Becrypt OS successfully evaluated through NCSC Cyber Resilience Testing
Becrypt OS has been successfully evaluated through the National Cyber Security Centre’s (NCSC) latest product assurance process, Cyber Resilience Testing (CRT). CRT represents NCSC’s current approach to product assurance and is founded on Principles Based Assurance, which NCSC describes as being focused on “meaningful security outcomes rather than prescriptive compliance”.
CRT places emphasis on how effectively security controls are designed, implemented and governed in practice, it considers both product-specific technical controls and the wider organisational security practices that underpin secure development, maintenance and support, reflecting NCSC’s position that “security is a property of both the product and the organisation that develops and maintains it.”
Cyber Resilience Testing is conducted by NCSC endorsed Test Laboratories, which work collaboratively with vendors to assess security governance, development lifecycles and product functionality. Structured around a comprehensive set of security claims tailored to reflect product and deployment context, the process results in reports that can support either light-touch assurance or more detailed risk assessment.
Becrypt’s CEO, Dr Bernard Parsons MBE, commented: “Having worked in Information Assurance and Cyber Security for thirty years, I have been involved in quite a range of product assurance schemes, and have had first-hand experience of some of their challenges. Principles Based Assurance does a lot to avoid the tick-box compliance mentality that many schemes unfortunately can encourage, and is better suited to meet the challenges presented by today’s technology diversity and pace of change”.
CRT is closely aligned with the UK Government’s Software Code of Practice and with wider NCSC guidance and principles. NCSC has emphasised that effective assurance should “support informed decision-making and risk management by consumers,” rather than acting as a binary indicator of security quality.
Dr Bernard Parsons continued: “For years, buyers of software products have struggled to differentiate between products with relevant security controls that have been well implemented, and those that haven’t. In some areas, this level of information asymmetry has led to market failures. NCSC’s latest annual report highlights the need for ‘Radical Transparency’ to address today’s opaqueness with cyber that leads to adverse outcomes. The CRT process is designed to support informed risk management, while at the same time coping with technology diversity and change. In today’s world of increasing cyber risk, and interdependence across complex supply chains, elevating the effectiveness and importance of product assurance has become critical”.
About Becrypt OS
Becrypt OS is a secure operating system designed to protect sensitive data and reduce cyber risk in high-assurance environments. It provides a controlled execution environment that separates and contains applications and data, helping organisations to limit the impact of compromise and user error. Becrypt OS has been developed to support use cases across government, defence and critical national infrastructure, where the confidentiality, integrity and availability of information are essential to operational resilience.
Security assurance has been a core consideration in the design and evolution of Becrypt OS. The product has been developed with the expectation that it will be deployed in environments subject to rigorous security scrutiny, and where independent assurance provides an important input to organisational risk management.
Assurance as a Customer Expectation
Becrypt’s customers typically operate in sectors where security assurance is not optional, but an established expectation. Independent evaluation and transparent evidence of security effectiveness form a critical part of how these organisations assess and manage risk. Engagement with NCSC’s Cyber Resilience Testing reflects Becrypt’s long-standing approach to assurance, supporting customers with proportionate, evidence-based insight aligned to real-world threats and operational requirements.
By participating in CRT, Becrypt aims to contribute to a more resilient and informed market, where assurance supports better security outcomes rather than superficial compliance, and where buyers are equipped to make decisions based on credible and relevant evidence.
Find out more:
Discover how Becrypt’s high assurance solutions can help your organisation stay ahead of evolving cyber threats.
