IT security kitemark pilot planned

The government is preparing to pilot a kitemark standard for information security products.

The government is preparing to pilot a kitemark standard for information security products.

Addressing delegates at last week’s information security conference in London, Harvey Mattinson, head of accreditation at the Cabinet Office’s central sponsor for information assurance unit, said the scheme, known as Claims Tested Mark (CCT), has been designed for all public sector users to give them confidence in buying security products.

Mattinson said existing schemes such as Common Criteria, a high-level encryption standard, “concentrated on confidentiality, but availability was more important at the low end”.

He added that existing security schemes were expensive, both in terms of time and cost, and were aimed at suppliers with significant resources.

CCT will cost suppliers no more than £20,000 and should take only 20 days’ testing, Mattinson said, which would open up certification for a larger number of companies.

David Lacey, director of security at the Royal Mail, who drove development of the BS7799 security specification, said, “7799 set up requirements for security products. CCT closes the loop as it provides an assurance that the product does what it claims.
“We will look to this scheme and would eventually expect our suppliers to put their products through CCT.”

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...