What is LINCE Certification
LINCE is an evaluation and certification methodology for ICT security products developed by the Spanish CCN (National Cryptologic Center). It has been developed to be an objective means of assessing and accrediting the ability of an ICT Products to handle information securely.
This methodology is designed for ICT products requiring certification with medium or low security criticality. Unlike other certifications, such as Common Criteria, the LINCE assessment is done with limited scope, within a limited amount of time and effort. In this way, the costs are accessible to all types of manufacturers.
The objective of a LINCE assessment is to enable an evaluation laboratory to verify whether a product conforms to its specification by determining the effectiveness of the security functionality implemented. This evaluation is carried out on the basis of information contained in the manufacturer's documentation and product information from public sources.
Why certifying with LINCE
One of the main reasons for obtaining a LINCE certification is that, in Spain, the ICT security products used by the Administration must be included in the CPSTIC product Catalogue. To be included in this Catalogue, the product must have passed a security assessment and obtained the corresponding certificate. LINCE is oriented to the evaluation and certification of ICT products that need to be included in the CPSTIC Catalogue, for medium or low levels according to the classification of the ENS (Spanish National Security Scheme).
Another reason to obtain a LINCE certification is that it allows you to prove the security of a product through a process that is much more affordable and shorter than a Common Criteria certification. This certification provides a guarantee that a product has been evaluated according to a well-defined methodology by a reliable and technically trained third party, offering an additional level of confidence to the customer.
How to obtain a LINCE certification?
To obtain LINCE certification, the product must be evaluated by a laboratory that acts as a reliable and technically trained third party. The laboratory will review the manufacturer's documentation and perform tests to verify that the product conforms to its specification.
The manufacturer of the product delivers to the laboratory the Security Target (ST), which defines the scope of certification, guidelines for use and safe configuration of the product. In addition, it will use information from public sources, such as technical specifications or product data sheets.
With this documentation, the laboratory will obtain the information necessary to perform a series of tests to try to identify and exploit product failures and vulnerabilities. On the other hand, the evaluation may also include testing of the cryptographic components and analysis of the source code.
The results of the laboratory evaluation are reflected in an Evaluation Technical Report (ETR), which the Certification Body will review and, in the event that the evaluation has not found any security faults or nonconformities, issue the LINCE certificate, which certifies that the product has been satisfactorily evaluated.
They already trusted us. Let's talk!
What We Offer?
At jtsec we are experts in LINCE security evaluations and we know the process perfectly. In order to avoid unnecessary costs, contact us as soon as possible.
As accredited laboratory, we carry out the LINCE security evaluation of your product, checking the documentation, the security functionality and performing the necessary tests so that you can successfully obtain the LINCE certification.
At jtsec we have developed LinceToolBox, an innovative and unique tool to smooth LINCE certification, saving time & money.
Trust and professionality
We have years of experience in security certifications and we have a team of professionals with great knowledge and expertise that will take care of the entire process, saving you unnecessary time and money.
We have arrived to take up the torch of technical excellence. Only from the highest qualification will we be able to verify the security of your products. We are 100% committed to a refined process of ongoing formation.
Time To Market
Only by doing our job on time can we give our customers a competitive advantage. If time is limited, you can trust us. We put all our resources at your disposal to be, not only the best, but also the first.