CAPS helps private sector companies develop cryptographic products for use by HMG and other appropriate organisations. CAPS evaluations are an involved and technical process that is best defined as a partnership between the developer and CESG.
CAPS is a service providing assured products for use by UK HMG, its agencies, and commercial enterprises working on behalf of UK HMG, where there is a need to protect UK HMG Protectively Marked information.
CAPS provides verification of cryptographic products to Government standards and formally approves their use by Central Government and the wider public sector. Cryptographic products evaluated under CAPS are assigned a ‘grade’. Those grades are:
- RESTRICTED / BASELINE
- CONFIDENTIAL / ENHANCED
- SECRET & ABOVE / HIGH GRADE
CAPS approved products are issued with a Certificate and Approval Letter detailing the level of cryptographic protection that they offer. CAPS approved products are listed on the CESG website and in the Directory of Infosec Assured Products.
CAPS and the new Government Classification Policy
The anticipated new Government Classification Policy wil reduce the current 5-tier model to a 3-tier model (OFFICIAL, SECRET and TOP SECRET), under which CAPS High Grade will map directly to the TOP SECRET tier and CAPS Enhanced Grade to the SECRET tier.
Developers wishing to submit for evaluation products, systems or services that significantly rely on cryptography for their security.
- HMG Sponsor: The developer is required to provide written evidence from a sponsoring UK Government department to support their business case for CESG to evaluate the product.
- UK Presence: Any developer wishing to have a product evaluated under CAPS must have an operational UK business presence.
- Site Security: For evaluations of products at grades higher than BASELINE, the company must also have been accredited under the UK Government’s List X scheme.
- Personnel Security: At BASELINE, it is usual to have one or two members of the development team cleared to the UK ‘SC’ level. For grades above BASELINE, more stringent personnel security procedures come into force.
- Access to Source Code: A CAPS evaluation depends on full and unfettered access to design documentation, source code, schematics, physical layout and other information normally treated as ‘company confidential’. CESG requires access to this material on CESG premises, without any restrictions on which evaluators may view it or when it may be viewed. It should be noted in particular that this requirement may also apply to third party intellectual property (IP) used in the product.
Delivery Timescale & Lead Time
A new High Grade product using PRIME has completed its evaluation under the CESG Assisted Products Service (CAPS) Scheme.
Published on Monday 24 Feb 2014
MTM5400 is the latest product from Motorola that has successfully completed its Baseline evaluation.
Published on Wednesday 20 Nov 2013
Mini-CATAPAN Suite A v4.0 and Mini-CATAPAN Lite Suite A v1.0 have successfully completed their High-Grade evaluations.
Published on Wednesday 09 Oct 2013
CESG is pleased to announce the successful conformance testing of the first IP crypto using the PRIME standard – CESG’s strategic solution for encrypting communications carried over IP networks.
Published on Friday 13 Sep 2013