Commercial Product Assurance (abbreviated as CPA) is (as of September 2010) an emergent UK Government Standard for computer security

Computer security

Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

.

It is intended to supplant other approaches such as Common Criteria

Common Criteria

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification...

 (CC) and CCT Mark for UK government use.

Organisation

CPA is being developed under the auspices of the UK Government's CESG as the UK National Technical Authority (NTA) for Information Security.

Comparisons

In comparison to other schemes:

• Unlike Common Criteria, there is no Mutual Recognition Agreement (MRA) for CPA, which means that products tested in the UK will not normally be accepted in other markets
• Unlike the CCT Mark, the coverage of CPA is limited to Information Security products, and therefore excludes services. The target audience for CPA also appears to be focused on Central Government ("I'm protecting Government data") rather than including the Wider Public Sector (WPS) and Critical National Infrastructure (CNI) segments that were target customers for CCT Mark