jtsec, an Applus+ company, has expanded its services by obtaining ISO 17025 accreditation from ENAC to evaluate cryptologic products under the Methodology for the Evaluation of Cryptographic Mechanisms (MEMeC) methodology. jtsec also participated in developing this methodology, closely collaborating with the CCN (National Cryptologic Center). With this achievement, jtsec becomes the first company prepared to provide this innovative service.
The MEMeC methodology has been designed to assess the correct implementation of cryptographic mechanisms used in technological products. Its main application is within the framework of broader evaluations such as Common Criteria (CC), LINCE, and STIC certifications, where specific cryptographic evaluation is required. However, it can also be used independently for direct cryptographic assessments.
The MEMeC certification defines three assurance levels (CL1, CL2, and CL3) and evaluates requirements encompassed in four fundamental areas: cryptographic implementation, cryptographic management, conformity testing, and implementation of Pitfalls.
The evaluation involves a comprehensive review of manufacturer documentation and conducting rigorous tests to verify that a products cryptographic mechanisms meet applicable requirements and implement authorized cryptographic functions.
