CCN has published LINCE methodology for evaluation of IT products

Blog

6
- July
2018
Posted by: José Ruiz
[Cybersecurity & hacking tools and techniques]
CCN has published LINCE methodology for evaluation of IT products

The CCN (spanish National Cryptologic Center) has published the LINCE - National Essential Safety Certification evaluation methodology on its website.

The CCN indicates in its website the following:

LINCE is oriented to the evaluation and certification of ICT security products for inclusion in the CPSTIC catalogue for medium or low levels of the ENS in accordance with CCN-STIC-107 and CCN-STIC-141 guides. It can also be used for the performance of complementary STIC Evaluations as specified in CCN-STIC-106 and CCN-STIC-140 guides.

This methodology will therefore facilitate the inclusion in the CPSTIC Catalog which regulates the acquisition of IT products in the Spanish administration.

The main features of the LINCE certification aren:

  • Focused on vulnerability analysis and penetration testing.
  • It analyzes product compliance with your critical security requirements.
  • Temporarily limited in both effort (25 man/days) and duration (8 weeks)
  • Reduces manufacturer effort compared to other evaluation methodologies such as Common Criteria.
  • Applicable when the threat level is basic or medium.
  • The evaluation will be carried out by laboratories accredited by the CCN.

The certification body has published the following documents

  • CCN-LINCE-001: Definition
    • This document includes the definition of LINCE, as well as the definition of the actors involved in the evaluation process, and the different phases of the evaluation process.
  • CCN-LINCE-002: Evaluation Methodology
    • This document contains the evaluation methodology to be followed by the laboratories.
  • CCN-LINCE-003: Security Statement Template
    • The purpose of this template is to make it easier for developers to write the Security Targetrequired for the LINCE assessment.
  • CCN-LINCE-004: Template for the Technical Evaluation Report
    • The aim of this template is to make the validation of the reports issued by the laboratories more effective by the CB (Certification Body).

This methodology, created by the certification body, is aligned with other similar initiatives in European countries such as CSPN in France and with the levels of assessment defined in the Cybersecurity Act promoted by the European Commission.

If you need any information on how to include your product in the catalogue (CPSTIC) or about the LINCE certification, please do not hesitate to contact us at hello[en]jtsec.es.

You may also take a look at our LINCE evaluation service section for further information.

tags
José Ruiz/CTO

Jose is an expert consultant on the Common Criteria standard with more than 10 years of experience. Jose has a wide background in other security assurance standards in the field of the information technology as Common Criteria, FIPS 140-2, FIPS 140-3, GP TEE, PCI-PTS, LINCE. Jose has served as an evaluator, Technical Leader and CC Consultant for Epoche&Espri and as CC lab manager and Cyber Security Service Manager for Applus+. His experience has led him to participate as a speaker in various editions of the ICCC (International Common Criteria Conference) and ICMC (International Cryptographic Module Conference). He has been the “Chairman” of a subgroup within the ISCI WG1 Eurosmart Initiative to develop the CC Methodology. He is also member of different working groups as ISO SC27 or Global Platform TEE and an active member of the group ERNCIP “IACS Cybersecurity certification“.

In 2017 he founded with Javier what is now known as jtsec. He is currently in charge of promoting the commercial expansion of the company from its headquarters in Madrid as CTO. In addition, he represents jtsec in various national and international forums and is responsible for quality.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
RECENT POSTS
How to enter ENS category high, stay in the catalog and add new versions of my product
April 23, 2024
How to enter ENS category high, stay in the catalog and add new versions of my product
jtsec - Our LINCE 2023
Febr 6, 2024
jtsec - Our LINCE 2023
We wish you a happy and cybersecure 2024
Dec 19, 2023
We wish you a happy and cybersecure 2024
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
Dec 14, 2023
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
How to include your product or service in ENS ALTA.
Oct 31, 2023
How to include your product or service in ENS ALTA.
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Sept 19, 2023
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Legal framework in which the CPSTIC CCN - STIC 105 catalogue is included in the sphere of Public Administration
Augst 23, 2023
Legal framework in which the CPSTIC CCN - STIC 105 catalogue is included in the sphere of Public Administration
New cryptographic evaluation methodology created by CCN, how does it apply and what does it consist of?
May 9, 2023
New cryptographic evaluation methodology created by CCN, how does it apply and what does it consist of?
jtsec achieves ENS High Certification.
May 1, 2023
jtsec achieves ENS High Certification.
Common Criteria Statistics Report for 2022
March 20, 2023
Common Criteria Statistics Report for 2022
CATEGORIES