Performing the LINCE evaluation of a product is always a challenge, and even more when it is the first evaluation for a specific taxonomy. Therefore, we are pleased to be the first laboratory to successfully evaluate a product in the "Hyperconvergence Tools" category, being included in the Qualified Products section of the Spanish Catalogue of Information and Communication Technology Security Products (CPSTIC), published by the CCN.
What are the challenges involved in evaluating a product in a new taxonomy?
When evaluating a product in a new category, the evaluation requirements have to be adapted and improved. As a pioneer laboratory, we had to face this improvement process as there was no evaluated product on which to have a reference.
What exactly is a hyperconverged product?
Katua®SDI Platform, developed by the manufacturer KRC Española S.A., is the first product to obtain LINCE certification and is included as a "Hyperconvergence tool" in the CPSTIC catalog.
Katua®SDI Platform is a hyperconverged platform based on the SDI (Software Defined Infrastructure) paradigm, conferring the ability to create complete virtual data centers, where all elements of storage, network management and computing are defined and configured by software. Hyperconverged products therefore integrate compute, storage and network capabilities into a single operating layer, centralizing all data center management tasks at the software level.
Evaluation requirements applied to hyperconverged products
CCN establishes a series of fundamental security requirements for the evaluation of each product family.
The requirements shown below are those that apply to the hyperconvergence layer of the product, highlighting the hyperconvergence requirements in which some functionalities such as the possibility of managing snapshots or the secure deletion of information are tested.
Evaluation of the cryptographic module or MEC in "Hyperconvergence Tools".
The product implements a cryptographic module that is used for cryptographic operations required by the product. The so-called MEC (cryptographic evaluation module), required additional evaluation.
The evaluation of a MEC (Cryptographic Evaluation Module) requires a series of tests in order to evaluate the different cryptographic mechanisms used. To this end, the results obtained by the TOE were compared with the results obtained by a cryptographic reference implementation..
Evaluation of hyperconverged products, we can help you!
As the first laboratory in the evaluation of this taxonomy of products under the LINCE methodology, we have the necessary experience in case you wish to evaluate your product and include it in this category.
As the leading lab in LINCE evaluations, our experience will help you to make the certification process as agile as possible, thus reducing the time and resources needed by our clients.
If you want to obtain a valid cybersecurity certification for your hyperconverged tool, we will be happy to help you.
