Press Release: PGP® Whole Disk Encryption Undergoes Common Criteria Evaluation Process

Menlo Park, CA/18 September 2008 – PGP Corporation, a global leader in enterprise data protection, today announced that PGP® Whole Disk Encryption is currently undergoing Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. Level 4 is the highest level possible that is mutually recognized by all countries participating in the Common Criteria certification; the plus denotes augmentation of ALC_FLR.1 Flaw Remediation. PGP® Whole Disk Encryption provides comprehensive, full disk encryption, enabling quick, cost-effective protection for data on desktops laptops, and removable media. The encrypted data is transparently safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.

“At PGP Corporation, we recognize that in order for our public and private sector customers to operate as secure, global businesses 24x7, they must adhere to the rigorous security standards and international compliance laws,” said Jon Callas, chief technology officer of PGP Corporation. “PGP Corporation continues to be one of the leading enterprise security vendors to comply with all of the industry and government evaluations so that our customers can be assured of our product’s strength and quality to protect their data security initiatives and assets.”

Common Criteria evaluation of security products is important for global enterprises and frequently mandated for commercial information security products purchased by governments worldwide, including the U.S. government for use in national security systems. The evaluation of PGP® Whole Disk Encryption managed by PGP® Universal Server is being performed by the Canadian Communications Security Establishment’s (CSE) Common Criteria Evaluation and Certification Scheme (CCS), globally recognized as a certificate member of the Common Criteria Mutual Recognition Arrangement (CCRA). The CCRA is a pact which was designed to allow all evaluations up to EAL4 to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 25 countries involved in the CCRA, including the United States and Canadian governments, and the EU.

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predefined evaluation assurance levels, each one more stringent than the last. Common Criteria enables vendors to have their products tested against a chosen level by an independent third-party testing laboratory. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.

Common Criteria certification of security products is mandated by the U.S. government for federal purchases. The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires agencies to purchase only those commercial security products which have met specified third-party assurance requirements and have been tested by an accredited national laboratory.

In order to facilitate the prompt completion of the Common Criteria evaluation process, PGP Corporation has partnered with InfoGard Laboratories and DOMUS IT Security Laboratory for Common Criteria; and AEGISOLVE, Inc. for FIPS certification. InfoGard is the first private IT security laboratory to become accredited by the United States National Institute of Standards and Technology (NIST), Payment Card Industry (PCI) Security Council and Postal authorities. DOMUS is an accredited Common Criteria and FIPS test laboratory based in Ottawa, Canada with over 12 years of experience.

PGP® Universal Server, the foundation of the PGP® Encryption Platform, is also undergoing the Common Criteria evaluation process. For more details, please go to: http://www.pgp.com/insight/newsroom/press_releases/common_criteria_evaluation.html

About PGP Corporation
PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smart phones, network storage, file transfers, automated processes, and backups.

PGP® solutions are used by more than 80,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com.

About AEGISOLVE, Inc.
AEGISOLVE, Inc. is a computer security laboratory accredited by the U.S. Department of Commerce and National Institute of Standards and Technology for FIPS 140-2 validation testing of cryptographic based security systems. For further information, please visit http://www.aegisolve.com/.

About Domus IT Security Laboratory
DOMUS IT Security Laboratory is a recognized and accredited 3rd party Common Criteria and FIPS 140 test lab. DOMUS was the first laboratory to be accredited by the Standards Council of Canada (SCC) to conduct Common Criteria Evaluations and Certifications. For further information, please visit www.domusitsl.com.

About InfoGard Laboratories
InfoGard Laboratories is the premier, independent, accredited IT security laboratory in the United States. Our portfolio of services consists of evaluating IT products and systems for the Federal Government, Postal Authorities, Payment Card Industry, High Tech, Election, and Identification Industries. For additional information about InfoGard Laboratories, please visit www.infogard.com.

Media & analyst contact for PGP Corporation:
North America
Christina Grenier
PGP Corporation
+1 650 543 3697
cgrenier@pgp.com

Tom Rice
Merritt Group
+1 703 856 2218
rice@merrittgrp.com

United Kingdom
Jacqui Depares / Richard Scarlett
Johnson King
+44 (0) 20 7401 7968
pgpteam@johnsonking.co.uk

Germany
Ingrid Daschner
Johnson King
+49 (0) 89 8940 8511
ingridd@johnsonking.de

Legal Notice Regarding Forward-Looking Statements
Some of the statements in this press release are forward-looking, including statements regarding the availability, plans, delivery, goals, development, expected features, expected benefits and competitive position of PGP products implementing or leveraging the PGP technologies. All references made to product feature enhancements, improvements in Platform support or additional functionality are subject to change at PGP Corporation’s sole discretion. All future descriptions of PGP technology and products are subject to availability only if PGP Corporation decides to build them and when PGP Corporation decides to make them commercially available. Actual results could differ materially from those expressed in any forward-looking statements. Risks and uncertainties that PGP Corporation faces that could cause results to differ materially include risks associated with any unforeseen technical difficulties or software errors related to the final development and launch of any of PGP Corporation’s products; any technological, regulatory, or standards changes in the security, encryption and authentications market which could make PGP Corporation’s products less competitive or require feature changes in these products; any slowdown in the adoption by businesses of encryption suites, secure email, Internet technologies or related standard. The forward-looking statements contained in this release are made as of the date hereof, and PGP Corporation does not assume any obligation to update such statements nor the reasons why actual results could differ materially from those projected in such statements.

PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners.