The CESG Tailored Assurance Service (CTAS) is intended to provide assurance for a wide range of HMG, MOD, Critical National Infrastructure (CNI) and public sector customers procuring IT systems, products and services, ranging from simple software components to national infrastructure networks.
The purpose of CTAS is to provide answers to specific assurance questions and concerns posed by the Accreditors, typically at the pre-deployment stage. These questions are addressed by a tailored evaluation performed by a CTAS Company and key results that may impact business are highlighted in an Assessment Statement produced by CESG.
CTAS terminology is defined in the CTAS Glossary on the CESG website.
Note: although CTAS answers and results will form one input to accreditation, CTAS will not in general assess physical or personnel security other than specific aspects of the security environment requested by the Accreditor. Accreditors must make final decisions on whether the risks are acceptable and it is their responsibility to ensure that all aspects of security have been covered to their satisfaction (i.e. within their risk appetite).
A CTAS evaluation provides a view of assurance on the IT security attributes of a system, product or service and will be carried out by a company having a CESG-approved test laboratory with CTAS capability. The scope of the evaluation is specified in a Security Target and the range of evaluation activities is detailed in an Evaluation Work Programme. The Accreditor and CESG, with other key stakeholders, will agree the scope and technical approach of the evaluation and will review the CTAS activities and results documented in an Evaluation Report. At the end of the evaluation, CESG will issue a CTAS Assessment Statement to the Accreditor on the results of the evaluation, making recommendations on the significance of any issues that are discovered.
Note:For a given CTAS evaluation, CESG will only work directly with the CESG-approved CTAS Company selected by the Sponsor from those listed on the CESG website.
- CTAS evaluations answer the Accreditor’s assurance questions
- CTAS evaluations provide assurance in a tailored fashion
- CTAS evaluations ensure that assurance activities meet HMG/MOD/Wider Public Sector (et al) sponsor requirements
- CTAS evaluations are carried out in an efficient manner
- CTAS maintenance provides continued assurance to evaluated configurations by understanding and assessing changes in an efficient and tailored manner.
A CTAS evaluation has two phases as detailed in the CTAS Principles and Methodology. These may be followed by an optional Maintenance Phase:
- Preparation: Production and agreement of Security Target (ST) and detailed Evaluation Work Programme (EWP), including associated Activity Plans. Production of outline Assurance Maintenance Plan (AMP)
- Evaluation: Evaluation of the TOE by CTAS Company in accordance with the ST and detailed EWP. Production of Evaluation Report, draft AMP and CESG Assessment Statement
- Maintenance: Reviews and Audits of changes in TOE derivatives in accordance with AMP.
The Preparation Phase has two distinct Stages:
- Definition: Production and agreement of ST, outline EWP and outline Test Plan. Production of outline AMP
- Planning: Production of detailed activity plans for Document Review, Audit, Analysis (e.g. code reviews and cryptographic analysis) and Test activities. Agreement of detailed EWP.
The Evaluation Phase has two separate Stages:
- Activity: Document Review, Audit, Analysis and Test activities as specified in the EWP
- Reporting: Production of the CTAS Evaluation Report and draft AMP by the CTAS Company and production of Assessment Statement by CESG
The Maintenance Phase is recommended by CESG and is an optional, iterative phase that implements the selected maintenance activities for low-risk TOE changes. A Maintenance Phase cycle can
- Activity: Maintenance Review and Maintenance Audit activities, including review of Security Impact Analysis, as specified in the AMP
- Reporting: Production of Assurance Maintenance Reports and CESG reviews as required by the AMP; Review of AMP and re-evaluation triggers.
A diagram of the Evaluation process showing the Evaluation phases and stages is included in the CTAS Principles and Methodology
(PDF 56KB - v1.0, 26 July 2012).
Note: The CTAS Company cannot proceed from one phase or stage to the next until the previous phase or stage has been completed by agreement from all key stakeholders for specific milestones. For example: the Planning stage cannot proceed until the Security Target and outline EWP have been agreed by all stakeholders including the Accreditor and CESG in the Definition stage; the Maintenance phase cannot proceed until an AMP has been agreed and the Evaluation phase completed. A new Maintenance Activity stage cannot start until the previous Evaluation or Maintenance Reporting stage has been completed and an outline Security Impact Analysis (SIA) produced.
The customer will agree the cost for evaluation directly with the CTAS Company <Link to CTAS Companies page>. CTAS Company fees include a charge per evaluation by CESG.
An Accreditor is identified, has requested a CTAS Evaluation and is committed to being involved in the whole process.
A Risk Analysis has been completed in accordance with the Accreditors requirements and can be provided to CESG on request (e.g in the form of an RMADS or IS1 Risk analysis).
A Project Plan is available indicating key milestones against dates, stakeholders including their contact details and any dependencies on CESG resources.
A High-level System Architecture is available and can be provided to CESG on request.
Note: In the case of Products this may take the form of a ‘deployment architecture’ or may not be relevant.
A list of all sub-systems and products (COTS and bespoke) that are relevant to the TOE is available and can be provided to CESG on request.
A pre-application checklist
(PDF 49KB), detailing key points for consideration prior to submission of a CTAS, can be found here.
Potential customers should discuss their requirement with one of the CTAS Company
Changes from the Previous CTAS
As a result of an internal CESG review a number of changes have been introduced and a set of CTAS principles have been defined.
The details and supporting processes of the new methodology, as well as the new principles, are explained within the CTAS Principles and Methodology
(PDF 56KB - v1.0, 26 July 2012), but a summary now follows;
- Companies wishing to offer CTAS evaluation services are now permitted to apply at any time if they can fulfil the service requirements.
- The underlying contract for CTAS evaluations has been changed to increase scheme efficiency and follow a similar model to other CESG schemes.
- The process to conduct an evaluation has been split into two distinct phases. Transition to the second phase will not be permitted until the first phase has been formally completed.
- An evaluation activity will not be permitted to start until the relevant detailed activity plan has been agreed by all relevant stakeholders.
- CESG has defined a set of scheme templates to ensure that key information is captured during an evaluation.
- An Assurance Maintenance Plan (AMP), to assist ongoing assurance maintenance activities, will be drafted by the CTAS Company as one of the evaluation outputs