epc-des-2010JAN08

Document Sample
epc-des-2010JAN08 Powered By Docstoc
					Enterprise Key Management (EKM)
Products and services that facilitate the implementation of end-to-end encryption from the low-level
management interfaces for hard drives to the top-end storage in a data center.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable, but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.



        EKM                                                                                                                                                              Voltage         Voltage          Voltage
        Technical and Functional Requirements by Category                                                                                             CheckPoint       SecureData       Securefile       SecureMail
       Certification and Standards
         Product is capable of using the user's PKI encryption certificate within the PIV II compliant Smartcard to protect the full volume
   1                                                                                                                                                       Yes              No          Not Applicable   Not Applicable
         encryption key

         Product is capable of using the user's PKI encryption certificate contained in the PIV II compliant Smartcard to encrypt the file that
   2                                                                                                                                                       Yes              No          Not Applicable   Not Applicable
         contains the system generated file/folder encryption key

   3     Products provides an option to use only FIPS 180-2 compliant algorithms for hashing and signing                                                   No               Yes         Not Applicable   Not Applicable
   4     Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                        Yes              No          Not Applicable   Not Applicable
   5     Product is CC EAL44 certified                                                                                                                     Yes              No          Not Applicable   Not Applicable
   6     Product is CC EAL2 certified                                                                                                                      No               Yes         Not Applicable   Not Applicable

       Usability and Security Features
         If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
   7                                                                                                                                                       Yes              No          Not Applicable   Not Applicable
         deactivate or 'grey out' undesirable or unauthorized options.

   8     Product integrates PKI with digital signatures and per-message encryption                                                                    Not Applicable   Not Applicable   Not Applicable   Not Applicable
   9     Product supports identification and filtering of high risk attachments                                                                       Not Applicable   Not Applicable   Not Applicable   Not Applicable

       Scalability and Management Console Features
         The product's administrator management console supports ability to secure the PK-enabled administrative interface by using a PIV II
  10                                                                                                                                                       Yes              No          Not Applicable   Not Applicable
         compliant Smartcard for authentication


         The product's administrator management console is scalable to support large enterprise environments and integrates with existing
         technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
  11                                                                                                                                                       Yes              Yes         Not Applicable   Not Applicable
         portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
         expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering


         Product enables two-factor authentication using smart cards, e.g., RSA SecureID 800, email answerback, question and answer,
  12                                                                                                                                                       Yes              Yes         Not Applicable   Not Applicable
         PIN/password, Active Directory, LDAP and custom adaptors

         Product is available on an hardened appliance platform including hardware, operating system, supporting applications (including an
  13                                                                                                                                                  Not Applicable        Yes         Not Applicable   Not Applicable
         embedded Certification Authority) and ongoing online updates.

  14     Product encrypts multiple accounts                                                                                                                No               No               No               No


TCEWG Encryption Requirements (Vendor Survey Responses)
EKM: 8 Vendors, 23 DESIRABLE FEATURES                                                                                                                                                                                     Page 1 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                     5/6/2012
Enterprise Key Management (EKM)
Products and services that facilitate the implementation of end-to-end encryption from the low-level
management interfaces for hard drives to the top-end storage in a data center.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable, but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.



        EKM                                                                                                                                                            McAfee/          Mobile Armor
        Technical and Functional Requirements by Category                                                                                                PGP           SafeBoot         PolicyServer       Credant
       Certification and Standards
         Product is capable of using the user's PKI encryption certificate within the PIV II compliant Smartcard to protect the full volume
   1                                                                                                                                                       Yes              Yes               Yes              Yes
         encryption key

         Product is capable of using the user's PKI encryption certificate contained in the PIV II compliant Smartcard to encrypt the file that
   2                                                                                                                                                       Yes              Yes          Not Applicable        Yes
         contains the system generated file/folder encryption key

   3     Products provides an option to use only FIPS 180-2 compliant algorithms for hashing and signing                                                   No               Yes               Yes              Yes
   4     Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                        No               Yes               No               Yes
   5     Product is CC EAL44 certified                                                                                                                     No          Not Applicable         Yes              Yes
   6     Product is CC EAL2 certified                                                                                                                      No          Not Applicable         Yes              Yes

       Usability and Security Features
         If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
   7                                                                                                                                                       Yes              Yes          Not Applicable        Yes
         deactivate or 'grey out' undesirable or unauthorized options.

   8     Product integrates PKI with digital signatures and per-message encryption                                                                         Yes              Yes          Not Applicable   Not Applicable
   9     Product supports identification and filtering of high risk attachments                                                                       Not Applicable   Not Applicable    Not Applicable   Not Applicable

       Scalability and Management Console Features
         The product's administrator management console supports ability to secure the PK-enabled administrative interface by using a PIV II
  10                                                                                                                                                       No               Yes               Yes              No
         compliant Smartcard for authentication


         The product's administrator management console is scalable to support large enterprise environments and integrates with existing
         technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
  11                                                                                                                                                       Yes              Yes               Yes              Yes
         portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
         expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering


         Product enables two-factor authentication using smart cards, e.g., RSA SecureID 800, email answerback, question and answer,
  12                                                                                                                                                  Not Applicable   Not Applicable         Yes         Not Applicable
         PIN/password, Active Directory, LDAP and custom adaptors

         Product is available on an hardened appliance platform including hardware, operating system, supporting applications (including an
  13                                                                                                                                                  Not Applicable   Not Applicable    Not Applicable   Not Applicable
         embedded Certification Authority) and ongoing online updates.

  14     Product encrypts multiple accounts                                                                                                                No               No                No          Not Applicable


TCEWG Encryption Requirements (Vendor Survey Responses)
EKM: 8 Vendors, 23 DESIRABLE FEATURES                                                                                                                                                                                      Page 2 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                      5/6/2012
Enterprise Key Management (EKM)
Products and services that facilitate the implementation of end-to-end encryption from the low-level
management interfaces for hard drives to the top-end storage in a data center.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable, but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.



        EKM                                                                                                                                                          Voltage         Voltage          Voltage
        Technical and Functional Requirements by Category                                                                                             CheckPoint   SecureData       Securefile       SecureMail
  15     Product will support or integrate with existing asset/license tracking and management tools                                                     Yes       Not Applicable   Not Applicable   Not Applicable
  16     Product supports secure remote management of devices to support remote users                                                                    Yes       Not Applicable   Not Applicable   Not Applicable

         The product or encryption system is configurable to not interfere with remote distribution and full installation of applications, patches,
  17                                                                                                                                                     Yes            Yes         Not Applicable   Not Applicable
         and updates while connected to the network, and without user intervention

       Integration and Interoperability Features
       (Supported operating system, hardware, firmware)
  18     Product supports integration to Active Directory                                                                                                Yes            Yes         Not Applicable   Not Applicable
  19     Product supports XML (eXtensible Markup Language) support                                                                                       Yes            Yes         Not Applicable   Not Applicable

       Disaster Recovery, Continuity of Operations, eDiscovery
         Product supports eDiscovery, message retention and review requirements using an end-to-end encryption methodology that preserves
  20                                                                                                                                                     Yes       Not Applicable   Not Applicable   Not Applicable
         the indexing and search ability of the archive

       General and Technical Support
  21     Product requires minimal or no user training to utilize the product                                                                             Yes            Yes         Not Applicable   Not Applicable
  22     Vendor provides virtual web-based training for the product                                                                                      Yes            Yes         Not Applicable   Not Applicable

       Licensing and Costing
  23     Licenses include home-use rights                                                                                                                Yes            No          Not Applicable   Not Applicable




TCEWG Encryption Requirements (Vendor Survey Responses)
EKM: 8 Vendors, 23 DESIRABLE FEATURES                                                                                                                                                                                 Page 3 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                 5/6/2012
Enterprise Key Management (EKM)
Products and services that facilitate the implementation of end-to-end encryption from the low-level
management interfaces for hard drives to the top-end storage in a data center.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable, but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.



        EKM                                                                                                                                                            McAfee/    Mobile Armor
        Technical and Functional Requirements by Category                                                                                                PGP           SafeBoot   PolicyServer      Credant
  15     Product will support or integrate with existing asset/license tracking and management tools                                                       Yes           Yes       Not Applicable     No
  16     Product supports secure remote management of devices to support remote users                                                                      Yes           Yes       Not Applicable     Yes

         The product or encryption system is configurable to not interfere with remote distribution and full installation of applications, patches,
  17                                                                                                                                                       Yes           Yes            Yes           Yes
         and updates while connected to the network, and without user intervention

       Integration and Interoperability Features
       (Supported operating system, hardware, firmware)
  18     Product supports integration to Active Directory                                                                                                  Yes           Yes            Yes           Yes
  19     Product supports XML (eXtensible Markup Language) support                                                                                         Yes           Yes       Not Applicable     Yes

       Disaster Recovery, Continuity of Operations, eDiscovery
         Product supports eDiscovery, message retention and review requirements using an end-to-end encryption methodology that preserves
  20                                                                                                                                                  Not Applicable     Yes       Not Applicable     No
         the indexing and search ability of the archive

       General and Technical Support
  21     Product requires minimal or no user training to utilize the product                                                                               Yes           Yes            Yes           Yes
  22     Vendor provides virtual web-based training for the product                                                                                     Unknown          Yes           Yes            Yes

       Licensing and Costing
  23     Licenses include home-use rights                                                                                                                  No             No       Not Applicable     Yes




TCEWG Encryption Requirements (Vendor Survey Responses)
EKM: 8 Vendors, 23 DESIRABLE FEATURES                                                                                                                                                                         Page 4 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                         5/6/2012
Full Disk Encryption (FDE)
A form of encryption (software or hardware) which encrypts every bit of data that is placed and stored on a disk
(also referred to as whole disk encryption).

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        FDE                                                                                                                                                             Voltage          Voltage                          McAfee/          MobileArmor       MobileArmor
        Technical and Functional Requirements by Category                                                                                             CheckPoint       SecureFile       SecureMail          PGP           SafeBoot          DataArmor        DriveArmor
       Certification and Standards
         Product is capable of using the user's PKI encryption certificate within the PIV II compliant Smartcard to protect the full volume
   1                                                                                                                                                       Yes         Not Applicable   Not Applicable        Yes              Yes               Yes               Yes
         encryption key

         Product is capable of using the user's PKI encryption certificate contained in the PIV II compliant Smartcard to encrypt the file that
   2                                                                                                                                                  Not Applicable   Not Applicable   Not Applicable        Yes              Yes          Not Applicable    Not Applicable
         contains the system generated file/folder encryption key

   3     Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                        Yes         Not Applicable   Not Applicable        Yes              Yes               No             Unknown
   4     Product is CC EAL44 certified                                                                                                                     Yes         Not Applicable   Not Applicable        No          Not Applicable         Yes               Yes
   5     Product is CC EAL2 certified                                                                                                                 Not Applicable   Not Applicable   Not Applicable        No          Not Applicable         Yes               Yes

       Usability and Security Features
         If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
   6                                                                                                                                                       Yes         Not Applicable   Not Applicable        Yes              Yes          Not Applicable    Not Applicable
         deactivate or 'grey out' undesirable or unauthorized options.

       Scalability and Management Console Features
         The product's administrator management console supports ability to secure the PK-enabled administrative interface by using a PIV II
   7                                                                                                                                                       Yes         Not Applicable   Not Applicable        No               Yes               Yes               Yes
         compliant Smartcard for authentication


         The product's administrator management console is scalable to support large enterprise environments and integrates with existing
         technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
   8                                                                                                                                                       Yes         Not Applicable   Not Applicable        Yes              Yes          Not Applicable    Not Applicable
         portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
         expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering


         Product enables two-factor authentication using smart cards, e.g., RSA SecureID 800, email answerback, question and answer,
   9                                                                                                                                                  Not Applicable   Not Applicable   Not Applicable   Not Applicable   Not Applicable         Yes               Yes
         PIN/password, Active Directory, LDAP and custom adaptors

         Product is available on an hardened appliance platform including hardware, operating system, supporting applications (including an
  10                                                                                                                                                  Not Applicable   Not Applicable   Not Applicable   Not Applicable   Not Applicable    Not Applicable         Yes
         embedded Certification Authority) and ongoing online updates.

  11     Product encrypts multiple accounts                                                                                                                No               No               No               No               No                No                No




TCEWG Encryption Requirements (Vendor Survey Responses)
FDE: 10 Vendors, 24 DESIRABLE FEATURES                                                                                                                                                                                                                                   Page 5 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                                    5/6/2012
Full Disk Encryption (FDE)
A form of encryption (software or hardware) which encrypts every bit of data that is placed and stored on a disk
(also referred to as whole disk encryption).

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        FDE                                                                                                                                           MobileArmor
        Technical and Functional Requirements by Category                                                                                              KeyArmor         Symantec          Credant
       Certification and Standards
         Product is capable of using the user's PKI encryption certificate within the PIV II compliant Smartcard to protect the full volume
   1                                                                                                                                                        Yes              No               Yes
         encryption key

         Product is capable of using the user's PKI encryption certificate contained in the PIV II compliant Smartcard to encrypt the file that
   2                                                                                                                                                   Not Applicable        Yes              Yes
         contains the system generated file/folder encryption key

   3     Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                      Unknown             Yes              Yes
   4     Product is CC EAL44 certified                                                                                                                      Yes              No               Yes
   5     Product is CC EAL2 certified                                                                                                                       Yes              No               Yes

       Usability and Security Features
         If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
   6                                                                                                                                                   Not Applicable        Yes              Yes
         deactivate or 'grey out' undesirable or unauthorized options.

       Scalability and Management Console Features
         The product's administrator management console supports ability to secure the PK-enabled administrative interface by using a PIV II
   7                                                                                                                                                   Not Applicable   Not Applicable        No
         compliant Smartcard for authentication


         The product's administrator management console is scalable to support large enterprise environments and integrates with existing
         technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
   8                                                                                                                                                   Not Applicable   Not Applicable        Yes
         portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
         expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering


         Product enables two-factor authentication using smart cards, e.g., RSA SecureID 800, email answerback, question and answer,
   9                                                                                                                                                        Yes         Not Applicable   Not Applicable
         PIN/password, Active Directory, LDAP and custom adaptors

         Product is available on an hardened appliance platform including hardware, operating system, supporting applications (including an
  10                                                                                                                                                        Yes         Not Applicable   Not Applicable
         embedded Certification Authority) and ongoing online updates.

  11     Product encrypts multiple accounts                                                                                                                 No               No          Not Applicable




TCEWG Encryption Requirements (Vendor Survey Responses)
FDE: 10 Vendors, 24 DESIRABLE FEATURES                                                                                                                                                                    Page 6 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                     5/6/2012
Full Disk Encryption (FDE)
A form of encryption (software or hardware) which encrypts every bit of data that is placed and stored on a disk
(also referred to as whole disk encryption).

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        FDE                                                                                                                                                      Voltage          Voltage                          McAfee/          MobileArmor       MobileArmor
        Technical and Functional Requirements by Category                                                                                          CheckPoint   SecureFile       SecureMail          PGP           SafeBoot          DataArmor        DriveArmor
       Integration and Interoperability Features
       (Supported operating system, hardware, firmware)
  12     Product supports integration to Active Directory                                                                                             Yes       Not Applicable   Not Applicable        Yes              Yes          Not Applicable    Not Applicable
  13     Product can be integrated into State Entity host-based security solutions as a module running on an endpoint computer                        Yes       Not Applicable   Not Applicable        Yes              Yes          Not Applicable    Not Applicable
  14     Product supports Trusted Platform Module (TPM) chip version 1.2 or higher                                                                    Yes       Not Applicable   Not Applicable        Yes              Yes          Not Applicable    Not Applicable
  15     Product is compatible with standard applications, protocols, and communications within the State Government                                  Yes       Not Applicable   Not Applicable        Yes              Yes               Yes               Yes
  16     Product supports boot into multiple operating systems on a single device                                                                     Yes       Not Applicable   Not Applicable        Yes              Yes               No                Yes

         Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration; has the
  17                                                                                                                                                  Yes       Not Applicable   Not Applicable   Not Applicable        Yes          Not Applicable    Not Applicable
         ability to adapt to varying key use APIs on diverse encryption endpoints

  18     The product supports Single Sign-On (simultaneous pre-boot and O/S logon)                                                                    Yes       Not Applicable   Not Applicable        Yes              Yes               Yes               Yes

         Product provides automatic integration with ID management systems where new account equals new key, deleted account equals
  19                                                                                                                                                  Yes       Not Applicable   Not Applicable   Not Applicable        Yes          Not Applicable    Not Applicable
         revoked key

  20     Product supports use of PIV II compliant Smartcard for boot authentication with no modification of card required                             Yes       Not Applicable   Not Applicable        Yes              Yes               Yes               Yes
  21     Product supports use of PIV II compliant Smartcard on a Government approved token for boot authentication                                    Yes       Not Applicable   Not Applicable        Yes              Yes               Yes               Yes
  22     Product is compatible with Windows Mobile 5.0 See note above                                                                                  No       Not Applicable   Not Applicable        No          Not Applicable         Yes          Not Applicable

       General and Technical Support
  23     Vendor provides virtual web-based training for the product                                                                                   Yes       Not Applicable   Not Applicable     Unknown             Yes              Yes               Yes

       Licensing and Costing
  24     Licenses include home-use rights                                                                                                              No       Not Applicable   Not Applicable        No               No                Yes          Not Applicable




TCEWG Encryption Requirements (Vendor Survey Responses)
FDE: 10 Vendors, 24 DESIRABLE FEATURES                                                                                                                                                                                                                            Page 7 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                             5/6/2012
Full Disk Encryption (FDE)
A form of encryption (software or hardware) which encrypts every bit of data that is placed and stored on a disk
(also referred to as whole disk encryption).

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        FDE                                                                                                                                        MobileArmor
        Technical and Functional Requirements by Category                                                                                           KeyArmor         Symantec         Credant
       Integration and Interoperability Features
       (Supported operating system, hardware, firmware)
  12     Product supports integration to Active Directory                                                                                           Not Applicable        Yes           Yes
  13     Product can be integrated into State Entity host-based security solutions as a module running on an endpoint computer                      Not Applicable        Yes           Yes
  14     Product supports Trusted Platform Module (TPM) chip version 1.2 or higher                                                                  Not Applicable   Not Applicable     Yes
  15     Product is compatible with standard applications, protocols, and communications within the State Government                                     Yes              Yes           Yes
  16     Product supports boot into multiple operating systems on a single device                                                                   Not Applicable   Not Applicable     Yes

         Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration; has the
  17                                                                                                                                                Not Applicable   Not Applicable     Yes
         ability to adapt to varying key use APIs on diverse encryption endpoints

  18     The product supports Single Sign-On (simultaneous pre-boot and O/S logon)                                                                       Yes              Yes           Yes

         Product provides automatic integration with ID management systems where new account equals new key, deleted account equals
  19                                                                                                                                                Not Applicable   Not Applicable     Yes
         revoked key

  20     Product supports use of PIV II compliant Smartcard for boot authentication with no modification of card required                                Yes              No            Yes
  21     Product supports use of PIV II compliant Smartcard on a Government approved token for boot authentication                                  Not Applicable        Yes           Yes
  22     Product is compatible with Windows Mobile 5.0 See note above                                                                               Not Applicable        No            Yes

       General and Technical Support
  23     Vendor provides virtual web-based training for the product                                                                                     Yes               No            Yes

       Licensing and Costing
  24     Licenses include home-use rights                                                                                                                Yes              No            Yes




TCEWG Encryption Requirements (Vendor Survey Responses)
FDE: 10 Vendors, 24 DESIRABLE FEATURES                                                                                                                                                          Page 8 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                           5/6/2012
File Encryption System (FES)
A form of disk encryption in which individual files or directories are encrypted by the file system itself, allowing
users to specify which files or folders require encryption and files and/or folders are encrypted and decrypted as
necessary.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        FES                                                                                                                                                             Voltage          Voltage                          McAfee/          MobileArmor
       Technical and Functional Requirements by Category                                                                                              CheckPoint       SecureFile       SecureMail          PGP           SafeBoot          FileArmor        Credant
       Certification and Standards
         Product is capable of using the user's PKI encryption certificate within the PIV II compliant Smartcard to protect the full volume
   1                                                                                                                                                  Not Applicable   Not Applicable   Not Applicable        Yes              Yes               Yes           Yes
         encryption key

         Product is capable of using the user's PKI encryption certificate contained in the PIV II compliant Smartcard to encrypt the file that
   2                                                                                                                                                       Yes         Not Applicable   Not Applicable        Yes              Yes               Yes           Yes
         contains the system generated file/folder encryption key

   3     Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                        No               No          Not Applicable        No               Yes            Unknown          Yes
   4     Product is CC EAL44 certified                                                                                                                     No               No          Not Applicable        No          Not Applicable         Yes           Yes
   5     Product is CC EAL2 certified                                                                                                                 Not Applicable        Yes         Not Applicable        No          Not Applicable         Yes           Yes

       Usability and Security Features
         If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
   6                                                                                                                                                  Not Applicable        No          Not Applicable        Yes              Yes          Not Applicable     Yes
         deactivate or 'grey out' undesirable or unauthorized options.

       Scalability and Management Console Features
         The product's administrator management console supports ability to secure the PK-enabled administrative interface by using a PIV II
   7                                                                                                                                                       Yes              Yes         Not Applicable        No               Yes          Not Applicable     No
         compliant Smartcard for authentication


         The product's administrator management console is scalable to support large enterprise environments and integrates with existing
         technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
   8                                                                                                                                                       Yes              Yes         Not Applicable        Yes              Yes          Not Applicable     Yes
         portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
         expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering


         The product or encryption system is configurable to not interfere with remote distribution and full installation of applications, patches,
   9                                                                                                                                                       Yes              Yes         Not Applicable        Yes              Yes               Yes           Yes
         and updates while connected to the network, and without user intervention

       Integration and Interoperability Features
       (Supported operating system, hardware, firmware)
  10     Product supports integration to Active Directory                                                                                                  Yes              Yes         Not Applicable        Yes              Yes          Not Applicable     Yes
  11     Product supports XML (eXtensible Markup Language) support                                                                                         Yes              Yes         Not Applicable        Yes              Yes          Not Applicable     Yes
  12     Product can be integrated into State Entity host-based security solutions as a module running on an endpoint computer                             Yes              Yes         Not Applicable        Yes              Yes          Not Applicable     Yes
  13     Product supports Trusted Platform Module (TPM) chip version 1.2 or higher                                                                         No               No          Not Applicable   Not Applicable        Yes          Not Applicable     Yes
  14     Product is compatible with standard applications, protocols, and communications within the State Government                                       Yes              Yes         Not Applicable        Yes              Yes               Yes           Yes


TCEWG Encryption Requirements (Vendor Survey Responses)
FES: 7 Vendors, 22 DESIRABLE FEATURES                                                                                                                                                                                                                                  Page 9 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                                  5/6/2012
File Encryption System (FES)
A form of disk encryption in which individual files or directories are encrypted by the file system itself, allowing
users to specify which files or folders require encryption and files and/or folders are encrypted and decrypted as
necessary.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        FES                                                                                                                                                          Voltage      Voltage                          McAfee/    MobileArmor
        Technical and Functional Requirements by Category                                                                                          CheckPoint       SecureFile   SecureMail          PGP           SafeBoot    FileArmor        Credant
  15     Product supports boot into multiple operating systems on a single device                                                                  Not Applicable      Yes       Not Applicable        Yes           Yes       Not Applicable     Yes

         Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration; has the
  16                                                                                                                                               Not Applicable      Yes       Not Applicable   Not Applicable     Yes       Not Applicable     Yes
         ability to adapt to varying key use APIs on diverse encryption endpoints

  17     The product supports Single Sign-On (simultaneous pre-boot and O/S logon)                                                                      Yes            Yes       Not Applicable   Not Applicable     Yes            Yes           Yes

         Product provides automatic integration with ID management systems where new account equals new key, deleted account equals
  18                                                                                                                                                    Yes            Yes       Not Applicable   Not Applicable     Yes       Not Applicable     Yes
         revoked key

  19     Product supports use of PIV II compliant Smartcard for boot authentication with no modification of card required                               Yes            Yes       Not Applicable   Not Applicable     Yes            Yes           Yes
         Product supports use of PIV II compliant Smartcard on a Government approved token for boot authentication                                      Yes            Yes       Not Applicable   Not Applicable     Yes       Not Applicable     Yes
  20     Product is compatible with Windows Mobile 5.0 See note above                                                                                   Yes             No       Not Applicable        Yes           Yes            No            Yes

       General and Technical Support
  21     Vendor provides virtual web-based training for the product                                                                                     Yes            Yes       Not Applicable     Unknown          Yes            Yes           Yes

       Licensing and Costing
  22     Licenses include home-use rights                                                                                                               No              No       Not Applicable        No             No            Yes           Yes




TCEWG Encryption Requirements (Vendor Survey Responses)
FES: 7 Vendors, 22 DESIRABLE FEATURES                                                                                                                                                                                                                   Page 10 of 20
af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                    5/6/2012
Removable Media Encryption (RME)
A form of disk encryption for portable storage media (e.g., USB flash drives, portable hard drives, and CD/DVD
drives) that can be removed from its reader device, conferring portability on the data it carries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.




        RME                                                                                                                                                              Voltage          Voltage               McAfee/
        Technical and Functional Requirements by Category                                                                                              CheckPoint       SecureFile       SecureMail       PGP   SafeBoot
        Certification and Standards
  1       Products provides an option to use only FIPS 180-2 compliant algorithms for hashing and signing                                                   No          Not Applicable   Not Applicable   No         Yes
  2       Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                        No          Not Applicable   Not Applicable   No         Yes
  3       Product is CC EAL44 certified                                                                                                                     No          Not Applicable   Not Applicable   No    Not Applicable
  4       Product is CC EAL2 certified                                                                                                                      Yes         Not Applicable   Not Applicable   No    Not Applicable

        Usability and Security Features
  5       Product supports key revocation including re-encrypting old data as necessary, and key aging                                                      Yes         Not Applicable   Not Applicable   Yes        Yes

          If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
  6                                                                                                                                                    Not Applicable   Not Applicable   Not Applicable   Yes        Yes
          deactivate or 'grey out' undesirable or unauthorized options.

  7       Product has the capability to allow administrators to provide remote assistance to users who are locked out                                       Yes         Not Applicable   Not Applicable   Yes        Yes

        Scalability and Management Console Features

          The product's administrator management console is scalable to support large enterprise environments and integrates with existing
          technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
  8                                                                                                                                                         Yes         Not Applicable   Not Applicable   Yes        Yes
          portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
          expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering

  9       Product will support or integrate with existing asset/license tracking and management tools                                                       Yes         Not Applicable   Not Applicable   Yes        Yes
 10       Product supports secure remote management of devices to support remote users                                                                      Yes         Not Applicable   Not Applicable   Yes        Yes




      TCEWG Encryption Requirements (Vendor Survey Responses)
      RME: 14 Vendors, 15 DESIRABLE FEATURES                                                                                                                                                                                     Page 11 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                       5/6/2012
Removable Media Encryption (RME)
A form of disk encryption for portable storage media (e.g., USB flash drives, portable hard drives, and CD/DVD
drives) that can be removed from its reader device, conferring portability on the data it carries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


                                                                                                                                                           Kanguru          Kanguru
                                                                                                                                                       Micro Drive AES      Bio AES           Kanguru
                                                                                                                                                        Encrypted USB     Encrypted USB     Defender Elite
        RME                                                                                                                                              Flash Drive       Flash Drive      Encrypted USB      IronKey USB       MobileArmor       MobileArmor
        Technical and Functional Requirements by Category                                                                                                (AES-KMD-x)      (AES-SB-MD-x)      Flash Drive        Flash Drive       FileArmor         KeyArmor
        Certification and Standards
  1       Products provides an option to use only FIPS 180-2 compliant algorithms for hashing and signing                                                     Yes               Yes                Yes               Yes               Yes               Yes
  2       Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                          No                No                 No                No                No                No
  3       Product is CC EAL44 certified                                                                                                                       No                No                 No                No                Yes               Yes
  4       Product is CC EAL2 certified                                                                                                                        No                No                 No                No                Yes               Yes

        Usability and Security Features
  5       Product supports key revocation including re-encrypting old data as necessary, and key aging                                                   Not Applicable    Not Applicable     Not Applicable    Not Applicable         No                No

          If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
  6                                                                                                                                                      Not Applicable    Not Applicable     Not Applicable    Not Applicable    Not Applicable    Not Applicable
          deactivate or 'grey out' undesirable or unauthorized options.

  7       Product has the capability to allow administrators to provide remote assistance to users who are locked out                                         No                Yes                Yes               Yes               Yes               Yes

        Scalability and Management Console Features

          The product's administrator management console is scalable to support large enterprise environments and integrates with existing
          technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
  8                                                                                                                                                      Not Applicable    Not Applicable     Not Applicable    Not Applicable    Not Applicable    Not Applicable
          portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
          expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering

  9       Product will support or integrate with existing asset/license tracking and management tools                                                    Not Applicable    Not Applicable     Not Applicable         Yes          Not Applicable    Not Applicable
 10       Product supports secure remote management of devices to support remote users                                                                     Unknown           Unknown               Yes               Yes          Not Applicable    Not Applicable




      TCEWG Encryption Requirements (Vendor Survey Responses)
      RME: 14 Vendors, 15 DESIRABLE FEATURES                                                                                                                                                                                                                Page 12 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                  5/6/2012
Removable Media Encryption (RME)
A form of disk encryption for portable storage media (e.g., USB flash drives, portable hard drives, and CD/DVD
drives) that can be removed from its reader device, conferring portability on the data it carries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.




        RME                                                                                                                                            Kingston
        Technical and Functional Requirements by Category                                                                                               Digital         Symantec         Credant
        Certification and Standards
  1       Products provides an option to use only FIPS 180-2 compliant algorithms for hashing and signing                                                   Yes              Yes           Yes
  2       Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                        No               No            Yes
  3       Product is CC EAL44 certified                                                                                                                Not Applicable        No            Yes
  4       Product is CC EAL2 certified                                                                                                                 Not Applicable        No            Yes

        Usability and Security Features
  5       Product supports key revocation including re-encrypting old data as necessary, and key aging                                                      Yes         Not Applicable     Yes

          If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
  6                                                                                                                                                    Not Applicable        Yes           Yes
          deactivate or 'grey out' undesirable or unauthorized options.

  7       Product has the capability to allow administrators to provide remote assistance to users who are locked out                                  Not Applicable        Yes           Yes

        Scalability and Management Console Features

          The product's administrator management console is scalable to support large enterprise environments and integrates with existing
          technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail hygiene,
  8                                                                                                                                                    Not Applicable   Not Applicable     Yes
          portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts, message
          expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content monitoring and filtering

  9       Product will support or integrate with existing asset/license tracking and management tools                                                       Yes              Yes           No
 10       Product supports secure remote management of devices to support remote users                                                                      No               Yes           Yes




      TCEWG Encryption Requirements (Vendor Survey Responses)
      RME: 14 Vendors, 15 DESIRABLE FEATURES                                                                                                                                                       Page 13 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                         5/6/2012
Removable Media Encryption (RME)
A form of disk encryption for portable storage media (e.g., USB flash drives, portable hard drives, and CD/DVD
drives) that can be removed from its reader device, conferring portability on the data it carries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.




        RME                                                                                                                                                       Voltage          Voltage                          McAfee/
        Technical and Functional Requirements by Category                                                                                           CheckPoint   SecureFile       SecureMail          PGP           SafeBoot
        Integration and Interoperability Features
        (Supported operating system, hardware, firmware)
 11       Product supports integration to Active Directory                                                                                             Yes       Not Applicable   Not Applicable        Yes           Yes

          Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration; has the
 12                                                                                                                                                     No       Not Applicable   Not Applicable   Not Applicable     Yes
          ability to adapt to varying key use APIs on diverse encryption endpoints

          Product provides automatic integration with ID management systems where new account equals new key, deleted account equals
 13                                                                                                                                                    Yes       Not Applicable   Not Applicable   Not Applicable     Yes
          revoked key

        General and Technical Support
 14       Vendor provides virtual web-based training for the product                                                                                   Yes       Not Applicable   Not Applicable     Unknown          Yes

        Licensing and Costing
 15       Licenses include home-use rights                                                                                                              No       Not Applicable   Not Applicable        No             No




      TCEWG Encryption Requirements (Vendor Survey Responses)
      RME: 14 Vendors, 15 DESIRABLE FEATURES                                                                                                                                                                                   Page 14 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                     5/6/2012
Removable Media Encryption (RME)
A form of disk encryption for portable storage media (e.g., USB flash drives, portable hard drives, and CD/DVD
drives) that can be removed from its reader device, conferring portability on the data it carries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


                                                                                                                                                        Kanguru          Kanguru
                                                                                                                                                    Micro Drive AES      Bio AES           Kanguru
                                                                                                                                                     Encrypted USB     Encrypted USB     Defender Elite
        RME                                                                                                                                           Flash Drive       Flash Drive      Encrypted USB      IronKey USB       MobileArmor       MobileArmor
        Technical and Functional Requirements by Category                                                                                             (AES-KMD-x)      (AES-SB-MD-x)      Flash Drive        Flash Drive       FileArmor         KeyArmor
        Integration and Interoperability Features
        (Supported operating system, hardware, firmware)
 11       Product supports integration to Active Directory                                                                                                 No           Not Applicable          Yes               No           Not Applicable    Not Applicable

          Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration; has the
 12                                                                                                                                                   Not Applicable    Not Applicable     Not Applicable      Unknown         Not Applicable    Not Applicable
          ability to adapt to varying key use APIs on diverse encryption endpoints

          Product provides automatic integration with ID management systems where new account equals new key, deleted account equals
 13                                                                                                                                                   Not Applicable    Not Applicable     Not Applicable    Not Applicable    Not Applicable    Not Applicable
          revoked key

        General and Technical Support
 14       Vendor provides virtual web-based training for the product                                                                                       No                No                 No                Yes              Yes               Yes

        Licensing and Costing
 15       Licenses include home-use rights                                                                                                                 Yes               Yes                Yes               Yes               Yes               Yes




      TCEWG Encryption Requirements (Vendor Survey Responses)
      RME: 14 Vendors, 15 DESIRABLE FEATURES                                                                                                                                                                                                             Page 15 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                               5/6/2012
Removable Media Encryption (RME)
A form of disk encryption for portable storage media (e.g., USB flash drives, portable hard drives, and CD/DVD
drives) that can be removed from its reader device, conferring portability on the data it carries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.




        RME                                                                                                                                         Kingston
        Technical and Functional Requirements by Category                                                                                            Digital         Symantec         Credant
        Integration and Interoperability Features
        (Supported operating system, hardware, firmware)
 11       Product supports integration to Active Directory                                                                                          Not Applicable        Yes           Yes

          Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration; has the
 12                                                                                                                                                      No          Not Applicable     Yes
          ability to adapt to varying key use APIs on diverse encryption endpoints

          Product provides automatic integration with ID management systems where new account equals new key, deleted account equals
 13                                                                                                                                                      No          Not Applicable     Yes
          revoked key

        General and Technical Support
 14       Vendor provides virtual web-based training for the product                                                                                     No               No            Yes

        Licensing and Costing
 15       Licenses include home-use rights                                                                                                               Yes              No            Yes




      TCEWG Encryption Requirements (Vendor Survey Responses)
      RME: 14 Vendors, 15 DESIRABLE FEATURES                                                                                                                                                    Page 16 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                      5/6/2012
Electronic Messaging (Email) Encryptions (EME)
A form of encryption for messages that are exchanged via electornic media, primarily through electornic
mail (email), but may include Instant Messaging (IM) or Short Message Services (SMS).

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        EME                                                                                                                                                           Voltage                          McAfee/
        Technical and Functional Requirements by Category                                                                                           CheckPoint       SecureMail          PGP           SafeBoot          IronPort         Credant
        Certification and Standards
  1       Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                Not Applicable        No               Yes         Not Applicable        No          Not Applicable
  2       Product is CC EAL44 certified                                                                                                             Not Applicable        No               No          Not Applicable        No          Not Applicable
  3       Product is CC EAL2 certified                                                                                                              Not Applicable        Yes              No          Not Applicable        No          Not Applicable

        Usability and Security Features
          If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
  4                                                                                                                                                 Not Applicable        Yes              Yes              Yes              Yes         Not Applicable
          deactivate or 'grey out' undesirable or unauthorized options.

  5       Product supports identification and filtering of high risk attachments                                                                    Not Applicable   Not Applicable   Not Applicable        Yes              Yes         Not Applicable

        Scalability and Management Console Features
          The product's administrator management console supports ability to secure the PK-enabled administrative interface by using a
  6                                                                                                                                                 Not Applicable   Not Applicable   Not Applicable   Not Applicable     Unknown        Not Applicable
          PIV II compliant Smartcard for authentication

          The product's administrator management console is scalable to support large enterprise environments and integrates with existing
          technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail
  7       hygiene, portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts,            Not Applicable        Yes              Yes              Yes              Yes         Not Applicable
          message expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content
          monitoring and filtering

        Integration and Interoperability Features
        (Supported operating system, hardware, firmware)
  8       Product supports integration to Active Directory                                                                                          Not Applicable        Yes              Yes              Yes              Yes         Not Applicable

          Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration;
  9                                                                                                                                                 Not Applicable        Yes         Not Applicable   Not Applicable        Yes         Not Applicable
          has the ability to adapt to varying key use APIs on diverse encryption endpoints

 10       The product supports Single Sign-On (simultaneous pre-boot and O/S logon)                                                                 Not Applicable        Yes         Not Applicable   Not Applicable        Yes         Not Applicable
 11       Product supports AIM, MSN, and Yahoo!                                                                                                     Not Applicable   Not Applicable        Yes              Yes         Not Applicable   Not Applicable
 12       Product supports third-party, universal clients such as GAIM and Trillian                                                                 Not Applicable   Not Applicable        Yes         Not Applicable   Not Applicable   Not Applicable




      TCEWG Encryption Requirements (Vendor Survey Responses)
      EME: 6 Vendors,16 DESIRABLE FEATURES                                                                                                                                                                                                                Page 17 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                5/6/2012
Electronic Messaging (Email) Encryptions (EME)
A form of encryption for messages that are exchanged via electornic media, primarily through electornic
mail (email), but may include Instant Messaging (IM) or Short Message Services (SMS).

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        EME                                                                                                                  Voltage               McAfee/
        Technical and Functional Requirements by Category                                                  CheckPoint       SecureMail    PGP      SafeBoot         IronPort    Credant
 13       Product is compatible with Windows Mobile 5.0 See note above                                     Not Applicable      Yes         No      Not Applicable     Yes      Not Applicable
 14       Product is compatible with Linux to include Red Hat, SuSE See note above                         Not Applicable      Yes         No      Not Applicable     Yes      Not Applicable

        Disaster Recovery, Continuity of Operations, eDiscovery
 15       Vendor provides virtual web-based training for the product                                       Not Applicable      Yes       Unknown        Yes           Yes      Not Applicable

        Licensing and Costing
 16       Licenses include home-use rights                                                                 Not Applicable      Yes         No           No            Yes      Not Applicable




      TCEWG Encryption Requirements (Vendor Survey Responses)
      EME: 6 Vendors,16 DESIRABLE FEATURES                                                                                                                                                      Page 18 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                      5/6/2012
Tape/Magnetic Media Encryption (T/MM)
A form of encryption for magnetic tape drives or media that are used for data or software program storage,
mainframe computer operations, archives, offsite storage, or backup libraries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        T/MM                                                                                                                                                          Voltage          Voltage                          McAfee/
        Technical and Functional Requirements by Category                                                                                           CheckPoint       SecureFile       SecureMail          PGP           SafeBoot             Sun           Credant
        Certification and Standards
  1       Product id Common Criteria Evaluatin Assurance level 4 (CC EAL4) certified                                                                     No               No               No               No               No               No          Not Applicable
  2       Product is CC EAL44 certified                                                                                                                  No               No               No               No               No               No          Not Applicable
  3       Product is CC EAL2 certified                                                                                                                   No               No               No               No               No               No          Not Applicable
  4       Product complies with governmental regulations, and the IEEE 1619.1.standard for tape drive security                                      Not Applicable   Not Applicable   Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable

        Usability and Security Features

  5       Product supports client controls that enable the organization to select which features are enabled, visible to the user, and enforced     Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable        Yes         Not Applicable

  6       Product process for encryption and decryption of data is configurable to be transparent to user                                           Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable        Yes         Not Applicable

          If the product offers optional encryption algorithms to be used for encryption, the product has the capability for the administrator to
  7                                                                                                                                                 Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable   Not Applicable   Not Applicable
          deactivate or 'grey out' undesirable or unauthorized options.

  8       Product supports single sign-on with trusted domains                                                                                      Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable        No          Not Applicable

        Scalability and Management Console Features
          The product's administrator management console is scalable to support large enterprise environments and integrates with existing
          technology investments and security layers, including content filtering and identity management solutions; bundled with e-mail
  9       hygiene, portal authentication systems, email archiving, storage area networks anti-virus/anti-spam, guaranteed read-receipts,            Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable        Yes         Not Applicable
          message expiration and locking, anti-phishing, SNMP monitoring, multifactor authentication, data leak prevention, content
          monitoring and filtering

          Product is available on an hardened appliance platform including hardware, operating system, supporting applications (including
 10                                                                                                                                                 Not Applicable   Not Applicable   Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable
          an embedded Certification Authority) and ongoing online updates.

        Integration and Interoperability Features
        (Supported operating system, hardware, firmware)
 11       Product supports integration to Active Directory                                                                                          Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable        No          Not Applicable

          Provides open application programming interfaces (APIs) or a software development kit (SDK) to support application integration;
 12                                                                                                                                                 Not Applicable   Not Applicable   Not Applicable   Not Applicable   Not Applicable        Yes         Not Applicable
          has the ability to adapt to varying key use APIs on diverse encryption endpoints

        Disaster Recovery, Continuity of Operations, eDiscovery
          Product has quorum-based or split key emergency recovery capabilities, which allow a master key to be split among several
 13                                                                                                                                                 Not Applicable   Not Applicable   Not Applicable   Not Applicable        Yes              Yes         Not Applicable
          trusted administrators; a quorum must be present to recover lost keys


      TCEWG Encryption Requirements (Vendor Survey Responses)
      T-MM: 7 Vendors, 16 DESIRABLE FEATURES                                                                                                                                                                                                                        Page 19 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                                                                                          5/6/2012
Tape/Magnetic Media Encryption (T/MM)
A form of encryption for magnetic tape drives or media that are used for data or software program storage,
mainframe computer operations, archives, offsite storage, or backup libraries.

NOTE: Shaded "Yes" cells indicate that the product possesses this desirable , but not required, feature.

Responses are reflected as received from the vendors;
neither DIR nor TCEWG have validated the accuracy of the responses.


        T/MM                                                                                                                   Voltage          Voltage                   McAfee/
        Technical and Functional Requirements by Category                                                    CheckPoint       SecureFile       SecureMail        PGP      SafeBoot   Sun    Credant
        General and Technical Support
 14       Product requires minimal or no user training to utilize the product                                Not Applicable   Not Applicable   Not Applicable     Yes       Yes      Yes   Not Applicable
 15       Vendor provides virtual web-based training for the product                                         Not Applicable   Not Applicable   Not Applicable   Unknown     Yes      Yes   Not Applicable

        Licensing and Costing
 16       Licenses include home-use rights                                                                   Not Applicable   Not Applicable   Not Applicable     No         No      No      Unknown




      TCEWG Encryption Requirements (Vendor Survey Responses)
      T-MM: 7 Vendors, 16 DESIRABLE FEATURES                                                                                                                                                         Page 20 of 20
      af78d087-ffe2-4639-a93b-0e98d992ff39.xls                                                                                                                                                           5/6/2012

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:5/6/2012
language:
pages:20