New Federal Government Data Security Requirement

Federal Office of Management and Budget - Data Security Directive
On June 23, 2006, the Deputy Director for Management at the Office of Management and Budget issued a memorandum instructing the heads of all federal government departments and agencies to comply with specific OMB and NIST data security requirements for mobile computers and remote access within 45 days (August 7, 2006).

What Is Required Within 45 Days?

1. Encryption for all data on mobile computers & devices that carry agency data
2. Remote access only via two-factor authentication
3. User re-authentication to remote access and mobile devices after 30 minutes of inactivity
4. Logging of all database extracts and verify each was erased within 90 days
5. Personally identifiable information transported to remote sites in encrypted form
6. Personally identifiable information stored at remote sites in encrypted form

PGP Data Security Solutions
PGP products provide encryption protection for all types of confidential data, on all types of devices, both when stored and in transit.

1. Whole Disk Encryption – complete encryption for laptops, USB, and back-up devices. The entire drive is secure if the device is lost or stolen. Includes security for files and folders for when the laptop is open and unattended. Two factor authentication supported.
2. Gateway and Desktop Email Encryption – complete email, attachment, and digital signature security. Automatic encryption and decryption of messages per data security policy without dependence on users. S/MIME and OpenPGP formats. Two factor authentication supported.
3. Batch and FTP File Transfer Encryption – protection for large files transferred across the Internet. Files are encrypted before transmission and are received secure until opened by recipients with proper credentials.
4. Network Files and Folders Encryption – protection for files stored on file servers and network storage devices. Files are encrypted to specific authorized individuals and security follows the file when downloaded from a server. Two factor authentication supported.
5. Centrally Managed Encryption Platform – PGP Encryption Platform provides automatic key management, central policy enforcement, reporting and recovery for all PGP encryption applications, including patented PGP Additional Decryption Key (ADK) technology ensuring the organization can always access encrypted data.
6. Security for BlackBerry Devices – The PGP Support Package for BlackBerry enables enterprises to seamlessly integrate PGP security solutions and BlackBerry devices. With this integrated solution, government organizations can deploy, centrally manage, and consistently enforce security policies for BlackBerry devices using PGP Universal.

PGP Corporation's currently shipping products use FIPS-validated cryptography. Specifically, all PGP Corporation's products versioned 9.0.x (including WDE) and 2.0.x use PGP's FIPS 140-2 Level 1 (certificate number 630) validated cryptography.

PGP Purchase Options

PGP products can be purchased from the PGP website, PGP resellers worldwide, or from the GSA schedule managed by PGP Corporation by CDW.