The CAPS Service helps private sector companies to develop cryptographic products for use by HMG and other appropriate organisations. CAPS evaluations are an involved and technical process that is best defined as a partnership between the developer and CESG.
CAPS is a UK HMG Service providing assured products for use by UK HMG, its agencies, and commercial enterprises working on behalf of UK HMG, where there is a need to protect UK HMG Protectively Marked information.
The CAPS Service provides verification of Cryptographic products to Government standards and formally approves their use by Central Government and the wider public sector. Cryptographic products evaluated under CAPS are assigned a ‘grade’. Those grades are:
- RESTRICTED / BASELINE
- CONFIDENTIAL / ENHANCED
- SECRET & ABOVE / HIGH GRADE
CAPS approved products are issued with a Certificate and Approval Letter detailing the level of cryptographic protection that they offer. CAPS approved products are listed on the CESG website and in the Directory of Infosec Assured Products.
Developers wishing to submit for evaluation products, systems or services that significantly rely on cryptography for their security.
- HMG Sponsor: The developer is required to provide written evidence from a sponsoring UK Government department to support their business case for CESG to evaluate the product.
- UK Presence: Any developer wishing to have a product evaluated under the CAPS Service must have an operational UK business presence.
- Site Security: For evaluations of products at grades higher than BASELINE grade, the company must also have been accredited under the UK Government’s List X scheme.
- Personnel Security: At BASELINE grade, it is usual to have one or two members of the development team cleared to the UK ‘SC’ level. For grades higher than BASELINE grade, more stringent personnel security procedures come into force.
- Access to Source Code: A CAPS evaluation depends on full and unfettered access to design documentation, source code, schematics, physical layout and other information normally treated as ‘company confidential’. CESG requires access to this material on CESG premises, without any restrictions on which evaluators may view it or when it may be viewed. It should be noted in particular that this requirement may also apply to third party intellectual property (IP) used in the product.
Delivery Timescale & Lead Time
CESG is pleased to announce that BlackBerry 7.1 OS has now been Approved.
Published on Friday 30 Nov 2012
CESG can confirm that the Nokia S60 Smartphone assessment has been completed
Published on Tuesday 22 Nov 2011
CESG is pleased to announce that 3 Eclypt Nano products have been CAPS Approved.
Published on Monday 21 Nov 2011
CESG is pleased to announce that L3-TRL Mini Catapan v1.3 and L3-TRL Enterprise Catapan v1.0 have now been CAPS Approved.
Published on Tuesday 04 Oct 2011
Barron McCannXK Confidential has now been CAPS approved.
Published on Friday 10 Jun 2011