Introduction
The CAPSS evaluation programme assesses physical security equipment against cyber mitigations.
What can be tested?
CAPSS testing is available to be undertaken on any security product, be it hardware or software. Examples of potential products available to be assured are physical security information management systems (PSIMS), visitor management systems (VMS), access control hardware and software, perimeter intrusion detection hardware and software, intrusion detection systems hardware and software - the list goes on.
It is worth noting CAPSS is not a replacement for the functional standards assurance programmes run by NPSA. Where there is a functional standard, it is strongly recommended that these are adhered to as well as undertaking CAPSS assurance.
CAPSS is a pass or fail assessment and therefore there is no grading associated to any products.
Systems that successfully pass CAPSS will be entered into the NPSA Catalogue of Security Equipment (CSE) with full details of all the components tested published, including both core and peripheral items. These are defined in more detail below:
- Core Components - items which make up the device being tested (for example a Video Management System is made up of a video server, network data storage and a viewing computer)
- Peripheral Items - items which need to be added to a system to make it functionally work but in themselves are not assured (for example a CCTV camera connecting to a Video Management System. The CCTV camera itself is not assured, however the connecting of the camera does not adversely affect the cyber security of the Video Management System).
Who provides what?
Manufacturer
- The manufacturer is required to submit their own hardware/software.
- The manufacturer will also have to submit representative devices (if using an IP protocol) / or details of the protocols for those devices (if using another protocol). E.g. CCTV Camera, PIDS controller, IDS PIR, SMS, AACS door controller
Test lab
- Test Labs would provide simulators (such as RS232/RS485)
- Any tools specific to verification testing
- A representative “small” corporate network
CAPSS Lifecycle
The CAPSS trademark will be awarded initially for a period of 2 years at which point a small re-evaluation of the product will be required. If nothing significant has changed materially affecting the security mitigations within that period, a further 2-year period of assurance will be issued. This will continue until the product has been assured for 6 years at which point a full re-evaluation will be required.
CAPSS Documentation
For manufacturers wishing to undertake CAPSS, key documents required can be downloaded via the document links at the bottom of this page. They are:
- CAPSS 2024 - Security Characteristic v1.0
- CAPSS 2024 - Application Notes for Manufacturers v1.0
- NCSC Build Standard 1.4
- CAPSS 2024 TSC and ERR Recording Spreadsheet
- CAPSS The Evaluation Maintenance - FAQ
Evaluation Scheme Process
If a Manufacturer wishes to submit a product for an assurance evaluation the following steps should be followed:
- The manufacturer reads through the CAPSS standard documentation.
- Manufacturer submits product for evaluation to an authorised NPSA test lab.
- The test lab notifies NPSA of CAPSS evaluation enquiry.
- Test lab sends NPSA’s Manufacturer agreement to manufacturer on behalf of NPSA for completion.
- Test lab undertakes scoping work and produces a tailored security characteristic and assurance plan.
- Test lab undertakes CAPSS evaluation to ensure that the product meets the CAPSS standard.
- Test lab sends CAPSS evaluation report to NPSA and a panel decides on whether the product passes or fails the evaluation. If the product fails the evaluation, then the manufacturer will need to make the recommended amendments and resubmit.
- When a product passes the evaluation, a new entry is created in the CSE and the manufacturer is sent an NPSA trademark for their product.
- CAPSS then goes to the 2-, 4- and 6-year renewal process.
Post-Evaluation Lifecycle
Following a successful evaluation, the product will be assured for an initial period of two years, after which the manufacturer will be expected to undergo a lightweight renewal process performed by a Test Lab of the manufacturer's choice. This will be repeated after a further two years (i.e. four years after initial evaluation). A full evaluation will be required six years after the initial evaluation. When undergoing a renewal Manufacturers can choose to renew against the new/current standard for a further two years, for example 2024, or renew against the original standard for example 2022 for a further two years. Note that if renewing against a new/current standard manufacturers should be aware and happy that their product meets all the new requirements in the new standard.
The following steps are required at two and four years from the initial pass being awarded.
- Approximately four to six months prior to expiry, the manufacturer will engage with any of the NPSA approved test labs. This process will be funded by the manufacturer.
- The manufacturer provides a change log of the product since the initial evaluation to the test lab.
- An impact assessment is carried out by the test lab comparing changes submitted by the manufacturer to the current published standard.
- A gap analysis to identify any fundamental changes to the product and/or development processes compared to the initial evaluation is performed by the test lab.
- A recommendation of what type of intervention (e.g. minor document review, partial re-evaluation or full re-evaluation) is provided by the test lab to NPSA.
- NPSA panel will review the test lab report and findings and will be reported back to the manufacturer by the test lab.
- If no significant issues are reported, NPSA will write to the manufacturer confirming the trademark will be awarded for a further two years. If significant issues of concern are reported, a partial (or full) re-assessment may be required. At six years from the initial pass the product is required to undergo full reassessment.
NPSA Authorised Test Labs
EVALUATION SCHEME | TEST LAB | TEST LAB CONTACT |
---|---|---|
CAPSS |
BSI
CyTAL
NCC |
|
CAPSS Ready Questions
Please note that this will require engagement from technical staff. Manufacturers can seek to have a pre-consultancy with a test lab or an independent technical specialist prior to product submission.
- What does the product do?
- Do you have a Network diagram indicating how your system works in a live environment?
Network Diagram guidance
A manufacturers network diagram should contain the following information:
- A clear map how all core and peripheral devices link together.
- A clear indication of how device/equipment boarders are separated (for example what is contained in a metal enclosure).
- An example IP address scheme assigned to each individual device (for example 192.168.0.0/24)
- What protocols each device is communicating on each link between devices, (e.g. HTTPS, OSDP2 etc)
- Clear distinction between wired and wireless connections between devices, if applicable.
- Clear mapping of unsecure and secure areas (e.g. secure enclave, untrusted area, etc) - What part of the system is being evaluated for CAPSS assurance? (E.g if you have you have a Security Management System (SMS) which attaches to a Network Video Recorder (NVR) but you only want to assure the NVR.)
- What hardware is supplied as part of the system, e.g. servers, PC’s, camera’s, card readers etc.
- What Software is supplied as part of the system, e.g. Operating System, Virtual Servers, application software etc.
- What 3rd party elements are needed for the system to function, e.g. Network/internet connection, Server, Active Directory, Peripherals, software etc.
- Do the testing setup instructions/equipment required given to the test lab differ from operational installations?
- What is the version of firmware supplied on the product and how many sub-versions are there?
- How do the manufacturers ensure that the product sold is the product version that has been CAPSS assured?
Trademarking
- Manufacturers who undertake a successful CAPSS evaluation will receive a CAPSS 20xx Trademark and associated wording for the specific product that was tested
- Terms and conditions of use of the Trademark will be provided after a successful evaluation
- Manufacturers may be subject to ad hoc assessments after an evaluation to ensure that evidence presented during the evaluation is still valid and in active use.
- A manufacturer's NPSA Trademark may be revoked if NPSA terms and conditions as described in the Manufacturers Agreement are breached.
FAQ
We have put together some frequently asked questions to give you more information relating to CAPSS.