Commercial Product Assurance

Commercial Product Assurance ( CPA ) is a CESG approach to gaining confidence in the security of commercial products.

It is Intended to supplant other approaches Such As Common Criteria (CC) and CCT Mark for UK government uses.


The UK Government’s CESG [1] is the UK’s National Technical Authority (NTA) for Information Security.

Architectural patterns

CESG also produces Architectural Patterns which cover good practices for common business problems, [2] which looks to use CPA product.

Current Architectural Patterns include:

  • Walled Gardens for Remote Access [3]
  • Mobile Remote End Point Devices [4]
  • Data Import between Security Domains [5]


In comparison to other schemes:

  • Common Criteria, There is no Mutual Recognition Agreement (MRA) for CPA, which will be tested in other markets
  • Unlike the CCT Mark, the coverage of CPA is limited to Information Security products, and therefore excludes services. The target audience for CPA aussi Appears to be Focused on Central Government ( “I’m protecting Government data”) [6] Rather than Including the Wider Public Sector (WPS) and Critical National Infrastructure (CNI) That Were segments target customers for CTC Mark


  1. Jump up^ CESG Home Page
  2. Jump up^ “CPA (reference to Architectural Patterns)” . CESG . Retrieved 24 January 2013 .
  3. Jump up^ “Reference to Walled Gardens for Remote Access” (PDF) . CESG . Retrieved 24 January 2013 .
  4. Jump up^ “Reference to Mobile End Point Devices” (PDF) . CESG.
  5. Jump up^ “Reference to Data Import between Security Domains” . Cabinet Office . Retrieved 24 January 2013 .
  6. Jump up^ CESG CPA Home ArchivedPage2011-05-19 at theWayback Machine.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2019
Shale theme by Siteturner