FIPS 140-2 certification status for the PGP product line cryptographic module
search cancel

FIPS 140-2 certification status for the PGP product line cryptographic module

book

Article ID: 178330

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption PGP Command Line Encryption Management Server Gateway Email Encryption File Share Encryption Endpoint Encryption PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Several Symantec Encryption products (PGP Encryption Desktop, PGP Encryption Server, PGP Command Line) are FIPS 140-2 certified by NIST (National Institute of Standards and Technology in the USA).


For Symantec Endpoint Encryption 11 (SEE Products) and FIPS validation information, see article the following article:

150141 - FIPS 140-2 certification status for the Symantec Endpoint Encryption 11 cryptographic module

 

This article will provide information on the FIPS Validation for Symantec Encryption Products

Environment

  • PGP Encryption Server 11.0.1 and above (Validated).
  • PGP Encryption Desktop/Symantec Encryption Desktop 10.4 and above (Validated).
  • PGP Command Line 10.4 and above (Validated on Windows)

Resolution

The FIPS 140-2 status of the following products is as follows:

  • PGP Encryption Server / (Symantec Encryption Management Server) - Validated on versions 11.0.1 and above. 

  • PGP Encryption Desktop / Symantec Encryption Desktop for Windows (PGP Desktop) - FIPS 140-2 validated by default. In release 10.4.1 MP1 and above, no changes to enable FIPS 140-2 are required. There was an issue when enabling FIPS 140-2 in release 10.4 - see article 163582.

  • PGP Encryption Desktop / Symantec Encryption Desktop for Mac - not currently FIPS validated.

  • PGP Encryption Desktop / Symantec Encryption Desktop for Linux/AIX/HPUX - not currently FIPS validated.


Please bookmark this article and check back periodically for updates. 

Symantec Enterprise Division obtained validation by NIST on October 21, 2020 for SDK version 4.4 so as of this writing there are two cryptographic SDK versions that are currently validated and each of these validations are listed below:

SDK Version 4.4:
Module Name: Symantec PGP Cryptographic Engine
Standard: FIPS 140-2
Status: Active
Validation Dates: 10/21/2020
Overall Level1

SDK Version 4.3:
Module Name: Symantec PGP Cryptographic Engine
Standard: FIPS 140-2
Status: Historical
Validation Dates: 05/21/2015, 07/06/2015
Overall Level1


Note that FIPS Validation for Symantec Encryption products that use SDK version 4.3 have entered a "Historical" status. As stated in the NIST documentation, FIPS validation is still considered valid and is not considered "Revoked", "Expired" or "Invalid", and can still be used in most cases--consult your own FIPS requirements. Therefore SDK version 4.3 is still considered FIPS validated and will remain valid pending a status change to "Revoked". 
 

A future version of Symantec Encryption Desktop will use SDK 4.4.  Check back for further updates on this, but in the meantime all previously-established FIPS validations remain intact and are considered current (Even while in "Historical" status).  For more details on this, please contact Symantec Enterprise Division support (As of this writing, all PGP products still use the SDK 4.3).

 

For Symantec Endpoint Encryption 11 and FIPS validation information, see article 150141.

Reach out to  Symantec Encryption Support  for further questions.

Additional Information