The National Technical Authority
for Information Assurance

A to Z - A


No Items Listed


A validation of the security measures a system claims to employ.  Accreditation is usually conducted by an individual not involved in devising or implementing the controls.  Accreditation is cyclic, and will be conducted repeatedly (e.g. annually) on systems.  In most cases, Accreditation must take place before a system can be fully deployed.

See: Pan-Government Accreditation (PGA) service
Advanced Persistent Threat (APT)
An adversary with sophisticated technical expertise, considerable financial resource and a large and specialist workforce.  An APT will gather and combine information on its targets using a variety of intelligence methods, both human and technical.  The advanced persistent threat pursues its targets with determination, adapting to defenders’ efforts to resist it.  Once accesses are obtained, they are retained for considerable lengths of time.  All activities are concealed from even the most sophisticated of targets.

A private sector consultant approved by CESG to provide Information Assurance (IA) advice to government departments and other organisations who provide vital services to the United Kingdom.

See: CESG Listed Advisor Scheme (CLAS)
If large volumes of information (e.g. thousands of records in a database, or access to many databases) are compromised, the negative impact may be far greater than that of a compromise to a single record or handful of records.

Something of value to a business, whether it be knowledge, information, people or physical objects like servers and computers.
The confidence that controls perform the functions expected of them.  This confidence can be achieved either through trust in the manufacturer (Intrinsic Assurance) or by external testing (Extrinsic Assurance) (CESG).

See: CESG Assured Products Scheme (CAPS) or Commercial Products Assurance (CPA)

Assurance Maintenance
The processes and standards which keep CPA product certificates relevant as products are updated.

See: Commercial Product Assurance (CPA)
The submission of a biometric sample to a biometric system for identification or verification. A biometric system may allow more than one attempt to identify or verify.

See: Biometrics

Audit against the HMG IA Maturity Model.

See: IA Maturity Model
The process of verifying a claimed identity.

A process that grants or denies authority to use a system or service.
Ensuring timely and reliable access to information.