Commercial Product Assurance
   HOME

TheInfoList



Click Here for Items Related To - Commercial Product Assurance
OR:
Commercial Product Assurance on:   [Wikipedia]   [Google]   [Amazon]

Commercial Product Assurance (CPA) is a CESG approach to gaining confidence in the security of commercial products. It is intended to supplant other approaches such as Common Criteria (CC) and CCT Mark for UK government use.


Organisation

CPA is being developed under the auspices of the UK Government's CESG as the UK National Technical Authority (NTA) for Information Security.


Architectural patterns

CESG also produce Architectural Patterns which cover good practices for common business problems, which looks to use CPA product. Current Architectural Patterns include: * Walled Gardens for Remote Access * Mobile Remote End Point Devices * Data Import between Security Domains


Comparisons

In comparison to other schemes: *Unlike Common Criteria, there is no Mutual Recognition Agreement (MRA) for CPA, which means that products tested in the UK will not normally be accepted in other markets *Unlike the CCT Mark, the coverage of CPA is limited to Information Security products, and therefore excludes services. The target audience for CPA also appears to be focused on Central Government ("I'm protecting Government data")CESG CPA Home Page
{{webarchive, url=https://web.archive.org/web/20110519010243/http://www.cesg.gov.uk/products_services/iacs/cpa/index.shtml , date=2011-05-19 rather than including the Wider Public Sector (WPS) and Critical National Infrastructure (CNI) segments that were target customers for CCT Mark


References

Computer security procedures Evaluation of computers