Commercial Product Assurance (CPA) certifies Commercial Security products for use by Government and the wider Public Sector. Assessment of products will be done against published Security Characteristics
In the anticipated new Government Security Classifications, CPA Products will be suitable for the ‘OFFICIAL’ Tier which covers the vast majority of the UK public sector’s data.
- Foundation Grade products demonstrate good commercial security practice and are suitable for lower threat environments.
Testing will be undertaken by an approved laboratory and certified by CESG. Product vendors will therefore contract directly with an approved laboratory
for this service.
Foundation Grade: The customer will agree the cost for product testing directly with the test laboratory. Test laboratory fees include a charge of £4000 per evaluation by CESG.
All vendors will be required to have a UK sales presence to qualify for CPA certification.
Vendors should discuss their requirement with one of the CESG approved CPA Test Laboratories
Products certified under existing schemes
Developers who currently have CESG assured products are invited to discuss the transition path into CPA during their next portfolio review meeting. Wherever possible, the previous assurance work will still retain value and could be used as part of the CPA assessment.
HMG IA policy changes
CESG Good Practice Guide 30 – available from the CESG enquiries
team or from the IA Policy Portfolio – describes the changes that are being made to support CPA.
CESG Seeks Industry Security Product Developers.
Published on Tuesday 09 Oct 2012
CESG would like to thank all Vendors and Test Labs who assisted in making this possible.
Published on Tuesday 29 May 2012
Feedback from attendees at CESG's annual event for Information Assurance Practitioners in both HMG and industry.
Published on Tuesday 13 Mar 2012
Becrypt DISK Protect awarded first certificate under the CESG Commercial Product Assurance Scheme (CPA)
Published on Thursday 01 Mar 2012
Relationship between the CPA and Common Criteria IA certification schemes.
Published on Tuesday 28 Feb 2012