The Commercial Product Assurance (CPA) scheme evaluates commercial off the shelf (COTS) products and their developers against published security and development standards. These CPA certified products can be used by government, the wider public sector and industry.
CPA consolidates previous CESG schemes
to provide simplified, certificate-based assurance of security products for use in lower threat environments.
“Approaches like CPA are important to keep the UK safe and secure in cyber space”,
Chloe Smith MP, Minister for Political and Constitutional Reform.
CPA and the new Government Classification Policy
The new Government Classification Policy has three assurance grades (OFFICIAL, SECRET and TOP SECRET).
The OFFICIAL Tier is expected to be used for the vast majority (approximately 80%) of information that is created or processed by Government and the Wider Public Sector.
CPA Foundation Grade aligns with the OFFICIAL Tier of the new Government Classification Policy and CPA products will be the default solution for this Tier.
CPA helps data owners
to deliver business whilst remaining safe against likely threats, confident that their security products meet the security standards of CESG - the National Technical Authority for Information Assurance.
By helping data owners, security officers and their suppliers to identify the appropriate level of assurance, CPA will drive up best-practice across the Government ICT estate.
The number of CPA certified security products has continued to climb, with products from Microsoft and Cisco achieving Foundation Grade status.
Published on Wednesday 17 Sep 2014
Cisco IPsec VPN gateway has recently been assessed under Commercial Product Assurance (CPA) and gained Foundation Grade certification.
Published on Friday 20 Jun 2014
Microsoft Windows Server 2012 gains Foundation Grade certification
Published on Monday 09 Jun 2014
Cryptify Call Version 3 - a voice encryption solution for Smartphones - has been accepted into the NATO Information Assurance Product Catalogue.
Published on Tuesday 04 Mar 2014
The first email encryption product to be included in the burgeoning list of Commercial Product Assurance certified products is Switch, from Egress Software Technologies.
Published on Monday 17 Feb 2014