Commercial Product Assurance (CPA) is a CESG approach to gaining confidence in the security of commercial products.
It is intended to supplant other approaches such as Common Criteria (CC) and CCT Mark for UK government use.
CPA is being developed under the auspices of the UK Government's CESG[1] as the UK National Technical Authority (NTA) for Information Security.
CESG also produce Architectural Patterns which cover good practices for common business problems,[2] which looks to use CPA product.
Current Architectural Patterns include: In comparison to other schemes: