Applus+ provides security evaluation services for obtaining the LINCE certification, enabling IT products to be included in the Spanish CPSTIC Catalogue
LINCE, which stands for Certificación Nacional Esencial de Seguridad (Essential National Security Certification), was developed by the Spanish National Crytologic Centre, known as the CCN (Centro Criptológico Nacional). It was developed to fill the need for a lighter evaluation method than Common Criteria, one more suitable for the products that manage sensitive information but without such a high level of threat.
The CCN acts as the certification body for the LINCE scheme, which certifies that a product has successfully passed an authorized security evaluation. This certification enables the product to be included in the Spanish STIC Product Catalogue. The evaluation has the following requirements:
LINCE Certification consists of a base package and the following two optional modules, which allow for increased security assurance:
Consequently, all of the following are combinations of assessment can be undertaken as part of the LINCE Certification scheme:
As a rule, LINCE assessments should be carried out with estimated workloads of around 25 working days for one person, and should take no longer than a maximum of 8 weeks to complete.
For the optional modules (MEC and MCF), an additional 5 working days and 2 weeks’ maximum duration are added for each of the modules. Including the two modules, a LINCE certification must be carried out within 35 working days for one person, with a maximum duration of 12 weeks.
The Catalogue is the list of ICT security products recommended by the Products and Technologies Department of the National Cryptologic Centre, or CCN-PYTEC (Departamento de Productos y Tecnologías del Centro Criptológico Nacional), to be used by the Spanish Administration in the protection of its IT assets.
All of the products listed have been evaluated under cybersecurity certification schemes by accredited and independent laboratories—and under the supervision of the CCN—to ensure that they meet the highest security standards.
The catalogue aims to be a reference for the Spanish public sector, and the companies that provide services to it, in the tendering and purchasing of ICT products. For this, the catalogue makes a distinction between two types of products:
LINCE certification provides access to the STIC catalogue of ENS Medium Category qualified products, while Common Criteria certification provides access to ENS High Category. For more information on inclusion in the catalogue of High Category qualified products, please refer to our STIC Catalogue Guide.
*Except in special cases
Applus+ Laboratories: Experts in Cybersecurity Evaluations
Our various IT laboratories have all the required resources and accreditations for evaluating cybersecurity, as well as extensive, proven experience in security assessments and certification processes. For more information on the optimal route for your product to be included in the ICT security product catalogue, get in touch with our experts.