CESG Claims Tested Mark

The CESG Claims Tested Mark (abbreviated as CCT Mark or CCTM), formerly CSIA Claims Tested Mark,[1] is a UK Government Standard for computer security.

The CCT Mark is based upon framework where vendors can make claims about the security attributes of their products and/or services, and independent testing laboratories can evaluate the products/services to determine if they actually meet the claims. In other words, the CCT Mark provides quality assurance approach to validate whether the implementation of a computer security product or services has been performed in an appropriate manner.

History

The CCT Mark was developed under the auspices of the UK Government's Central Sponsor for Information Assurance[2] (CSIA), which is part of the Cabinet Office's Intelligence, Security and Resilience (ISR) function. The role of providing specialist input to the CCT Mark fell to CESG as the UK National Technical Authority (NTA) for Information Security, who assumed responsibility for the scheme as a whole on 7 April 2008.

Operation

All Testing Laboratories must comply with ISO 17025, with the United Kingdom Accreditation Service (UKAS) carrying out the accreditation.

Comparisons

The CCT Mark is often compared to the international Common Criteria (CC), which is simultaneously both correct and incorrect:

Future

As of September 2010, CESG have announced that the product assurance element of CCT Mark will be overtaken by the new Commercial Product Assurance (CPA) approach. It is unclear as yet whether CCT Mark will remain in existence for assurance of Information Security services.

External links

References

  1. FAQs About CCTM
  2. Central Sponsor for Information Assurance (CSIA)