PGP Corporation
CAPS CESG

CAPS Approved PGP Whole Disk Encryption: Product FAQ

General

Technical



General
What is CAPS and why is it important?
The CESG Assisted Products Service (CAPS) is a service for companies interested in commercial risk developments for the UK government market. CAPS links the cryptographic knowledge of CESG, the UK national technical authority for information assurance, with the private sector's expertise and resources.


CAPS helps private sector companies to develop cryptographic products for use by Her Majesty's Government (HMG) and other appropriate organisations in the U.K.

A Consultancy and Advice contract gives companies access to CESG knowledge, skills and experience in the field of Information Assurance, supplemented by a range of guidance documentation. CAPS vendors may incorporate appropriate CESG cryptographic or public domain algorithms in their products and submit them for evaluation by CESG. When approved, these products may be advertised as suitable for purchase by HMG and the UK public sector.

> Back to top

What business problem does CAPS-approved PGP Whole Disk Encryption solve?
Mobile computers and devices are the industry standard for increasing user productivity. However, unprotected mobile devices pose a critical risk to a public sector organisation's most sensitive data: customer information, financial data, government secrets, and other proprietary information. Exposure of this data poses a risk to organisations, individuals, and society and can result in loss of people's trust and possible legal ramifications.


PGP Whole Disk Encryption is a comprehensive solution that protects sensitive data on desktops, laptops, external drives, and USB flash drives.



CAPS-approved PGP Whole Disk Encryption is the ideal mobile data protection solution for use in the UK public sector, within Central and Local government, the NHS, the Ministry of Defence, Criminal Justice, and other appropriate organisations.

PGP Whole Disk Encryption provides organisations with the following benefits:

  • Protects against: personal computer is lost / stolen / compromised / disposed of improperly
  • Reduces risk of loss of personal information
  • Protects against damage or distress to individuals
  • Protects against loss of reputation of public and private sector organisations
  • Encrypts desktops, laptops, and removable media
  • Enables public and private sectors to continue business without disrupting user productivity
  • Demonstrates compliance to regulatory standards

> Back to top

Which PGP products are CAPS-approved?
PGP Whole Disk Encryption CAPS-approved. PGP Universal™ Server can be used to manage these elements in a secure environment. CAPS-approved PGP-encrypted email through PGP Desktop Email (managed by PGP Universal) is also on its way soon.


These products provided public and associated private sector companies to protect information up to Baseline or Impact Level (IL) 3 – Restricted.

> Back to top

How does CAPS-approved PGP Whole Disk Encryption work? What is the end-user experience?
The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any other changes to their experience.


The only change in the end-user experience with PGP Whole Disk Encryption is the addition of a pre-boot authentication screen. The pre-boot authentication screen protects the system from access by unauthorized users by disabling their ability to attack operating system-level authentication mechanisms. After the end user provides valid authentication, encryption and decryption of the disk are transparent to both the user and the operating system.

> Back to top

How does CAPS-approved PGP Whole Disk Encryption fit into the PGP Encryption Platform?
As a PGP Encryption Platform-enabled application, CAPS-approved PGP Whole Disk Encryption leverages PGP Universal Server users, key management, and configurations. Deploying one enterprise encryption application, such as PGP Whole Disk Encryption, automatically delivers the PGP Encryption Platform, allowing organisations to quickly deploy additional PGP applications, such as secure messaging or network file-sharing security, within the organisation. PGP Encryption Platform-enabled applications can be used together to provide multiple layers of security, all administered from a single, consolidated management console using centralized policy and configurations.

> Back to top

Technical
What operating systems are supported?
CAPS-approved PGP Whole Disk Encryption supports the following operating systems: Microsoft Windows XP Professional 32-bit (Service Pack 1, 2, and 3), Windows XP Professional 64-bit (Service Pack 1 and 2), Windows Vista (all 32-bit and 64-bit versions, including Service Pack 1), Windows XP Home Edition (Service Pack 1, 2 and 3), Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard).

> Back to top

What are the steps to obtaining CAPS-approved PGP Whole Disk Encryption?

  1. If you are a new PGP Corporation CAPS customer, and you wish to use key material from CESG:
    1. Order CAPS-approved PGP Whole Disk Encryption software from your PGP sales or PGP channel representative.
    2. Fill out the requisite forms to request key material from the CESG and submit these to the CESG (contact the CESG or your PGP sales/channel representative for more information).
    3. After you have the CESG key material and are ready to begin installation, obtain the software from PGP and deploy it to clients (see the PGP CAPS Administration Guide and the CESG Security Procedures Instructions for more information).
  2. If you wish to obtain the PGP CAPS product and you do not wish to use key material from the CESG:
    1. Order the CAPS-approved PGP Whole Disk Encryption software from your PGP sales or PGP channel representative.
    2. Obtain the software from PGP Corporation and deploy it to clients (see PGP CAPS Administration Guide for more information).

> Back to top

I have PGP CAPS-approved Whole Disk Encryption software and key material from CESG. What deployment steps do I follow to ensure a successful installation?

  1. Ensure that you have correct software components:
    1. PGP CAPS-approved version of PGP Desktop (client software for PGP Whole Disk Encryption)
    2. PGP CAPS Activation Package for PGP Desktop (software that inserts the CESG key material into PGP Desktop)
    3. Any update packages for PGP Universal Server (management for PGP Whole Disk Encryption)
    4. Review the instructions contained within the PGP CAPS Administrators Guide and the CESG Security Procedures document
  2. Install PGP Whole Disk Encryption software on client machines.
  3. Enroll users (see PGP Whole Disk Encryption and PGP Universal Server for more information).
  4. Insert CESG keys on every client machine using the CAPS Activation Package for PGP Desktop and the CESG key material (see CAPS Administrator Guide for more information).
  5. Perform full disk encryption on each client machine.
  6. View status of CAPS client machines on PGP Universal Server and demonstrate compliance.

> Back to top

If I have a version of PGP Whole Disk Encryption prior to CAPS that is already deployed, and I wish to upgrade to CAPS-approved PGP Whole Disk Encryption what do I have to do?

  1. If you wish to update your installation to the CAPS-approved version of PGP Whole Disk Encryption, and you wish to use new key material from the CESG, you need to first decrypt client machines and encrypt them using CAPS-approved PGP Whole Disk Encryption.
  2. If you wish to update your installation to CAPS-approved PGP Whole Disk Encryption, and you do not need key material from the CESG, you can simply upgrade your installation to the CAPS-approved version of PGP Whole Disk Encryption.
When deploying the PGP CAPS Activation Package in a PGP Universal Server centrally managed environment, be sure that you have obtained the special software update package (.pup) and installed it on the PGP Universal Server. Please refer to the PGP CAPS Administrator Guide for more information.

> Back to top

How do I use the CESG-supplied key with PGP Whole Disk Encryption?
After CAPS-approved PGP Whole Disk Encryption client software has been installed on user machines and users have been enrolled, the administrator has to ensure that the CESG keys have been inserted prior to initial encryption.


To do this, the security administrator inserts PGP CAPS Activation Package (on a compact disc or USB drive) and then runs a command line program located on the disc or USB drive that locates the CESG key, obtains the key, and then inserts the key into the PGP Whole Disk Encryption client installation.

Please refer to the PGP CAPS Administrator Guide for more information.

> Back to top

Can I have a mix of CAPS-approved PGP Whole Disk Encryption and PGP Whole Disk Encryption in my environment?
Absolutely. PGP Corporation recommends CAPS-approved PGP Whole Disk Encryption for workgroups that have a requirement to protect information up to Impact Level (IL) 3 – Restricted – i.e. CAPS Baseline.


Other workgroups in a secure environment that do not require CAPS Baseline may use PGP Whole Disk Encryption.

All PGP solutions use the same high-grade encryption that has undergone the rigorous CAPS approval process.

PGP Universal Server, the centralized management server for CAPS-approved PGP Whole Disk Encryption, displays all client machines that have PGP Whole Disk Encryption, including those with CAPS-approved PGP Whole Disk Encryption.

> Back to top

Can I use USB devices in a CAPS Baseline environment?
No. CAPS-approved PGP Whole Disk Encryption is certified for use for protection of external disks only at this time. However, workgroups in a secure environment that do not require CAPS Baseline may use PGP Whole Disk Encryption to protect both external and internal disks.

All PGP solutions use the same high-grade encryption that has undergone the rigorous CAPS approval process.

> Back to top

What international languages does CAPS-approved PGP Whole Disk Encryption support?
While the user interface for CAPS-approved PGP Whole Disk Encryption supports English, German, and Japanese, over 35 international keyboard layouts are supported including English, French, Danish, German, Italian, and more. Please see the PGP Desktop User Guide for a complete list.

> Back to top

Where can I get more information about PGP Whole Disk Encryption?
Please refer to the PGP Whole Disk Encryption product page for more information at: http://www.pgp.com/products/wholediskencryption/index.html .

> Back to top
 
© 2002-2009 PGP Corporation. All Rights Reserved. PRIVACY  |  LEGAL