The National Cryptology Centre (CCN in Spanish) has included two new products evaluated by jtsec in its CPSTIC Security Products Catalogue. In constant collaboration with our international clients, we are pleased to communicate that the following products are already part of the CPSTIC Security Products Catalogue.
| Product | Manufacturer | Category |
| McAfee Network Security Platform NS Sensor v 9.1.17.100 and NSM v9.1.21.20 | McAfee, LLCO | Monitorización de Seguridad |
| Checkpoint Endpoint Security (Sandblast Agent) E82.40 (82.40.1159) | Check Point Software Technologies Ltd. | Seguridad en la explotación |
What certifications allow products to be included in the CPSTIC Catalog?
There are two main cybersecurity certifications with which you can access the CPSTIC Catalogue.
- Common Criteria: This is an international certification that defines a common framework for evaluating the cybersecurity of IT products, which also allows the product to be recognized in 31 countries such as the United States, France, Germany and Canada. In some cases, Common Criteria evaluation requires additional STIC tests to be performed in order to access the Catalogue, depending on the scope of the initial evaluation.
- LINCE: This is a certification qualified as "lightweight" and is the most appropriate for the Spanish market both because it is more affordable and because it is speed in the process by facilitating the inclusion into the Catalogue. That is why LINCE certification is the most common certification in Spain.
Which laboratory can carry out the certification to be included in the CPSTIC Catalogue?
The cybersecurity assessment to obtain the entry in the CPSTIC Catalogue has to be carried out by a laboratory accredited by the National Accreditation Entity (ENAC in Spanish) and the National Cryptology Centre (CCN in Spanish) in the field of IT Security. It should be remembered that jtsec is the first laboratory accredited for LINCE certification and collaborates in the development of the same.
What steps does the product follow until it is included in the CPSTIC Catalogue?
- The product has to be fully developed or in the last stages before its final version
- The product is analyzed by an accredited laboratory, through a vulnerability analysis and penetration test.
- Once the product complies with the cyber security standards established by the methodology established by the laboratory, an Evaluation Technical Report (ETR)is prepared.
- The CCN reviews the report and validates the work performed by the laboratory by issuing the certificate.
At jtsec we recommend that you entrust your product to a reliable laboratory with experience in cyber security certifications. If you want your product to offer the maximum guarantees and be included in the CPSTIC Catalogue, or if you have any doubt about it, do not hesitate to contact us, we are here to help you.
