Commercial Product Assurance

Commercial Product Assurance (CPA) is a CESG approach to gaining confidence in the security of commercial products.

It is intended to supplant other approaches such as Common Criteria (CC) and CCT Mark for UK government use.

Organisation

CPA is being developed under the auspices of the UK Government's CESG[1] as the UK National Technical Authority (NTA) for Information Security.

Architectural patterns

CESG also produce Architectural Patterns which cover good practices for common business problems,[2] which looks to use CPA product.

Current Architectural Patterns include:

  • Walled Gardens for Remote Access[3]
  • Mobile Remote End Point Devices[4]
  • Data Import between Security Domains[5]

Comparisons

In comparison to other schemes:

  • Unlike Common Criteria, there is no Mutual Recognition Agreement (MRA) for CPA, which means that products tested in the UK will not normally be accepted in other markets
  • Unlike the CCT Mark, the coverage of CPA is limited to Information Security products, and therefore excludes services. The target audience for CPA also appears to be focused on Central Government ("I'm protecting Government data")[6] rather than including the Wider Public Sector (WPS) and Critical National Infrastructure (CNI) segments that were target customers for CCT Mark
gollark: Well, I have a *monitor* connected to my laptop, but the difference is really just screen size.
gollark: You can plug computers into TVs trivially.
gollark: This is especially attractive given current semiconductor product shortages.
gollark: They are sold below cost to make back money on the games.
gollark: The UK median household income is £30000. This is sufficient to buy 15 RTX 3090s, which is a good use of money. Unfortunately I don't actually get that much.

References

  1. "CESG Home Page". Archived from the original on 2004-07-11. Retrieved 2010-09-26.
  2. "CPA (reference to Architectural Patterns)". CESG. Archived from the original on 5 February 2013. Retrieved 24 January 2013.
  3. "Reference to Walled Gardens for Remote Access" (PDF). CESG. Archived from the original (PDF) on 15 November 2012. Retrieved 24 January 2013.
  4. "Reference to Mobile Remote End Point Devices" (PDF). CESG. Archived from the original (PDF) on 2012-11-15. Retrieved 2013-02-03.
  5. "Reference to Data Import between Security Domains". Cabinet Office. Archived from the original on 18 December 2012. Retrieved 24 January 2013.
  6. CESG CPA Home Page Archived 2011-05-19 at the Wayback Machine
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.