Skip to content
  • Home
  • NPSA Product Grading Systems

NPSA Product Grading Systems

Last Updated 02 July 2024

NPSA use a number of product grading systems.

CLASS = Detection

PROTECTION = Delay

Aim

The aim of this document is to provide guidance to help understand and distinguish between the different NPSA Grading systems.

Background

NPSA evaluate security products in a number of different categories (types of products) against a number of different threats. Upon completion of an evaluation, NPSA convenes a panel of experts to assess the results of the evaluation. After consideration of the written report, and other factors, successful products are awarded a grading. This grading may be either a CLASS rating or a PROTECTION level. 

Using Graded Products

While utilising NPSA graded products gives a level of assurance around the products’ capabilities, not all sites will require information about the products’ grading.

Higher security sites, both UK Government and Critical National Infrastructure (CNI) will be interested in utilising NPSA graded equipment AND will be interested in the grading of a product. 

The selection of the appropriate NPSA graded product or system will be based on a risk assessment following a defined methodology. This risk-based approach takes into account the threat to the site, or asset, and balances it against the different security measures (guarding, vetting, access control etc.) which may be in place. 

Lower security sites or public space will be less interested in the NPSA grading of equipment and may simply choose to utilise NPSA graded products to gain a level of assurance about the products’ capabilities. As such, a publicly available version of the Catalogue of Security Equipment (CSE) is offered which does not detail a product’s grading but is simply a list of items that hold “NPSA assurance”.

What does CLASS mean?

A CLASS rating is an NPSA evaluation to measure a products’ performance, and resistance to, varying forms of surreptitious attack. 

A surreptitious attacker would generally wish to go un-noticed. This means that they could tamper with a system or device so that it does not operate as intended and may not want to leave any indication that an attack has taken place. 

Surreptitious attackers:

  1. Want to avoid detection (either electronic or visible indication) and 
  2. Circumvent the security features on a product to prevent it operating and/or
  3. Tamper with a device so that it does not operate as intended.

CLASS Rating

Successful CLASS evaluations are ‘rated’. CLASS ratings comprise CLASS 1 (lowest) through to CLASS 3. In some cases, the NPSA CLASS evaluation is a top up to an existing British or industry standard and, as such, a CLASS 1 product is still a very capable product.

CLASS ratings are based upon the effort required to defeat the product through a surreptitious attack. This effort is measured in skill, tools and time of the attacker. The skills of the attacker range from a less technical person through to one who is a specialist (e.g. trained in defeating technical security products). The tools of the attackers also range from standard industry tools to custom devices built to defeat a specific product. 

Along with being a measure of a products’ resistance to defeat, in many cases a CLASS rating also includes a ‘product performance’ evaluation. These performance evaluations are generally to a similar level throughout the ratings. As an example, in the case of detection equipment, a check is undertaken that the FAR (False Alarm Rate) is within an acceptable range. 

In effect, a ‘performance evaluation’ checks that the product ‘does what it says on the tin’ but is not a longevity study nor in depth environmental testing.

CLASS Explained

It is possible for a product to achieve a CLASS rating without providing any protection against forcible attack.

At higher CLASS levels, a CLASS attacker may play the ‘long game’.  CLASS attackers may undertake an attack over many months or years (including reconnaissance, preparation and the attack). They may require repeated or long-term access for this to happen. 

It is possible to achieve a CLASS rating in a number of ways. Some examples are below: 

  • A product is capable of securely auditing its own use, 
  • A product will show signs of interference (anti-tamper),
  • An attack on a product may be possible but, a significantly long time is required, 
  • A product provides a high level of detection.

A CLASS product, depending on the type of product, may not provide an immediate alert and it may be that additional policies and procedures, such as an inspection regime, are necessary. For example, tamper seals need to be regularly inspected.

Manufacturers of products holding NPSA CLASS assurance are permitted to confirm that their product holds a CLASS rating, but the rating of that product must not be publicly available. This is to protect its capability and publication of this rating may result in a ‘downgrading’ of the product.

Details of the CLASS rating of products can be found on the NPSA Extranet CSE or from the manufacturer of the product. 

As detailed above, three CLASS rating are available for evaluation, CLASS 1, CLASS 2 and CLASS 3, they correspond to the attacker types as follows:

  • CLASS 1 attacker - An attacker with basic knowledge. They are looking to undertake their attack without any real concern for detection. Rudimentary methods to mask their attack or defeat the product may occur.
  • CLASS 2 attacker - A technically trained attacker. They are highly motivated to avoid detection/defeat the product and will undertake an amount of planning before attempting their attack. They are well equipped, normally with commercial tools, to undertake their attack.
  • CLASS 3 attacker - A highly skilled attacker specifically trained to undertake their attack. They have access to specialist tools, training facilities and knowledge; they are very well resourced. 

What does PROTECTION mean?

A PROTECTION level is an NPSA evaluation to measure a products performance, and resistance to, varying forms of forcible attack.

A forcible attacker is not generally worried about hiding evidence of an attack. The only goal is to defeat the product and gain entry or undertake their ultimate goal. This kind of attack is primarily associated with a terrorist threat.

Forcible attackers:

  1. Don’t care about detection (if they can complete their goal),
  2. Will attempt to ‘break through’ the product as fast as possible,
  3. Will generally have one attempt to undertake their goal. 

PROTECTION Grades

Manual Forced Entry Standard (MFES) is NPSA’s primary ‘manual forced entry’ standard. It is aimed at providing a forced entry delay against attackers wishing to overcome a security product who have the sole intention of ‘breaking their way through’ a security device in a physical manner.

Successful PROTECTION evaluations, against NPSA’s MFES standard are given a PROTECTION LEVEL. Three protection levels exist within MFES; BASE, ENHANCED and HIGH.  

MFES takes in account:

  • Generic levels of knowledge and experience of those attackers 
  • Availability of tools to those likely to conduct such attacks.
  • Methodology likely to be employed.
  • Tests conducted by two attackers.

More information on MFES is available:
Protection from Forced Entry

NPSA also undertakes evaluations against the NPSA Marauding Terrorist Attack Standard (MTAS). MTAS is NPSA’s standard focused on the interruption of a marauding attacker.   

The attacker will be looking to move quickly around a building and will have limited access to attack tools, however they may have some form of bladed, blast or ballistic weapon with them and may use this as part of their attack.

More information on MTAS is available in the following document:
Introduction to the Marauding Terrorist Attack Standard (MTAS)

PROTECTION Explained

The emphasis of a PROTECTION product is DELAY. In delaying an attacker, the attacker will either:

  • become exhausted or despondent and give up on their attack before the security product is breached,
  • when coupled with a detection system, a suitable response will interdict the attacker before the delay limit of the product has been reached and the product breached.

It is highly likely that a PROTECTION product will have NO detection capability and will need to be coupled with a CLASS product to enable detection of the attack and a response initiated. 

A PROTECTION product is simply delaying an attacker and, given enough time undetected, all products can be breached.

Due to the fact that PROTECTION products are delaying attackers carrying out forcible (physical) attacks, with little to no regard to noise, PROTECTION products tend to be larger, heavier and bulkier than standard products and as such will require additional design thought when being installed into a building / location.

Three protection levels exist with MFES; BASE, ENHANCED and HIGH. They correspond with the three types of attacker: Novice, Knowledgeable and Expert respectively. 

Did you find this page useful? Yes No