CCT Mark
   HOME

TheInfoList



Click Here for Items Related To - CCT Mark
OR:
CCT Mark on:   [Wikipedia]   [Google]   [Amazon]

The CESG Claims Tested Mark (abbreviated as CCT Mark or CCTM), formerly CSIA Claims Tested Mark, is a UK Government Standard for
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
. The CCT Mark is based upon framework where vendors can make claims about the security attributes of their products and/or services, and independent testing laboratories can ''evaluate'' the products/services to determine if they actually meet the claims. In other words, the CCT Mark provides quality assurance approach to validate whether the implementation of a computer security product or services has been performed in an appropriate manner.


History

The CCT Mark was developed under the auspices of the UK Government's Central Sponsor for Information Assurance (CSIA), which is part of the Cabinet Office's Intelligence, Security and Resilience (ISR) function. The role of providing specialist input to the CCT Mark fell to CESG as the UK National Technical Authority (NTA) for Information Security, who assumed responsibility for the scheme as a whole on 7 April 2008.


Operation

All Testing Laboratories must comply with
ISO 17025 ISO/IEC 17025 General requirements for the competence of testing and calibration laboratories is the main ISO/IEC standard used by testing and calibration laboratories. In most countries, ISO/IEC 17025 is the standard for which most labs must ho ...
, with the United Kingdom Accreditation Service (UKAS) carrying out the accreditation.


Comparisons

The CCT Mark is often compared to the international
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...
(CC), which is simultaneously both correct and incorrect: *Both provide methods for achieving a measure of assurance of computer security products and systems *Neither can provide a guarantee that approval means that no exploitable flaws exist, but rather reduce the likelihood of such flaw being present *The Common Criteria is constructured in a layered manner, with multiple
Evaluation Assurance Level The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance ...
(EAL) specifications being available with increasing complexity, timescale and costs as the EAL number rises *Common Criteria is supported by a Mutual Recognition Agreement (MRA), which, at the lower EAL numbers at least, means that products tested in one country will normally be accepted in other markets *The CCT Mark is aimed at the same market as the lower CC EAL numbers (currently EAL1/2), and has been specifically designed for timescale and cost efficiency


Future

As of September 2010, CESG have announced that the product assurance element of CCT Mark will be overtaken by the new
Commercial Product Assurance Commercial Product Assurance (CPA) is a CESG approach to gaining confidence in the security of commercial products. It is intended to supplant other approaches such as Common Criteria (CC) and CCT Mark for UK government use. Organisation C ...
(CPA) approach. It is unclear as yet whether CCT Mark will remain in existence for assurance of
Information Security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
services.


External links


The official website of the CESG Claims Tested Mark


References

{{reflist Computer security procedures GCHQ Information assurance standards Internet in the United Kingdom