

Thank for the reply David, but this seems to contradict information published on the Symantect WebSite:

 

"Which PGP products are CAPS approved?
PGP Whole Disk Encryption, PGP Zip, PGP Virtual Disk and PGP Universal Server to manage these elements are CAPS approved. CAPS approved PGP Desktop Email will be available in a future release.

These products provide public and associated private sector companies to protect information up to Impact Level (IL) 3 Restricted."

http://www.symantec.com/business/support/index?page=content&id=TECH149226

Obviously if you guys can get the accresdited that would be fantastic.  But seeing as we go live in April I dont think it possible within our timescales.  What we are looking to do here is take a calculated risk.  Are there any risks / limitation to the product that needs to be raised or do Symantec believe that command line is accreditable as it stands of it were put through the processs.