How to Modify the CPA Security Characteristics

25 April 2019

Following a BEIS consultation, the SEC places the responsibility for maintaining the Security Characteristics (SCs) with the SSC. Security Characteristics are used so that product developers and purchasers can understand which security functions are being assessed by the test laboratories.

In considering any SC Modification Requests, the SSC will follow the broad principles and processes of the SEC Modification process but will also involve non-SEC Parties in the review and impact analysis and can be found here.

Any party such as a Device Manufacturer, test laboratory, Trade Body or SEC Party may propose a SC Modification Request.  However, the SSC will expect such a Proposer to have obtained the support of one or more SEC Parties before progressing the SC Modification Request.

The Commercial Product Assurance Security Characteristics are not SEC documents, since NCSC retain overall responsibility for sign-off and publishing the CPA Security Characteristics.

The full methodology of to achieving modifications to the Security Characteristics can be found here.