The National Cyber Security Centre has renewed its certification for Becrypt Disk Protect. The Commercial Product Assurance (CPA) scheme is much sought after. Only 29 products have been certified since the scheme started. Certificates are valid for two years and allow vendors to update their products during that period.
Becrypt is the only software-based full-disk encryption scheme to win CPA certification. Getting a renewal is a major achievement. It means that Becrypt can apply to have Disk Protect listed on both NATO and EU product catalogues.
To achieve certification, Disk Protect had to demonstrate a number of security characteristics. There are 13 different tests that could be applied and the test labs chose the most appropriate for the product. They are rigorous and designed to seriously stress the products.
Dom Hume, Head of Product at Becrypt commented: “We are delighted that Disk Protect has been awarded the NCSC’s CPA certification for the third time, maintaining its unique position as the only software-based full-disk encryption product to have achieved this.
“The CPA scheme not only provides Becrypt’s customers with the confidence that Disk Protect is a high-quality encryption solution, but also that the Becrypt development and build processes demonstrate good commercial security practice. Becrypt has a reputation for quality and assurance which we are proud of and work hard to maintain.”
Enterprise Times: What does this mean
Getting the CPA certification once is no mean feat. To renew certification after product updates says a lot about the engineering processes at Becrypt. Companies often find it difficult to maintain standards as they add new features. In addition, for software products, there is always the concern of a third-party library, coding language or compiler vulnerability. Having successfully navigated all of this, the company will hope that this renewal brings a sales boost.
The NCSC is stepping up its role to help vendors improve the quality of their security solutions. That only 29 products from 19 vendors are CPA certified shows that this is not just a paper exercise. There will be those who complain that such a small number of successes shows the tests are too rigorous. However, in security, there is no such thing as too much rigour.