Confidence in the security of these services is provided by assessment against predefined Service Requirements which define what a good service looks like for each specific Service type.
Procuring a certified commodity service
If you wish to procure a Certified Service, please see the current list by using the View All option at the base of the page.
Having your commodity service assessed
Service Requirements (see Downloads tab) describe the properties we expect a Service to exhibit, using policy and guidance and our understanding of technologies being employed.
- Only Services which include a security-enforcing function will be assessed
- All vendors are required to have a UK sales presence
- Service Providers will need to understand the Service Requirement that relates to their Service and ensure that their Service is developed to support those requirements
- Independent Evaluation Facilities (the CAS companies) approved by the NCSC carry out the assurance assessment. Here is a very quick overview of the process. Relevant documents can be found under the Downloads tab or collected here.
- Service Providers are expected to provide technical assistance to our evaluation partners (the CAS companies) during assessment to ensure a good understanding of the entire Service provision undergoing assessment
Assessments against Service Requirements are normally undertaken by one of our approved companies and certified by us. Service Providers should contract directly with a CAS company. In special cases, for example assessments against the PKI CA Service Requirement, we undertake the assessment and certification. For general enquiries please contact the NCSC Enquiries team.