One of Two NIST–Accepted Encryption Standards

PGP solutions are built on the recognized OpenPGP (RFC 2440 and RFC 3156) standard. PGP encryption is one of two email encryption standards recommended by the National Institute of Standards and Technology (NIST 400-85) available at:
http://csrc.nist.gov/publications/nistpubs/800-45/sp800-45 [PDF: 1.1MB].

FIPS Validation of PGP Software
The PGP® Software Developer's Kit version SDK 3.0.3 has been validated to Federal Information Processing Standards (FIPS) 140-2 Level 1. FIPS-validated products that use this specific PGP SDK version are PGP® Corporate Desktop 8.0.3 and PGP® Workgroup Desktop 8.0.3.

Note that although PGP Corporation has released minor updates and upgrades since the FIPS-validated PGP Corporate Desktop 8.0.3 and PGP Workgroup Desktop 8.0.3 products, there have been no qualitative changes to the core cryptography.

Currently shipping PGP® products use PGP SDK version 3.2.0, a more recent revision of the SDK than the one that was validated, version 3.0.3. Some PGP customers consider the newer revision to be inappropriate for their particular applications and have a requirement to use 3.0.3. PGP Corporation continues to make the earlier SDK 3.0.3 product versions available for customers with this requirement.

PGP Corporation validates new products with FIPS once per year and is now in the process of validating the next generation of PGP products, including PGP Desktop and PGP Universal™ products.

Purchase Process
Customers should purchase current versions of PGP products from the GSA price list, a PGP reseller, or the PGP website. You will receive a download link and a license number for the current version of the products purchased. An installation CD is also available separately.

S/MIME and Other Government Standards
PGP® technology also supports additional standards for S/MIME (v3), Hashed Message Authentication Code CFR 2104, Advanced Encryption Standard (AES) FIPS 197, TripleDES FIPS 46-3, Digital Signature Algorithm (DSA) FIPS 186-2, and Secure Hash Algorithm (SHA) FIPS180-1 and FIPS 180-2.

Email Security Requirement Under FISMA
PGP Universal secures and digitally signs email as required by the GSA's E-Government initiative and to comply with the Federal Information Security Management Act (FISMA). It also enables agencies to comply with Federal Bridge Certificate Authority (FBCA) and Federal Public Key Infrastructure (FPKI).

Adds Email Security to PKI Investments
PGP Universal extends existing PKI investments, using existing X.509 certificates, by adding automatic, transparent secure email and digital signatures. PGP Universal can bridge the gap between incompatible PKI implementations.

PGP Universal for Government Agencies
PGP Universal moves security from the user to the network through a next-generation "automatic encryption proxy." IT can enforce encryption policies without relying on user intervention or incurring desktop software, training, or support costs. PGP Universal provides automatic key creation and management as well as automatic encryption, decryption, and digital signatures.

PGP Universal provides interoperability between S/MIME/X.509 and PGP/MIME architectures. It features LDAP-based certificate storage and retrieval, FBCA or subsidiary Certificate Authority (CA) capabilities, and broad CA interoperability. PGP Universal supports MAPI and IBM/Lotus Notes and is compatible with existing PGP Desktop solutions.

Request Information
If you would like more information about PGP government programs, please email us at gov-program@pgp.com, call us at 1 571 297 1508, or fill out and submit the form below.