What are the benefits of including your product in the CPSTIC catalogue?
CPSTIC is the CCN-STIC-140 reference catalogue for cybersecure ICT products in the Spanish Public Administration. It offers a list of products with security guarantees contrasted by the CCN (the Spanish Certification Body).It has a taxonomy divided into different categories and families, which is continuously growing.
Including your product in the catalogue has multiple advantages:
- It improves the cybersecurity of your product
- Powerful marketing tool
- It offers greater visibility of your product in the Spanish Public Administration
- You get a certificate issued by CCN
But, how to include your product in the CPSTIC catalogue?
LINCE is the most common evaluation to access the catalogue as it is the most agile, allowing to reduce time and economic costs. It is a lightweight certification for medium or low security levels, according to the ENS (Spanish National Security Scheme) classification.
It is a certification recognized in Spain, which allows, in a limited time and effort, to obtain a certification issued by the CCN.
Common Criteria Evaluation
Common Criteria is the cybersecurity certification with the widest international scope, as it is recognised in more than 30 countries. It is ideal for high levels of security, taking into account that the cost in both time and money is significantly higher compared to LINCE.
It allows the product to be included in the catalogue as long as the security level is at least EAL 2 and the fundamental security requirements (FRS) defined for that category of the taxonomy are met.
If the original assessment does not meet the RFS, supplementary STIC testing is required.
Supplementary STIC assessment
This is a type of evaluation that is performed on products that have already obtained a Common Criteria certification and are intended to be part of the CPSTIC catalogue but the original evaluation did not cover all the RFS defined for that category. In this case, CPSTIC requires additional STIC testing by one of the accredited laboratories in order to gain access to the catalogue.
Inclusion of a product in the Security Compliance and Governance Products and Services taxonomy
Currently all the products included in this taxonomy have been evaluated by jtsec. Access to this category does not require making a Security Declaration and passing a LINCE, Common Criteria or CPSTIC assessment, but it does require passing penetration tests to verify that the tool complies with minimum security standards.
This peculiarity makes the process less costly for the client, in terms of money, staff resources and time.
At jtsec we have evaluated different products that have been included in different families and categories of the CPSTIC catalogue taxonomy (firewalls, antivirus, authentication servers, access control, switches...). The adaptability of the catalogue to new products allows the expansion of this taxonomy. Among the most outstanding success stories we would like to mention:
- Electric vehicle chargers: At jtsec we have carried out the first evaluation of an electric charger under the LINCE methodology. The existence of a solicitation documents published by a private company that makes it compulsory for suppliers of electric vehicle chargers to be LINCE certified, has led to the emergence of a demand for LINCE certification for this type of product
- Video Identification Tools: This is the first time that a ministerial order (Order ETD/465/2021 of 6 May) has been used to introduce products in the catalogue, creating a precedent, the Administration is anticipating manufacturers. jtsec has evaluated the first product of this new taxonomy created in the CPSTIC catalogue
- Port management software: Enhancing the cybersecurity of critical infrastructures is one of the objectives of the Administration. It is a innovative project at Spanish level, in which we evaluate the first software of these characteristics
10 reasons for choosing jtsec
- Top notch experts
- Leading laboratory in LINCE evaluations
- Laboratory accredited by ENAC and CCN for LINCE and Common Criteria assessments
- Editors of LINCE as a UNE standard
- We use unique tools developed by us that save up to 40% of time and money in the evaluation
- We assure you a fixed price from the beginning, do not face unexpected surprises!
- Deliver on time on launch a support engineer is always available for projects, ensuring we meet deadlines and expectations
- Members of SCCG (Stakeholder Cybersecurity Certification Group)
- Common Criteria native professionals.
- Commitment to your project before, during and after certification
They already trusted us. Let's talk!
WHAT WE OFFER?
At jtsec we are experts in security evaluation and we know the process perfectly. In order to avoid unnecessary costs, contact us as soon as possible.
We have years of experience in LINCE and Common Criteria security assessments, as well as complementary STIC assessments. For your peace of mind, we take care of the entire process, saving you unnecessary time and money.
At jtsec we have developed unique internal tools to speed up the certification process in both Common Criteria (CCToolbox) and LINCE (LinceToolbox). They allow you to speed up both the consultancy and the evaluation of your product. These tools are available free of charge to our clients to create a perfect coordination between jtsec and our client in the project.
We offer a customised approach to your certification, a tailor-made process taking into account that each client and each product is unique. We adapt to your needs by creating a framework, taking into account the specific needs of your project.
MANAGEMENT WITH THE CPSTIC CATALOGUE
Our commitment is to solve and eliminate problems for our clients, not to create new ones. For this reason, we take all the necessary steps with the Catalogue so that the adaptation and inclusion of your product is carried out without delays or incidents.