This article details some frequently asked questions for the CAPS Activation Package for PGP Whole Disk Encryption.

 

PGP CAPS Activation Package for PGP Whole Disk Encryption: Product FAQ

General

 

• How does CAPS Activation Package for PGP Whole Disk Encryption work?
• What is the end-user experience?
• How does CAPS Activation Package for PGP Whole Disk Encryption fit into the PGP Encryption Platform?

Technical

 

• Which PGP products are approved for use within a secure environment requiring CAPS?
• What operating systems are supported?
• What happens if I have an older version of PGP Desktop installed and I now want to upgrade to the CAPS approved PGP Desktop?
• What type of dual factor authentication support exists for CAPS approved PGP Desktop?
• What languages are supported by the PGP CAPS Activation Package for PGP Whole Disk Encryption?

General

Mobile computers and devices are the industry standard for increasing user productivity. However, unprotected mobile devices pose a critical risk to a public sector organizations most sensitive data: customer information, financial data, government secrets, and other proprietary information. Exposure of this data poses a risk to organizations, individuals and society, and can result in loss of public trust and possible legal ramifications.

PGP Whole Disk Encryption is a comprehensive solution that protects sensitive data on desktops, laptops, external drives and USB flash drives.

CAPS approved PGP Whole Disk Encryption is the ideal mobile data protection solution for use in the UK public sector, within Central and Local governments, the NHS, the MOD, Criminal Justice, and other appropriate organizations.

PGP Whole Disk Encryption provides organizations the following benefits:

 

• Protects against: Lost, stolen, disposed of improperly, or compromised personal computers.
• Reduces the risk of lost personal information.
• Protects against damage or distress to individuals.
• Protects against the loss of reputation of public and private sector organizations.
• Encrypts desktops, laptops, and removable media.
• Enables public and private sectors to continue business without disrupting user productivity.
• Demonstrates compliance to regulatory standards.

Which PGP products are CAPS approved?
PGP Whole Disk Encryption, PGP Zip, PGP Virtual Disk and PGP Universal Server to manage these elements are CAPS approved. CAPS approved PGP Desktop Email will be available in a future release.

These products provide public and associated private sector companies to protect information up to Impact Level (IL) 3 Restricted.

How does PGP Whole Disk Encryption work?
PGP Whole Disk Encryption operates at a system level between the operating system and the disk drive. Thereby providing user-transparent, sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any other changes to their experience.

What is the end-user experience?
The only change in the end-user experience with PGP Whole Disk Encryption is the addition of a pre-boot authentication screen. The pre-boot authentication screen protects the system from being accessed by unauthorized users by disabling their ability to attack operating systemlevel authentication mechanisms. Once the end user provides valid authentication, encryption and decryption of the disk are transparent to both the user and the operating system. The pre-boot authentication passphrase can be synchronized with the Windows logon, enabling Windows users to be automatically logged into their system without requiring additional passphrases or user interaction.

How does one obtain CAPS Approved PGP Whole Disk Encryption?
CESG encryption key material must be ordered directly from CESG. The delivery time on CESG KeyMat is approximately 2-4 weeks from clearance of the Sales Authorization. Contact your PGP sales representative or your PGP sales partner on more information on how to obtain CESG sales authorization and key material.

How does PGP Whole Disk Encryption fit into the PGP Encryption Platform?
As a PGP Encryption Platformenabled application, PGP Whole Disk Encryption leverages PGP Universal Server users, keys, and configurations. Deploying one enterprise encryption application, such as PGP Whole Disk Encryption, automatically delivers the PGP Encryption Platform, allowing organizations to quickly deploy new applications such as secure messaging or network file sharing security within the organization. PGP Encryption Platformenabled applications can be used together to provide multiple layers of security, all administered from a single, consolidated management console using centralized policy and configuration.

 

Technical

What operating systems are supported?
CAPS Approved PGP Whole Disk Encryption supports the following operating systems:

 

• Microsoft Windows XP Professional 32-bit (Service Pack 1, 2, or 3)
• Windows XP Professional 64-bit (Service Pack 2)
• Windows Vista 32-bit including Service Pack 1
• Windows Vista 64-bit including Service Pack 1
• Windows XP Home Edition (Service Pack 1, 2 or 3)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)

PGP Whole Disk Encryption supports a variety of Smart Cards and USB Tokens for pre-boot Two-factor authentication.

What are the steps in obtaining CAPS Approved PGP Whole Disk Encryption?
Once you have completed your order and the key material authorization forms from CESG:
 

1. Download the PGP CAPS Activation Package for PGP Whole Disk Encryption provided you have a valid license for this.
2. Install the software onto client systems.
3. If in a managed environment, enroll users with the PGP Universal Server.
4. Insert CESG key material onto PGP Whole Disk Encryption clients.
5. Perform PGP Whole Disk Encryption on the system.

How do I use the CESG supplied key with PGP Whole Disk Encryption?
Once the PGP CAPS Activation Package for PGP Whole Disk Encryption software is installed on a user system, and users are enrolled, the administrator must ensure that the CESG keys have been inserted prior to performing PGP Whole Disk Encryption. To do this, the security administrator inserts PGP CAPS Activation Package (on a compact disc or USB drive) and then runs a command line program located on the disc or USB drive that will locate the CESG key, obtain the key, and then inserts the key into the PGP Whole Disk Encryption client installation. Please refer to the PGP CAPS Activation Package for PGP Whole Disk Encryption Administrator Guide for more information.

If I have a version of PGP Whole Disk Encryption prior to CAPS that is already deployed, and I wish to upgrade to CAPS Approved PGP Whole Disk Encryption what do I have to do?

If you have a version of PGP Whole Disk Encryption prior to the CAPS approved version of PGP Whole Disk Encryption and you wish to update your installation to the CAPS approved version, you must first decrypt the client drives and then encrypt again with the CAPS approved PGP Whole Disk Encryption product.

 

When deploying the PGP CAPS Activation Package in a managed environment, be sure that you have obtained the special software update package (.pup) and installed it on the PGP Universal Server. This pup file is used to replace the msi installer to include the CAPS Activation package in PGP Universal Server. Once the CAPS activation package PUP update is applied, you just need to install the PGP Desktop for CAPS Whole Disk Encryption and change the PGP Stamp to have it managed by PGP Universal Server. For more information on changing the PGP Stamp, please refer to following article:

http://www.symantec.com/docs/TECH166507

Please refer to the PGP CAPS Activation Package for PGP Whole Disk Encryption Administrator Guide for more information.

Can I have a mix of CAPS Approved PGP Whole Disk Encryption and PGP Whole Disk Encryption in my environment?
Yes. For workgroups that have a requirement to protect information up to Impact Level (IL) 3 Restricted i.e. CAPS Baseline, the PGP CAPS Activation Package for PGP Whole Disk Encryption is recommended.

For other workgroups in a secure environment that do not have a requirement of CAPS Baseline, PGP Whole Disk Encryption may be used. With PGP, all products use the same high-grade encryption that has gone through the rigorous CAPS approval process.

PGP Universal Server, the centralized management server for PGP Whole Disk Encryption is CAPS approved and displays all client systems that are PGP Whole Disk Encrypted including those client system with CAPS Approved PGP Whole Disk Encryption.

Can I use USB devices in the CAPS environment?
CESG security procedures do not currently allow the use of removable devices. PGP Corporation plans to work with CESG to add this support in the future.