Commercial Technologies Assurance

The Communications Security Establishment (CSE) provides a list of assured Information Technology (IT) products through two assessment programs in partnership with commercial evaluation facilities and international partners. Furthermore, an in-house capability exists for the evaluation of commercial products where additional assurance is warranted.

The Common Criteria (CC) program and the Cryptographic Module Validation Program (CMVP) certify products that provide greater IT security. These programs validate that the products have been built to CSE-recognized standards. As a result of these programs, there is a comprehensive list of products available for procurement across a range of technology classes, including operating systems, server applications, network appliances, authentication tokens, and mobile communication devices.

Image Common Criteria
Cryptographic Module Validation Program

The Common Criteria is an international program amongst 26 nations in which IT products are certified and mutually recognized against standard specifications (Protection Profiles). The Protection Profiles (PPs) represent the security assurance requirements for technology classes. CSE operates a product certification capability under this program referred to as the Canadian CC Scheme.

The Cryptographic Module Validation Program (CMVP) is a joint program between CSE and the US National Institute of Standards and Technology (NIST). The CMVP validates the cryptographic functionality of IT products against a standard specification (FIPS 140-2).