|
|
The provision of design consultancy for developers and vendors of
products utilising cryptographic security measures still remains part
of the CAPS scheme and is available via the CAPS office. From 1 April
2003, CAPS will be focusing solely on developing solutions with industry
and can provide expert consultancy for products that have yet to be
developed or that will need modification to meet UK Government standards.
The actual evaluation of a COTS cryptographic product that would have
gone through the CAPS scheme will, from 1 April 2003, be the responsibility
of IACS. The IACS Cryptographic evaluation provides cryptographic
verification of these products to government standards and formally
approves their use by HMG and other public sector organisations.
Products can address all HMG cryptographic requirements. Cryptographic
products are graded in terms of three cryptographic protection levels
– Baseline, Enhanced and High Grade. Where the required use is for
information below RESTRICTED, but still sensitive i.e. PRIVATE, CESG
recommends the use of FIPS-140 approved products. FIPS-140 is a US
standard that has recently been recognised in the UK and the first
UK lab has already been accredited. CESG approved products are issued
a certificate detailing the level of cryptographic protection the
product offers. The certificate will include the CESG logo.
Results of cryptographic testing can be incorporated into formal CC
or ITSEC evaluations.
CESG approval is only for those cryptographic mechanisms identified
in the scope of the evaluation and does not imply that any other cryptographic
mechanism not identified or any non-cryptographic features the product
may provide have been examined or approved by CESG.
The sale of approved cryptographic products is subject to approval
by CESG - to ensure that cryptographic products are going to appropriate
recipients and that the implementation of cryptography requested is
appropriate to the requirement. |
