As we all know, the reference catalogue for cybersecurity products in Spain (CPSTIC / CCN-STIC 105) has a taxonomy of products and services that is gradually increasing as solutions are added to the catalogue. Each category has security requirements specified in the annexes of CCN-STIC 140
Process of inclusion of a product or service in the CPSTIC / CCN-STIC 105 catalogue
As we summarised in the post published few weeks ago, there are 5 possible ways to include a solution in the catalogue, depending mainly on three reasons:
Inclusion of a product in the Security Compliance and Governance Products and Services taxonomy
There are currently 5 products included in this taxonomy, all of them assessed by jtsec. Access to this category does not require making a Security Declaration and passing a LINCE, Common Criteria or CPSTIC assessment, but it does require passing penetration tests to verify that the tool complies with minimum security standards.
This peculiarity makes the process less costly for the client, in terms of money, staff resources and time.
How can jtsec help you in the evaluation of your product and include it in the Security Compliance and Governance Products and Services taxonomy?
jtsec is an laccredited laboratory for both LINCE and Common Criteria assessments, with extensive experience in including solutions in the CSPTIC / CCN-STIC 105 catalogue.
A clear example of the inclusion of a product in this category can be found in Proofpoint for its PSAT product (Proofpoint Security Awareness Training), which the client reflected as a success case by issuing a press release.
If you want to know more about the process or qualify your product within the Security Compliance and Governance Products and Services taxonomy, we will be happy to help you.