CPA Testing
The CPA Scheme (Commercial Product Assurance) is a UK Government managed scheme that assures buyers of a certain level of IT Security and Information Assurance (IA). There will initially be two grades of certification - Foundation and Augmented. Foundation represents a basic level of confidence in security behaviours of a product. Augmented grade certification means that CESG evaluators have spent more time and effort investigating the product's working, and have required it to exhibit additional security properties. Enex Testlab is an approved testing laboratory for a range of products at the Foundation level of this scheme.
The scheme is administered by CESG which is the National Authority for Information Assurance and is part of GCHQ at Cheltenham. The CPA Scheme is due to go live on 1 April 2011. Go to www.cesg.gov.uk and follow the CPA link for detailed information.
How does it work?
The scheme is divided into 26 product groups. For each of these groups roughly 20 Security Characteristics will be identified that a product at Foundation level (the entry level) must have. Test laboratories such as Enex TestLab will examine products against the Security Characteristics for that product group, and will also audit the vendors’ Build Process, then produce a report to CESG who will determine whether or not a product can be certified under the CPA Scheme. Products that are then to be scrutinised under the Augmented section of the CPA Scheme will be examined by CESG staff.
What are the Benefits?
> Customer assurance
Your public sector customers can have complete assurance about the security characteristics of your product. This shortens the sales cycle for you and reduces the risk for them. It also automatically qualifies the product or service for entry on the MOD DIPCOG register of IA security products and services.
> Cost effective
The process is detailed and methodical but with the right test laboratory working with you it can also be efficient and cost effective.
> Independence
Enex Testlab is an independent testing laboratory approved by CESG to carry out these tests. This gives assurance to you and your customers
> Ease of use
The claims testing process also looks at ease of use, the accuracy of guidance documentation, and the on-going maintenance plan, thus giving additional levels of assurance to your customers.