By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
28 - Sept 2022
How to evaluate a video identification solution for being included in the CPSTIC / CCN - STIC 105 catalogue
Posted by: Javier Tallón

There is no denying the recent boom in the use of video identification solutions as a method to enable the management of all kinds of procedures, thus eliminating the need to be present in person. Sectors such as banking, insurance or legal are gradually increasing the use of video identification software in their day-to-day business.

For this reason, the Spanish Ministry of Economic Affairs and Digital Transformation, in BOE núm. 115, of 14 May 2021, regulated remote video identification methods for the issuance of qualified electronic certificates. This forces the providers of this type of services to validate their solutions in the terms established in Anexo F11 de la Guía de Seguridad de las TIC CCN-STIC 140 of the National Cryptologic Centre, by means of product certification, with a deadline of 1 July 2022 for obtaining this certification, a period that was extended to 1st of January 2023.

read more
15 - Sept 2022
Cyber Resilience Act, the European initiative for the future of cybersecurity in digital products.
Posted by: Javier Tallón

The CRA is an initiative that aims to ensure that vendors establish appropriate cybersecurity safeguards in the digital products they sell. By establishing cybersecurity requirements before and after a product is marketed, the CRA will strengthen the security and resilience of the entire supply chain for the benefit of businesses and end consumers.

The main mission of the Cybersecurity Resilience Act is to fill existing gaps in legislation by creating horizontal legislation defining European cybersecurity standards for digital products and services, as currently EU product-specific legislation mostly covers security aspects and addresses cybersecurity only partially.

read more
2 - Sept 2022
jtsec evaluates the first Videoconferencing tool included in CPSTIC/CCN-STIC 105 catalog
Posted by: José Ruiz

Evaluating a pioneering product in a CPSTIC/CCN-STIC 105 taxonomy is both a great motivation and a challenge. Therefore, we are pleased to be the first laboratory that has successfully evaluated a product in the category of Videoconferencing tools, being included in the Qualified Products section of the Spanish Catalogue of Information and Communication Technology Security Products (CPSTIC) published by the CCN. From here we would like to congratulate PEXIP for this reason and for the great work done.

read more
24 - Augst 2022
Evaluating IoT firmware through emulation and fuzzing

In this article we will discuss how we could apply fuzzing to software developed for embedded systems and IoT using techniques such as emulation and dynamic instrumentation, with the main goal of learning a new way of evaluating the security of devices like routers, smart lightbulbs, industrial IoT, etc.

read more
12 - May 2022
Common use cases and getting started with the HackRF One

While performing a STIC evaluation of a product, the evaluation team at jtsec thought that it would be interesting to analyze the communications between two embedded devices that were part of the product. The main objective was to determine whether those communications were properly secured with encryption and other important security measures when it comes to devices that communicate using radio frequencies such as protection against jamming, GPS spoofing or replay attacks.

read more