CESG Claims Tested Mark (CCTM)

The CESG Claims Tested Mark (CCTM) scheme provides a government quality mark for the public and private sectors based on accredited independent testing, designed to prove the validity of security functionality claims made by vendors. In more colloquial terms, the CCTM is designed to assure public bodies that a product or service does ‘what it says on the box’.

‘Directory of Infosec Assured Products’ [PDF, 5.0MB] - A top‑level guide listing all IT security products and services approved by CESG, including CCTM certified products and services.

'Directory of CCTM Certified Products and Services' [HTML] - Directory listing with full details of the CCTM awards, including the claims tested and a summary of the test results for each award.

News and updates

CESG is about to trial our new approach to Commercial Product Assurance through testing our recently developed Security Characteristics for Hard Disk Encryption products and VPNs for Remote Working. This assurance work will seek to test our new approach and ensure that the products evaluated are suitable for use for the protection of information in lower threat / lower impact environments (up to and including Impact Level 3). Products which are successfully evaluated against these criteria will be certified by CESG in due course.
Selection of products for this trial will be against a set of criteria which seek to identify the most suitable product and vendor for assurance. The criteria is available for Hard Disk Encryption products (doc) and VPNs for Remote Working (doc). Additionally, product developers should be aware that they will need to enter an agreement with CESG to cover this work - key points of this agreement (pdf).
If you are a product developer and would like to participate in this trial, please advise CESG of your interest via iacs@cesg.gsi.gov.uk by the 23rd of August.
Recently established UK vendor iStorage, with the diskGenie Version 1 hardware encrypted portable drive, is a welcome new holder of the CESG Claims Tested Mark.
"Part of the CCTM purpose", says Head of Secretariat Peter Hayes, "is to support enterprising new companies working on information assurance for the benefit of the UK public sector. The iStorage diskGenie is a great example of that".
Already in use across local government, the diskGenie is an external hard disk with keypad that claims to be easy to work with, easy to set up and requires no software installation. See the award page for full details of what the CCTM certificate covers.
The CESG Claims Tested Mark is today awarded to Blockmaster AB for the SafeStick USB Flash Drive, in two models and multiple storage sizes.
"This represent a welcome first for CCTM to list a certificated USB Flash Drive product", says Peter Hayes, Head of the CCTM Secretariat ISC.
"We know there are many parts of the wider public sector where handling data classified below the RESTRICTED level brings uncertainties. It is vital that people are using approved products coupled with appropriate procurement decisions, risk management and strong procedural measures. With SafeStick now carrying the CCTM certificate, part of that now becomes a lot easier", say Hayes.
The CCTM certificate applies to the SafeStick models BM7741 as v3.3.1 and v4.0.1 and BM9930 v4.0.1.
CCTM announces successful certification of intimus 9000 Version 1 from Martin Yale International.
CCTM is delighted to announce Global RadioData Communications' ISSV256G VoIP System Version 1.0 as the first VoIP System to be awarded CCTM Certification.
SSLPost Version 1.0 from GCrypt Ltd is announced as the latest CCTM Award.
CCTM welcomes PINsafe Version 3.6 from Swivel Secure Ltd to the list of CCTM certified products and services.
CCTM is pleased to announce renewed CCTM certification of the Secure Data Media Solutions Service offered by SDMS Limited.
CCTM is delighted to announce CCTM certification of Managed Secure Email and Managed Secure Documents Service from Echoworx Limited.
CCTM announces successful certification of Managed Service for Secure Destruction of Data Storage Media and Data Storage Hardware from Diskshred Ltd.
Vodafone awarded CCTM for Vodafone Secure Remote Access Version 2.8 and helps create new 'Mobile and Remote Working' category.
CCTM is pleased to announce renewed CCTM certification for the Secure Destruction of Data on Magnetic Media Service offered by R&R Data Managed Services Limited.
CCTM is pleased to announce successful certification of Euro-Recycling’s Onsite and WEEE Directive Compliant Service for Secure Destruction of Data and Recycling of I.T. Equipment Service.
CCTM welcomes GrIDsure Enterprise Version 3.3.30.14 from GrIDsure Ltd to the list of CCTM certified products and services.
CCTM is delighted with the continuation and certification of Juniper Secure Access FIPS Version 6.5R1.0 from Juniper Networks.
CESG Paper: Product Assurance at IL3 and Below: This short paper clarifies the work being proposed at CESG to simplify HMG policy around the use of assured products, ensuring a robust market for vendors. Issued 25th November 2009
Peter Hayes, Head of CCTM Secretariat, presented an update on CCTM at the NLAWARP Conference, Monday 23rd November, where the subject is 'Beyond the Code of Connection'.
RDC's Managed Services for Secure Destruction of Data is announced as the latest CCTM Award.
CCTM is pleased to announce CCTM certificate extension of TruSeal Version 2.0 from TruData Integrity Limited.
CCTM is delighted to announce CCTM certification of DISK Protect Version 5.2 from Becrypt Ltd.
VigilancePro Version v2009.1.2.6 from Overtis Group Ltd is announced as the latest CCTM Award.
On Site Physical Hard Drive Disintegration Service from Ultratec Limited is announced as the latest CCTM Award.
CCTM announces successful certification of Check Point End Point Full Disk Encryption Version R72 from Check Point Software Technologies Ltd.
Ontrack Eraser Degausser 3.0 from Kroll Ontrack joins the list of CCTM certified Products and Services.
CCTM is pleased to announce renewed CCTM certification of the Secure Destruction of Data on Hard Drives and Magnetic Storage Media service offered by Data Eliminate Limited.
CCTM Secretariat is delighted to be invited to update the Information Security for London (ISfL) Members' Forum on 7th September 2009
CCTM is pleased to announce successful certification of HDC-V Hard Disk Crusher from eDR Europe. The CCTM certificate was presented at the CIPCOG September 2009 event.
CCTM is delighted to announce renewed relationship with MessageLabs Ltd. MessageLabs Anti-Virus Service Version 5.1 is newly certified from 2nd September 2009.
Becrypt Trusted Client Platform Version 3.0 is announced as the latest CCTM Award.
The CCTM Secretariat is delighted to announce a milestone in the CESG scheme's success. The 49th and significantly 50th CCTM awards are announced today. Head of Secretariat Peter Hayes comments "Becrypt has attained a special mention in the CCTM dispatches, gaining both our first and now the fiftieth award in scheme history. This is a testament to both the CCTM scheme attractiveness, and to the commitment of Becrypt to the UK's Information Assurance strategy". Becrypt were today notified of the award of the CCTM certificate for both Becrypt Connect Protect Version 3.0 and Becrypt Media Client Version 1.1 .
CCTM Secretariat attended the Scottish Information Assurance Forum (SIAF) Plenary Meeting, at Stirling on Friday 24th July.
CCTM is pleased to announce successful certification of MessageLabs Policy Based Encryption Service Version PBE Z. The CCTM certificate was presented at the IA09 event.
CCTM announces successful re-certification of AEP Netilla Security Platform from AEP Networks . The Version 6.0.1.4 is announced as the latest CCTM award.
Microsoft Forefront Client Security Version 1.5.1937.0 is announced as the latest CCTM Award. Microsoft Ltd was presented with the CCTM certificate at the Infosecurity Europe 2009 event.
CCTM is pleased to announce the CCTM certification of Aladdin eSafe Version 7.1. The certificate was presented at the recently concluded Infosecurity Europe 2009.
CCTM Policy Announcement: CESG announces new CCTM registration pricing from 1st May 2009 [PDF]. Please contact CCTM Secretariat if further details required.
CCTM announces successful certification of Check Point EndPoint Media Encryption Version 4.93 from Check Point Software Technologies Ltd.
Check Point UTM-1 Edge W Version 7.5.55 from Check Point Software Technologies Ltd joins the list of CCTM certified products and services. Check Point was presented with the award at the recent CIPCOG event.
Thales SafeMove Version 4.0 from Thales e-Security Limited is awarded CCTM and was presented with the CCTM certificate at the recent CIPCOG Conference.
CCTM is pleased to announce CCTM Certification of Lumension Device Control Version 4.3.2. The CCTM certificate was presented to Lumension at the 2nd Annual CIPCOG Conference.
CCTM is featured in Gov Connect GCSx Pre-Connection Take-On Guide
Government Connect is a pan-government programme providing an accredited and secure network GCSx (Government Connect Secure Extranet) between central government and every local authority in England and Wales.GCSx is part of the wider Government Secure Intranet (GSi) and provides connectivity to nearly all central departments.
The GCSx information includes FAQs and guidance on what happens if the Customer does not comply with the CoCo (Code of Compliance) . LAs will also be issued with generic best practice guidance on security including the CESG Claims Tested Mark (CCTM) & the IT Health Check advice.
CCTM team was at the 2nd Annual CIPCOG Information Assurance Conference held at York Racecourse on 25th & 26th February 2009. The theme of the event was around the future direction of Information Assurance, the effect of the Data Handling Review and how it fits into the National Information Assurance Strategy. For details contact : 01347 812176 / 01347 812121
CCTM in Local Government: Local Government Data Handling Guidelines, produced by Socitm working in partnership with the Local Government Association/ Welsh Local Government Association now indicates the use of CCTM approved products or services, where possible.
CCTM recently held a seminar at Kable event 'Information security and identity management' on 20th Nov 2008
CCTM advertising in Kable publication GC Government Computing, November 2008
CCTM featured articles and advertising in Local Government Procurement Review Issue 12 2008
CCTM team was at the iaINDUSTRYFORUM on 6th and 7th October 2008
Our recent CCTM Test Laboratory Forum was well attended on Thursday 18th September
CCTM participated at ISfl Monday 15th September. London Connects runs a Warning, Advice & Reporting Point (WARP) as part of the ISfL offering.
CCTM presented our latest award at CIPCOG NIAF Thursday 11th September
CCTM team was at NISC St. Andrews 21st to 23rd May with NIAF.
CCT Mark Scheme Joins CESG’s Portfollio of IA Services. 01/04/08 [PDF, 25KB]

Inspiring trust and confidence

"In line with Transformational Government Policy and to ensure trust and confidence, Government information systems must use appropriate security products and services which have a minimum assurance of the CCT Mark"
Central Sponsor for Information Assurance

Further information

For further information, please look at the FAQs which provide details about the operation of the CCTM Scheme and information for Vendors and Test Laboratories on how to apply to the Scheme.

If you cannot find what you are looking for contact the CCTM Secretariat.