FIPS 140-2 certification status for the PGP-Heritage product line cryptographic module

book

Article ID: 178330

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption PGP Command Line Encryption Management Server File Share Encryption Powered by PGP Technology Gateway Email Encryption Encryption Desktop Powered by PGP Technology Desktop Email Encryption, Powered by PGP Technology File Share Encryption Encryption Management Server Powered by PGP Technology Gateway Email Encryption Powered by PGP Technology

Issue/Introduction

Some Encryption products are FIPS 140-2 certified by NIST (National Institute of Standards and Technology in the USA).

Environment

  • Symantec Encryption Management Server 3.4 and above.
  • Symantec Encryption Desktop 10.4 and above.
  • PGP Command Line 10.4 and above.

Resolution

The FIPS 140-2 status of the following products is as follows:

  • Encryption Management Server - not currently validated.
  • Encryption Desktop for Windows - FIPS 140-2 validated by default. In release 10.4.1 MP1 and above, no changes to enable FIPS 140-2 are required. There was an issue when enabling FIPS 140-2 in release 10.4 - see article 163582.
  • Encryption Desktop for Mac - not currently FIPS validated.
  • Encryption Desktop for Linux - not currently FIPS validated.

Please bookmark this article and check back periodically for updates. 

Symantec Enterprise Division obtained validation by NIST on October 21, 2020 for SDK version 4.4 so as of this writing there are two cryptographic SDK versions that are currently validated and each of these validations are listed below:

SDK Version 4.4:
Module Name: Symantec PGP Cryptographic Engine
Standard: FIPS 140-2
Status: Active
Validation Dates: 10/21/2020
Overall Level1

SDK Version 4.3:
Module Name: Symantec PGP Cryptographic Engine
Standard: FIPS 140-2
Status: Historical
Validation Dates: 05/21/2015, 07/06/2015
Overall Level1

Note that FIPS Validation for Symantec Encryption products that use SDK version 4.3 has entered a "Historical" status. As stated in the NIST documentation, FIPS validation is still considered valid and is not considered "Revoked", "Expired" or "Invalid". Therefore SDK version 4.3 is still considered FIPS validated and will remain valid pending a status change to "Revoked".

A future version of Symantec Encryption Desktop will use SDK 4.4.  Check back for further updates on this, but in the meantime all previously-established FIPS validations remain intact and are considered current (Even while in "Historical" status).  For more details on this, please contact Symantec Enterprise Division support.

 

For Symantec Endpoint Encryption 11 and FIPS validation information, see article 150141.

Additional Information

To be able to search on the NIST website for validated modules, click here.

To see all all modules currently in process for validation, click here.

Etrack: 3989802