|
|||||||||
|
| You are here: CESG > Products and Services >IACS > | |||||||||||||||||||||||
|
 CESG Tailored Assurance Service (CTAS)What is CTAS? Following a fundamental reassessment of CESG Assurance Services influenced by current threats to HMG IT systems and valuable feedback from customers, the CESG Tailored Assurance Service was introduced in June 2007. This new flexible service takes the best from and replaces the existing Fast Track and System Evaluation (SYSn) services. The SYSn documents are available by e-mailing IACS@cesg.gsi.gov.uk. It is designed to meet the needs of HMG Infosec Standard No.1 Residual Risk Assessment Method (IS1). The service is intended for a wide range of IT products and systems ranging from simple software components to national infrastructure networks. Therefore, a toolbox of activities is provided that enables each evaluation to be tailored as appropriate. A summary of these components is provided in the table below.
The Accreditors will decide which of these activities are most appropriate for their system. Furthermore, it will be possible to trade-off the effort required between the various activities depending on the risks. Note that it is not the intention to evaluate a whole system, just the key barriers and interfaces. Evaluations will be carried out by contractors approved by CESG to a specification detailed in the Security Target and Evaluation Work Programme. CESG will agree the scope and technical approach of the evaluation and will review the work of the contractor. CESG will also make recommendations on the significance of any issues that are discovered. The deliverables will be an Evaluation Report from the contractor and an Assessment Statement from CESG. The Evaluation Report summarises the results, lists any security vulnerabilities or major functionality errors, and highlights any additional residual risks and (where known) their business impact. Statements in the report regarding risks will make clear their relevance in the context of use of the product or system and identify whether they are generic to the product or due to a specific system configuration. The CESG Assessment Statement will confirm the extent to which the evaluation achieved the desired aims and summarise the significance of the main findings, highlighting any security risks or (where known) business impacts. It will describe the connection of the results to IS1 and any additional information that may be required. At this point the Tailored Assurance evaluation of the system or product is completed. An evaluation will generally have four phases:
Details of CTAS companies KPMG LLP POC : Martin Jordan Tel : 0207311 5386 mobile 07790 904245 fax 0207311 5836 Email : martin.jordan@kpmg.co.uk Website www.kpmg.co.uk Address : 8th Floor, 1 Canada Square, Canary Wharf, London E14 5AG NCC Group plc POC : Andy Hague Tel 01612095321 mobile 07773315293 fax 01612095222 Email andy.hague@nccgroup.com Website www.nccgroup.com Address : The Manchester Technology Centre, Oxford Road, Manchester M1 7ED NGS Software Ltd POC : Dave Litchfield Tel 0208401 0070 mobile 07881813792 fax 0208401 0076 Email dave@ngssoftware.com Website : www.ngssoftware.com Address : 52 Throwley Road, Sutton, Surrey, SM1 4BF |
||||||||||||||||||||||
 |
|||
|