How to include your product in the CPSTIC / CCN-STIC 105 catalogue in the Security Compliance and Governance Products and Services taxonomy?

Blog

8
- Febr
2023
Posted by: Javier Tallón
[Certification]
How to include your product in the CPSTIC / CCN-STIC 105 catalogue in the Security Compliance and Governance Products and Services taxonomy?

As we all know, the reference catalogue for cybersecurity products in Spain (CPSTIC / CCN-STIC 105) has a taxonomy of products and services that is gradually increasing as solutions are added to the catalogue. Each category has security requirements specified in the annexes of CCN-STIC 140

Process of inclusion of a product or service in the CPSTIC / CCN-STIC 105 catalogue

As we summarised in the post published few weeks ago, there are 5 possible ways to include a solution in the catalogue, depending mainly on three reasons:

  • If a Common Criteria certification has been previously obtained for that product.

  • The category to which the product applies: If it applies to the Security Compliance and Governance Products and Services category, it has certain peculiarities as we will see in the following section.

  • Whether the solution is developed natively in the cloud or, on the contrary, has an on-premise version that can be certified.

    • Inclusion of a product in the Security Compliance and Governance Products and Services taxonomy

    There are currently 5 products included in this taxonomy, all of them assessed by jtsec. Access to this category does not require making a Security Declaration and passing a LINCE, Common Criteria or CPSTIC assessment, but it does require passing penetration tests to verify that the tool complies with minimum security standards.

    This peculiarity makes the process less costly for the client, in terms of money, staff resources and time.

    How can jtsec help you in the evaluation of your product and include it in the Security Compliance and Governance Products and Services taxonomy?

    jtsec is an laccredited laboratory for both LINCE and Common Criteria assessments, with extensive experience in including solutions in the CSPTIC / CCN-STIC 105 catalogue.

    A clear example of the inclusion of a product in this category can be found in Proofpoint for its PSAT product (Proofpoint Security Awareness Training), which the client reflected as a success case by issuing a press release.

    If you want to know more about the process or qualify your product within the Security Compliance and Governance Products and Services taxonomy, we will be happy to help you.

    tags
    Javier Tallón/Technical Director

    Expert consultant on the Common Criteria standard, and other security assurance standards in the field of the information technology (FIPS 140-2, ITSEC, ISO 27K1, SOC 2, ENS...). Javier has served as an evaluator in the Spanish CB for the country major evaluation labs. As a consultant, he has successfully accompanied national and international companies in several certification processes (to EAL5+). His experience has led him to participate as a speaker at several conferences on computer security and certification (SuperSec, Cybercamp, Navaja Negra, International Common Criteria Conference, International Cryptographic Module Conference, EUCyberact Conference). He is also Cyber Security lecturer, giving classes of Secure Software Engineering at the University of Granada and is CISSP (Certified Information Systems Security Professional) and OSCP/OSCE (Offensive Security Certified Professional & Certified Expert) certified .

    In 2015 he begins to lay the foundations of what will be jtsec. He currently works as Technical Director of the evaluation lab and Chief Operations Officer (COO) of the Granada site from where the company develops most of the work. Recognized expert in various disciplines of cybersecurity (reversing, exploiting, web, ...), assumes the technical direction of most of the projects, directing and organizing the work of the team. He also leads the Research and Development area, encouraging the participation of the jtsec team in multiple Congresses.


    Contact

    Send us your questions or suggestions!

    By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
    RECENT POSTS
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    Jan 17, 2025
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    jtsec & Applus+ Laboratories at ICCC24
    Nov 14, 2024
    jtsec & Applus+ Laboratories at ICCC24
    How to use the CCN product catalog to improve your company's security
    Oct 14, 2024
    How to use the CCN product catalog to improve your company's security
    Common Criteria Statistics 2023
    June 17, 2024
    Common Criteria Statistics 2023
    How to enter ENS category high, stay in the catalog and add new versions of my product
    April 23, 2024
    How to enter ENS category high, stay in the catalog and add new versions of my product
    jtsec - Our LINCE 2023
    Febr 6, 2024
    jtsec - Our LINCE 2023
    We wish you a happy and cybersecure 2024
    Dec 19, 2023
    We wish you a happy and cybersecure 2024
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    Dec 14, 2023
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    How to include your product or service in ENS ALTA.
    Oct 31, 2023
    How to include your product or service in ENS ALTA.
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    Sept 19, 2023
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    CATEGORIES