CPA scheme library

Created:  29 Sep 2016
Updated:  30 May 2018
This collection holds various documents that relate to the Commercial Product Assurance (CPA) scheme.

Please note that you won't find the following template documents here because they are supplied direct to the test laboratories:

  •  CPA Assurance Plan
  •  CPA Build Standard Validation Report
  •  CPA Evauation Summary Report
  •  CPA Assurance Maintenance Plan
  •  CPA Security Procedures

General CPA documents

  1. Process for performing CPA Foundation Grade evaluations

    This document details the process for performing a CPA Foundation Grade evaluation of a commercial security product.

  2. The CPA Build Standard

    This document describes the engineering principles and practices product developers are expected to follow to create a good quality, secure product under the Commercial Product Assurance (CPA) scheme.

  3. CPA International Recognition

    This document describes the relationship between the Commercial Product Assurance (CPA) and (Common Criteria) schemes.

  4. MIKEY-SAKKE SRTP Profile Technical Specification

    This document profiles the use of MIKEY-SAKKE to provision Secure Real-Time Transfer Protocol (SRTP) with key material suitable for protection at the 112-bit security level.

  5. Overview of the CPA and CAS processes

    Diagram giving an overview and explanatory notes for the CPA and CAS assessment processes and an indication of the timescales involved.

CPA documents for test laboratories

  1. CESG Test Laboratory General Operational Requirements

    Generic operational requirements for test laboratories wishing to test under any of the NCSC assurance schemes.

  2. CPA Test Laboratory Application Questionnaire

    This document is the application form for all laboratories wishing to become NCSC-approved Test Labs under the Commercial Product Assurance (CPA) scheme.

CPA Security Characteristics

  1. Security Characteristics collection

    Security Characteristics (SCs) for use with Commercial Product Assurance (CPA) assessments. Product developers and purchasers can use these to fully understand what security functions have been assessed by the test labs.


Was this document helpful?

We need your feedback to improve this content.

Yes No