Commercial Product Assurance

Last updated

Commercial Product Assurance (CPA) is a CESG approach to gaining confidence in the security of commercial products.

Contents

It is intended to supplant other approaches such as Common Criteria (CC) and CCT Mark for UK government use.

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

Organisation

CPA is being developed under the auspices of the UK Government's CESG [1] as the UK National Technical Authority (NTA) for Information Security.

GCHQ British intelligence agency

Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance to the government and armed forces of the United Kingdom. Based in "The Doughnut" in the suburbs of Cheltenham, GCHQ is the responsibility of the country's Secretary of State for Foreign and Commonwealth Affairs, but it is not a part of the Foreign Office and its director ranks as a Permanent Secretary.

Architectural patterns

CESG also produce Architectural Patterns which cover good practices for common business problems, [2] which looks to use CPA product.

Current Architectural Patterns include:

Comparisons

In comparison to other schemes:

Related Research Articles

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of directly executable code, scripts, so-called "active content", and other forms of data. Some kinds of malware are largely referred to in the media as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug.

In computing, iSCSI is an acronym for Internet Small Computer Systems Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. It provides block-level access to storage devices by carrying SCSI commands over a TCP/IP network. iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. It can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval.

Virtual private network Allows a private network to go through a public network

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security. One is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy. Another context is to refer to an application of a computer that will require the computer to be strong enough to protect itself from subversion and possess adequate mechanisms to separate information domains, that is, a system we must trust. This distinction is important because systems that need to be trusted are not necessarily trustworthy.

The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.

A federal enterprise architecture framework (FEAF) is the U.S. reference enterprise architecture of a federal government. It provides a common approach for the integration of strategic, business and technology management as part of organization design and performance improvement.

Cisco Certifications are the list of the Certifications offered by Cisco Systems. There are four or five(path to network designers) levels of certification: Entry (CCENT), Associate (CCNA/CCDA), Professional (CCNP/CCDP), Expert (CCIE/CCDE) and recently Architect, as well as nine different paths for the specific technical field; Routing & Switching, Design, Industrial Network, Network Security, Service Provider, Service Provider Operations, Storage Networking, Voice, Datacenter and Wireless.
There are also a number of the specialist technician, sales, Business, data center certifications, CCAI certified instructor.

In information technology, data architecture is composed of models, policies, rules or standards that govern which data is collected, and how it is stored, arranged, integrated, and put to use in data systems and in organizations. Data is usually one of several architecture domains that form the pillars of an enterprise architecture or solution architecture.

Mobile app development is the act or process by which a mobile app is developed for mobile devices, such as personal digital assistants, enterprise digital assistants or mobile phones. These applications can be pre-installed on phones during manufacturing platforms, or delivered as web applications using server-side or client-side processing to provide an "application-like" experience within a Web browser. Application software developers also must consider a long array of screen sizes, hardware specifications, and configurations because of intense competition in mobile software and changes within each of the platforms. Mobile app development has been steadily growing, in revenues and jobs created. A 2013 analyst report estimates there are 529,000 direct app economy jobs within the EU 28 members, 60% of which are mobile app developers.

Rambutan is a family of encryption technologies designed by the Communications-Electronics Security Group (CESG), the technical division of the United Kingdom government's secret communications agency, GCHQ.

Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers and laptops. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices.

The CESG Claims Tested Mark, formerly CSIA Claims Tested Mark, is a UK Government Standard for computer security.

Enterprise mobility management (EMM) is the set of people, processes and technology focused on managing mobile devices, wireless networks, and other mobile computing services in a business context. As more workers have bought smartphone and tablet computing devices and have sought support for using these devices in the workplace, EMM has become increasingly significant.

Blancco Ltd. is an international data security company that specializes in data erasure and computer reuse for corporations, governments and computer remarketing companies. Founded and headquartered in Joensuu, Finland, the company operates from offices across Europe, North America, The Middle East, Russia, Asia and Australasia. Blancco is a wholly owned subsidiary of Regenersis, a strategic outsourcing company to consumer technology companies.

HMG Information Assurance Standard No.1, usually abbreviated to IS1, is a security standard applied to government computer systems in the UK.

Mobile security, or more specifically mobile device security, has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.

2X Software

2X Software was a Maltese software company specializing in virtual desktop, application virtualization, application delivery, Remote Desktop Services, remote access and Mobile Device Management. On 25 February 2015, 2X Software was acquired by Parallels, Inc. The 2X products, Remote Application Server and Mobile Device Management, are now included in Parallels (company) offering.

Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.

References

  1. "CESG Home Page". Archived from the original on 2004-07-11. Retrieved 2010-09-26.
  2. "CPA (reference to Architectural Patterns)". CESG. Archived from the original on 5 February 2013. Retrieved 24 January 2013.
  3. "Reference to Walled Gardens for Remote Access" (PDF). CESG. Archived from the original (PDF) on 15 November 2012. Retrieved 24 January 2013.
  4. "Reference to Mobile Remote End Point Devices" (PDF). CESG. Archived from the original (PDF) on 2012-11-15. Retrieved 2013-02-03.
  5. "Reference to Data Import between Security Domains". Cabinet Office. Archived from the original on 18 December 2012. Retrieved 24 January 2013.
  6. CESG CPA Home Page Archived 2011-05-19 at the Wayback Machine