Developers may incorporate appropriate NCSC (formerly CESG) cryptographic or public domain algorithms in their products and submit them for evaluation by CAPS. Once accepted, and following initial discussions between ourselves and the developer, a Consultancy and Advice contract gives companies access to our knowledge, skills and experience in the field of Information Assurance, supplemented by a range of guidance documentation before products enter full evaluation.
Once approved, products are issued with a certificate and/or approval letter detailing the level of cryptographic protection they offer, and are also listed on this website.
- HMG sponsor1: The developer is normally required to be sponsored by a UK Government department to support their business case for the NCSC to evaluate the product.
- UK presence: Any developer wishing to have a product evaluated under CAPS must have an operational UK business presence.
- Site security: The company must also have been accredited under the UK Government's List X scheme.
- Personnel security: Stringent security procedures, possibly including the need for some staff to hold Developed Vetting (DV) clearance, are required.
- Access to source code: A CAPS evaluation depends on full and unfettered access to design documentation, source code, schematics, physical layout and other information normally treated as "company confidential". We require access to this material on our premises, without any restrictions on which evaluators may view it or when it may be viewed. It should be noted in particular that this requirement may also apply to third party intellectual property (IP) used in the product.
1 The developer is normally required to be sponsored by a UK Government department to support their business case for the NCSC to evaluate the product.