Commercial Product Assurance and Common Criteria

Are your software or hardware products used by governments or critical national infrastructure?

If so, carrying out a Foundation Grade assessment on your products will provide you and your customers with assurance that they meet the correct security standards needed to protect sensitive information. With a world class team of product evaluation experts, we have in-depth experience in supporting our clients through Commercial Product Assurance (CPA) and Common Criteria (CC).


Commercial Product Assurance (CPA)

The CPA scheme is designed to provide additional assurance to HMG when choosing commercial security products. The UK scheme is administered by NCSC, the Government’s National Technical Authority for Information Assurance.

CPA helps you to identify the appropriate level of assurance for your security product and differentiate it, so you stand out in a busy security marketplace.

Any capabilities that are sovereign requirements will be met by the CPA scheme, such as the evaluation of Smart Meters in the energy sector.

Contact us


Common Criteria (CC)

CC is an international standard for computer security certification. It is a set of guidelines and specifications developed for evaluating information security products.

There are an increasing number of mapping documents utilised in the CPA scheme that have the potential to allow a product to achieve Foundation Grade assurance through the completion of CC with a national Protection Profile (PP).

It is also now possible to get a Common Criteria (CC) certification from a CPA scheme thanks to an increasing number of mapping documents.

Where a product category has an international CC PP available, we are able to support you in evaluating CC against the equivalent CPA Security Characteristic (SC).

Contact us


What makes us different?

Deeper expertise and capability: NCC Group has one of the largest testing teams of its kind in the world – seasoned, accredited, professionals with many years of sustained practice in their areas of expertise. We use the most up-to date technologies in the market.

Industry experience: As an NCSC CPA-approved lab and with a wealth of experience from other NCSC schemes as well as an extensive knowledge of a huge range of technologies from embedded systems assessments, product reviews and source code review of mainstream software, we are well-placed to carry out this evaluation for you.

Flexibility: We operate a fully dynamic testing facility, deploying a dedicated project team to each evaluation. You will receive full support from both commercial and technical project leaders in order to help maximise the value and efficiency of your CPA evaluation.

Commercial awareness: NCC Group will help you to validate your products over those of your competition.

Contact us