The government is preparing to pilot a kitemark standard for information security products.
Addressing delegates at last week’s information security conference in London, Harvey Mattinson, head of accreditation at the Cabinet Office’s central sponsor for information assurance unit, said the scheme, known as Claims Tested Mark (CCT), has been designed for all public sector users to give them confidence in buying security products.
Mattinson said existing schemes such as Common Criteria, a high-level encryption standard, “concentrated on confidentiality, but availability was more important at the low end”.
He added that existing security schemes were expensive, both in terms of time and cost, and were aimed at suppliers with significant resources.
CCT will cost suppliers no more than £20,000 and should take only 20 days’ testing, Mattinson said, which would open up certification for a larger number of companies.
David Lacey, director of security at the Royal Mail, who drove development of the BS7799 security specification, said, “7799 set up requirements for security products. CCT closes the loop as it provides an assurance that the product does what it claims.
“We will look to this scheme and would eventually expect our suppliers to put their products through CCT.”