jtsec - Our LINCE 2022

Blog

12
- Jan
2023
Posted by: jtsec Team
[jtsec statements]
jtsec - Our LINCE 2022

A few days ago we ended 2022, starting a very exciting 2023 for the whole jtsec team, in which we have no doubt that there will be very interesting projects and challenges. Looking back at the year that has ended, we have seen the incredible evolution that the LINCE methodology has had and the more than significant number of solutions included in the CPSTIC / CCN-STIC 105 catalogue. Therefore, we would like to make a brief summary of our contribution at this point.

Number of products included in the catalogue in 2022 and evaluated by jtsec

A total of 22 products have been included in the catalogue and previously evaluated by jtsec , it is a great joy for us to be able to collaborate with companies such as Stormshield, Deciso V.B, Autek, Instituto CIES, Sidertia, Proofpoint, Check Point, Defense Balance, AWS, Dinosec or Huawei, among others, for the evaluation of their products.

There are different methods for a product to be included in the CSPTIC / CCN STIC-105 catalogue::

  • Common Criteria certification : This type of certification is the most internationally recognized. Products that have previously obtained this certification and comply with the security requirements of the taxonomy to which it applies are included in the catalogue.

  • LINCE certification : This is an option that adapts to the needs to meet the requirements of the national market. A large number of the products currently in the catalogue have obtained a LINCE certification. This is done on a specific version and the evaluation is done on premise.

  • STIC Evaluation: This applies to services developed natively in the cloud, which means that they do not have an on-premise version that can be certified. This type of solutions cannot obtain certification, but they can obtain qualification to be included in the catalogue. This year, 7 STIC cloud solutions have been qualified by jtsec. This is a great success considering that annex G, which applies to "Cloud Services", was published less than two years ago.

  • Supplementary STIC Assessment: This is based on certain additional tests that must be carried out on some products that have previously obtained Common Criteria certification in order to be included in the CPSTIC / CCN STIC-105 catalogue. In this way, a complete evaluation does not have to be carried out, only some tests required by the catalogue itself.

  • Penetration Test: For including a solution in the categories within the taxonomy "Compliance and security governance products and services", does not require a Security Target and carry out a LINCE evaluation, but it does require performing some penetration tests to verify that the tool complies with minimum security requirements.

    • CPSTIC / CCN STIC-105 catalogue, the family grows

    The challenges faced by the catalogue have been several during this 2022, on the part of jtsec we have some remarkable milestones such as::

  • First solution included in the catalogue and evaluated by jtsec in the "Herramientas de videoidentificación” taxonomy, ElectronicID VideoID High Solution, developed by Electronic ID.

  • First product included in the taxonomy "Gobernanza y Planificación de la Seguridad", ANA, developed by Centro Criptológico Nacional.

  • First two solutions included in "Formación y Concienciación de Ciberseguridad": PSAT – Proofpoint Security Awareness Training (Proofpoint) and Smartfense (Defense Balance).

  • First product included in "Herramientas de videoconferencia”, PEXIP Infinity, developed by PEXIP.

    • In addition to these milestones, in 2022 we have qualified solutions in different categories such as::

  • Pasarela segura de intercambio de datos (Secure Data Exchange Gateway)

  • Dispositivos de Red Inalámbricos (Wireless Network Devices)

  • Dispositivos para gestión de claves criptográficas (Cryptographic key management device)

  • Gestión de identidades, IM (Identity Management)

  • Otras herramientas (Other tools)

  • EPP (Endpoint Protection and Platform)

  • EDR (Endpoint Detection and Response)

  • Cifrado y compartición segura de información (Encryption and secure sharing of information)

  • Sistemas de gestión de eventos de seguridad, SIEM (Security information and event management)

  • Redes Privadas Virtuales - IPSEC
    •

    "Adopted" lynxes

    At jtsec we collaborate with the conservation of the Iberian Lynx, therefore, for each new client that includes a product or service in the catalogue, we "adopt" an Iberian lynx in a symbolic way, contributing with the NGO WWF. This year we are very proud to have "adopted" 11 Iberian lynxes.

    Conferences on LINCE methodology

    During this year we have had the opportunity to participate in different events and expose our point of view on different topics related to the LINCE methodology and the CPSTIC / CCN STICC-105 catalogue, among which we would like to highlight:

  • XVI Jornadas CCNCERT, “España y CCN como referentes en la evaluación de ciberseguridad de soluciones en la nube”

  • XVI Jornadas CCNCERT, “Evolucionando la Evaluación Criptográfica”

  • 16 ENISE, “¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?

    • Number of assessments initiated in 2022 and forecasts for 2023

    We have initiated a total of 59 evaluation processes in 2022, a quite remarkable number that highlights two important points of view: the first one is the concern of manufacturers to develop products and services that meet minimum cybersecurity standards and, on the other hand, the interest of the Public Administration in acquiring cybersecurity products included in the catalogue. All of this offers us a horizon in which public and private companies and public administrations are committed to acquiring cybersecure products and services.
    tags
    jtsec Team/Staff

    jtsec: Beyond IT Security Team


    Contact

    Send us your questions or suggestions!

    By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
    RECENT POSTS
    How to enter ENS category high, stay in the catalog and add new versions of my product
    April 23, 2024
    How to enter ENS category high, stay in the catalog and add new versions of my product
    jtsec - Our LINCE 2023
    Febr 6, 2024
    jtsec - Our LINCE 2023
    We wish you a happy and cybersecure 2024
    Dec 19, 2023
    We wish you a happy and cybersecure 2024
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    Dec 14, 2023
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    How to include your product or service in ENS ALTA.
    Oct 31, 2023
    How to include your product or service in ENS ALTA.
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    Sept 19, 2023
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    Legal framework in which the CPSTIC CCN - STIC 105 catalogue is included in the sphere of Public Administration
    Augst 23, 2023
    Legal framework in which the CPSTIC CCN - STIC 105 catalogue is included in the sphere of Public Administration
    New cryptographic evaluation methodology created by CCN, how does it apply and what does it consist of?
    May 9, 2023
    New cryptographic evaluation methodology created by CCN, how does it apply and what does it consist of?
    jtsec achieves ENS High Certification.
    May 1, 2023
    jtsec achieves ENS High Certification.
    Common Criteria Statistics Report for 2022
    March 20, 2023
    Common Criteria Statistics Report for 2022
    CATEGORIES