Improving cybersecurity has been one of the main milestones set by the European Commission in recent years. The European Cybersecurity Directive NIS 1, approved in 2017, already put on the table certain measures to improve cybersecurity in European companies considered critical infrastructures. However, different voices raised criticism about non-homogeneous incorporation of this regulation in the different Member States, creating a different applicability in each one, which in the end leads to a fragmentation of the single market. In this perspective, it was clear that an improvement of NIS 1 would come sooner rather than later, NIS 2.
Performing the LINCE evaluation of a product is always a challenge, and even more when it is the first evaluation for a specific taxonomy. Therefore, we are pleased to be the first laboratory to successfully evaluate a product in the Hyperconvergence Tools category, being included in the Qualified Products section of the Spanish Catalogue of Information and Communication Technology Security Products (CPSTIC), published by the CCN.
A few days ago, the ICCC21 (International Common Criteria Conference),, was held, the international reference conference on Common Criteria.
Once again, this year, it was attended by top-level speakers who covered different topics related to automation, standardisation, new cybersecurity schemes, new uses of Common Criteria...
But this year`s edition was special for us, as we decided to collaborate as Supporting Sponsor, which allowed us to have much more contact with the attendees and to be able to share our services in a virtual stand, as it was held, for the second consecutive year, online.
Taking into account the great effort involved in creating an internationally recognised evaluation methodology, which requires years of work and involvement by numerous public and private entities in different countries, the most viable proposal is to automate processes, thus saving time and money when carrying out a cybersecurity evaluation.
The product remains in the List of Certified Products for 5 years, as long as there is no vulnerability that affects the certified version and therefore entails the revocation of the certificate. Once this time has elapsed since the certificate was issued, the product goes to the Archived Certified Products List, unless the validation time is extended using the appropriate procedures for this purpose. There is a procedure called Assurance Continuity developed to allow manufacturers to keep their product certified to the latest version.
