The NCSC (formerly CESG) Tailored Assurance Service (CTAS) provides assurance on the IT security aspects of a system, product or service. The tailored evaluations address specific assurance questions and concerns posed by accreditors on behalf of risk owners. This better enables risk owners to make informed risk management decisions.
Customers will have a clear requirement from government and a government sponsor and could include MOD, Critical National Infrastructure (CNI) or the public sector.
A range of Information Assurance (IA) assets could be evaluated, from simple software components to national infrastructure networks.
Significant results from the evaluation, that may impact a business, are shown in an Assessment Statement.
- CTAS provides answers to specific assurance questions and concerns posed by the accreditors, on behalf of risk owners, typically at the pre-deployment stage.
- CTAS Principles and Methodology defines how CTAS evaluations are conducted.
- Key results that may impact business are highlighted in an Assessment Statement produced by the NCSC.
- CTAS will not, in general assess physical or personnel security other than specific aspects of the security environment requested by the accreditor.
- Accreditors make the final decisions on whether the risks are acceptable and must ensure that all aspects of security have been covered in accordance with their risk appetite.
- The evaluation service is provided by CTAS companies whose test laboratories have been approved for CTAS by the NCSC.
- You agree the cost for evaluation directly with the CTAS company, their fees include an evaluation charge by us.
- For each CTAS evaluation, we will work directly with the CTAS company selected by the Sponsor from those listed on our website.
Check the essentials before you apply for a tailored evaluation