The National Technical Authority
for Information Assurance

CPA


Enquiries

01242 709141
enquiries@cesg.gsi.gov.uk

 

more contact info...

You are here: Home > Service Catalogue > CPA

Commercial Product Assurance (CPA)

Service Description

Commercial Product Assurance (CPA) certifies Commercial Security products for use by Government and the wider Public Sector. Assessment of products will be done against published Security Characteristics.
 
In the anticipated new Government Security Classifications, CPA Products will be suitable for the ‘OFFICIAL’ Tier which covers the vast majority of the UK public sector’s data.
 
 
  • Foundation Grade products demonstrate good commercial security practice and are suitable for lower threat environments.
     

Product assurance

Foundation Grade: Testing will be undertaken by an approved laboratory and certified by CESG. Product vendors will therefore contract directly with an approved laboratory for this service.
  

Service Costs

Foundation Grade: The customer will agree the cost for product testing directly with the test laboratory. Test laboratory fees include a charge of £4000 per evaluation by CESG.
  

Service Pre-requisites

All vendors will be required to have a UK sales presence to qualify for CPA certification.
 
Foundation Grade: Vendors will need to understand the Security Characteristics that relate to their product, ensure that their product is developed to support those characteristics and meet the requirements of the Foundation Grade Build Standard.
 

Order process

Foundation Grade: Vendors should discuss their requirement with one of the CESG approved CPA Test Laboratories.
 
General Enquiries: Please contact CESG enquiries.
 

Products certified under existing schemes

Developers who currently have CESG assured products are invited to discuss the transition path into CPA during their next portfolio review meeting. Wherever possible, the previous assurance work will still retain value and could be used as part of the CPA assessment.​
 

HMG IA policy changes

CESG Good Practice Guide 30 – available from the CESG enquiries team or from the IA Policy Portfolio – describes the changes that are being made to support CPA.
 

Latest Updates

CESG Seeks Industry Security Product Developers to Verify CPA Security Characteristics

CESG Seeks Industry Security Product Developers.

Published on Tuesday 09 Oct 2012

CPA Security Characteristics Review

CESG would like to thank all Vendors and Test Labs who assisted in making this possible.

Published on Tuesday 29 May 2012

IA Practitioners' Event 2012 is a great success

Feedback from attendees at CESG's annual event for Information Assurance Practitioners in both HMG and industry.

Published on Tuesday 13 Mar 2012

Becrypt DISK Protect CPA certified

Becrypt DISK Protect awarded first certificate under the CESG Commercial Product Assurance Scheme (CPA)

Published on Thursday 01 Mar 2012

Commercial Product Assurance - International Aspects

Relationship between the CPA and Common Criteria IA certification schemes.

Published on Tuesday 28 Feb 2012

Contact us    |     Site map    |     Accessibility    |     Terms & conditions    |     RSS feeds
© Crown Copyright 2013