As part of further development of the Commercial Product Assurance (CPA) Scheme, CESG is looking for security product developers to pilot and verify Security Characteristics covering:
Our objectives are to test that the mitigations within the Security Characteristic (SC) are workable in practice, provide experience to the test labs in the assurance of products, and add additional certified products to the CPA Foundation Grade assured products catalogue.
To achieve this, CESG will invite costed proposals from CPA Test Labs to test the SCs against vendor products that are down selected as part of this process. CESG will select at least one product for each SC and successful completion of the process will result in the product being awarded a CPA Foundation Grade Certificate.
CPA certification at Foundation grade is a recognised assurance mark for public sector customers requiring commercial off the shelf (COTS) products for lower threat deployments where modification for government use and CESG key material is not necessary.
Organisations wishing to put a product forward should in the first instance examine the relevant Security Characteristic to determine if their product has the potential to meet the standard. Organisations then wishing to be considered should complete the relevant assessment
questionnaire (DOC 48KB).
To apply developers must:
- Have an established UK sales presence and the product must be commercially available in the UK at the time of application
- Be able to start assessment within 2 months of the decision to proceed.
- Be willing to meet any internal costs of assessment.
- Be willing to allow a CESG-selected test lab to perform assessment of their product and build standards.
CESG is keen to see small and medium-sized enterprises as well as ‘Not-For-Profit’ organisations and deveopers of open source applications apply.
Applications should be received by 02 November 12 noon. Applications received after this time will not be considered. Final decisions on which products will be taken forward to assessment will be made by: 12 November 2012.
Nothing herein, or in any communication made between GCHQ and any potential developer in connection with this notice, shall be relied upon as constituting a contract, agreement or representation that any contract shall be offered in accordance herewith. GCHQ reserves the right, to change without notice the basis of, or the procedures for, the application process or to terminate the process at any time.