View Products Back to Categories
What is CAPSS Assurance?
The CAPSS (Cyber Assurance of Physical Security Systems) assurance programme is an evaluation scheme whereby physical security products (both hardware and software) are assured against a cyber evaluation standard. Products that pass this standard are then published into NPSA’s Catalogue of Security Equipment.
Sites looking to procure Physical Security systems can choose a product from the catalogue knowing it has successfully achieved a reasonable level of cyber mitigation assurance and the evaluation has been undertaken by an independent test laboratory.
CAPSS does not assure the operational functionality of the product, only the cyber mitigations that protect that product.
Sites should ensure the product meets their operational requirements either by choosing a product that also features in a functional CSE chapter (if one exists) or by performing their own functional assessment of the product.
What is the CAPSS Standard?
The CAPSS standard (also known as the CAPSS Security Characteristic) has been developed jointly by NPSA and NCSC and is designed to provide assurance to IP network connected physical security devices and software.
The CAPSS standard has undergone several iterations since inception. These are shown below: Standards marked as “Deprecated” are no longer used in evaluations. Standards marked as active are available to be used in evaluations. Note: When a product is submitted for evaluation, the latest published standard will be utilised.
Standard Name | Active/Deprecated | Publication Date | Deprecated Date |
---|---|---|---|
CAPSS v2 | Deprecated | Jan 2015 | Mar 2023 |
CAPSS 2019 | Active | Jan 2019 | Jan 2025 |
CAPSS 2021 | Active | Jan 2021 | Jan 2027 |
CAPSS 2022 | Active | Jan 2022 | Jan 2028 |
CAPSS 2023 | Active | Jan 2023 | Jan 2029 |
CAPSS 2024 | Active | Jan 2024 | Jan 2030 |
Key points to note:
- The CAPSS standard is reviewed and updated annually. A new version is issued in January of each year.
- The standard utilised in an evaluation is shown in the CSE entry and indicates to the prospective purchaser the currency of the evaluation.
- Any changes made as part of the annual review process are documented in the appendices of the current standard.
- On passing a CAPSS evaluation the manufacturer is awarded a CAPSS NPSA trademark showing the CAPSS standard it was tested to:
- On average, CAPSS takes 6-12 months to complete.
What Products can be CAPSS Assured?
Any IP connected physical security device can be CAPSS assured, example products eligible for undergoing CAPSS assurance are:
- Automated Access Control systems (AACS)
- Intrusion detection systems (IDS)
- Perimeter Intrusion Detection Systems (PIDS)
- Security Management System (SMS)
- Video Management Systems (VMS)
- Video Surveillance System (VSS) Cameras
General IT infrastructure products such as networking equipment e.g. switches, routers or firewalls are not eligible for CAPSS evaluations.
Products hosted exclusively in the cloud are under review and not being evaluated at this time.
CAPSS Evaluations
CAPSS evaluations are pass or fail and no further grading is applied.
A CAPSS evaluation involves both technical and build standard assessment. This assures the products development processes, including a company’s configuration management, change control process, and flaw remediation processes.
The Technical requirements cover:
- Physical Security
- Secure Configuration
- Network Security
- Authentication Management
- Monitoring
Under each of these technical areas, there are three main parts where manufacturers must provide evidence of cyber mitigations within their product being assured, these cover:
- Development Documentation – This demonstrates the product has been built with cyber security in mind from the development stage.
- Technical Verification – An independent test laboratory will assure that the claimed cyber mitigations technically work as designed.
- Deployment Documentation – This demonstrates the manufacturer has provided clear comprehensive hardening guidance for installers to ensure the product is deployed securely.
CAPSS Lifecycle
CAPSS CSE entries
A CAPSS CSE entry comprises of a description of:
- What the core assured product is
- What peripheral products/devices (or protocols) can be used with this system to maintain the core products assurance
- Version of the standard the product was tested against
- What version of the product was initially assured
- Any limitations or considerations a site should consider on deployment of the product
CAPSS defines components in two categories: core and peripheral.
Core components are items which form the product and are made by the submitting manufacturer such as Application software and specific hardware etc. This may also include the configuration of supporting applications such as Windows AD (Active Directory) and third-party databases.
Peripherals components are additional devices which are connected to the core product and generate data to and from the core product for example (depending on the core product), camera’s, keypads, readers, PIDS, IDS etc. These devices/products are not NPSA assured unless otherwise stated.
Key points to note:
The CSE entry details, specifically core and peripheral components, are important as manufacturers may choose to only assure certain aspects of the product. For example, a Security Management System may only assure Access Control or Video Management integration.
Peripheral devices may be supplied/built by either the manufacturer or a third party.
CAPSS provides assurance on the cyber mitigations of the core product and how peripheral components securely connect and transfer data into and out of the product.
Manufacturers wanting to assure peripheral components, depending on their type, should either look at functional NPSA evaluations schemes and/or submit the peripheral components for a separate CAPSS evaluation.
Because CAPSS assures the build and development processes of a product, manufacturers are allowed to “upgrade” their products from the version as tested, for example patching security vulnerabilities is actively encouraged and may require version increases. Introducing new functionality is also permitted resulting in increased version numbers. These changes will be reviewed as per the CAPSS lifecycle process described above.
Under the CAPSS chapter of the CSE, products will occasionally be listed as:
- Under Review - Products labelled as “Under Review” are products where the manufacturer has notified NPSA of major or significant changes and/or have gone past their two-year renewal period and are being reviewed by NPSA and/or and independent Test Laboratory.
- Discontinued – Products labelled as “Discontinued” are products where the manufacturer has notified NPSA that the product is no longer sold. These will be removed from the CSE after 3 months
Additional information
All products that pass a CAPSS evaluation will have hardening deployment guidance, or tools provided with them for the installer to follow or utilise. If the hardening guidance (or tools) is/are not adhered to by the installer of the system, the product will not be deployed in a CAPSS compliant manner. It is essential sites ensure the product is installed and deployed as per manufacturers CAPSS compliance deployment instructions.
Sites that cannot deploy products in accordance with NPSA CAPSS guidance should seek guidance from suitably qualified cyber risk practitioners and the manufacturer of the equipment to understand the risk of using the equipment in a non-CAPSS configuration.
NPSA does not comment on manufacturers that may or may not be undergoing CAPSS evaluations.