The aim of the scheme is to allow a wide number of vendors to gain certification and so allow them to bid on government and other public sector - including the NHS - tenders and contracts.
The plan is to focus on products, rather than services, Infosecurity notes, meaning that cloud-based security services - for the time being at least - will not be included in the scheme.
Several products are already undergoing tests on the Commercial Product Assurance (CPA) scheme, as the programme is called, and the plan is for the scheme to be officially announced - along with the first tranche of `certified' products - later this year.
According to the CESG, the CPA framework will initially have two grades of certification - Foundation and Augmented.
Foundation grade certification, says the agency, represents a basic level of confidence in security behaviours of a product. Augmented grade certification, meanwhile, means that CESG evaluators have spent more time and effort investigating the product's working, and have required it to exhibit additional security properties.
Plans also call for the CPA scheme to have tiers of certification, starting with Tier A - defined as a highest priority in terms of the product's security characteristics.
News of the scheme has been welcomed by Origin Storage, the secure systems storage company, where Andy Cordial, the firm's managing director, said it will allow a much greater number of vendors to pitch for public sector security product supply deals, since the smaller firms will be able to compete on a more level playing field.
"This is really excellent news as it's a win-win-win situation for taxpayers, private sector businesses and vendors", he said, adding that the scheme has been a long time coming.
Cordial explained that the Foundation grade certification is likely to become a must-have option for IT security products in the near future, whilst the Augmented certification - which indicates a wider set of security features and depth of testing - will also be popular.
"These accreditations come at a time when zero-day, DDoS and multi-vector IT security threats from organised crime syndicates have become a reality for IT professionals, meaning that hard drive encryption has now become a baseline requirement in any office handling customer, contractor and/or employee information", he said.
According to the Origin Storage MD, whilst a number of major vendors have previously chosen to certify their security products with one or more independent test labs, the lack of common security certifications meant that selecting the best product has not been an easy task.
This, he says, is what makes the new CPA certification scheme so welcome in the IT security industry. Suppliers will welcome the changes as it allows to better define their products for customers, whilst customers, on both sides of the public/private sector divide, will be able to compare the offerings in the marketplace.
It will also, he adds, allow organisations to prove that they have met the compliance requirements of relevant legislation and other best practices in an increasingly complex IT security world.