Empowering your products and services to meet the rigorous security standards of the Spanish National Cryptologic Center (CCN) CPSTIC catalogue.
Understanding CPSTIC
The Catálogo de Productos y Servicios de Tecnologías de la Información y Comunicación de Seguridad (CPSTIC) is the official catalogue maintained by the Spanish National Cryptologic Center (CCN). It lists Information and Communication Technology (ICT) products and services that have undergone rigorous security evaluations and/or certifications.
CPSTIC serves as a crucial resource for Spanish public sector organizations and private entities working with them, ensuring they procure secure and reliable technology solutions that align with the National Security Framework (ENS).
Inclusion in the CPSTIC catalogue demonstrates a strong commitment to security and can be a significant advantage when competing for public sector contracts in Spain.
Brightsight: your partner in CPSTIC evaluation
Brightsight is a leading security evaluation laboratory with extensive experience in guiding vendors through the CPSTIC evaluation process. We offer comprehensive services to ensure your products and services meet the stringent requirements for inclusion in the CPSTIC catalogue.
Our CPSTIC evaluation services include:
- LINCE evaluation: We provide expert evaluation services according to the LINCE methodology, a key path for products to be qualified for the CPSTIC catalogue, particularly for ENS Medium and High levels.
- Complementary STIC evaluation: If your product already holds a Common Criteria certificate but requires additional assessment to fully meet specific CCN requirements, our Complementary STIC evaluation service ensures all necessary criteria are addressed.
- STIC evaluation: We conduct thorough STIC evaluations, another recognized pathway to demonstrate the security robustness required for CPSTIC inclusion.
- Guidance and consultation: Our experienced security experts provide comprehensive guidance throughout the entire evaluation process, from initial assessment to final reporting and liaison with the CCN.
- Common Criteria expertise: Leveraging our deep knowledge of Common Criteria, we can help you understand how existing certifications can be leveraged for CPSTIC and identify any necessary supplementary evaluations.
Understanding the Pathways to CPSTIC Inclusion
Brightsight can guide you through the most suitable pathway to achieve CPSTIC listing for your products and services:
LINCE Evaluation
The LINCE methodology is a specific Spanish security evaluation scheme recognized by the CCN for CPSTIC qualification. It focuses on assessing the security functionalities and assurance of ICT products.
Complementary STIC evaluation
For products already holding a Common Criteria certificate, a complementary STIC evaluation addresses any additional requirements or evidence mandated by the CCN for CPSTIC inclusion, ensuring full alignment with their specific needs.
STIC evaluation
The STIC evaluation is another established methodology recognized by the CCN to assess the security of ICT products and services for inclusion in the CPSTIC catalogue.
Bridging Common Criteria and CPSTIC
While CPSTIC has its own specific evaluation schemes (LINCE and STIC), having an existing Common Criteria certification can be a significant advantage. Brightsight's expertise in Common Criteria allows us to:
- Assess the alignment of your existing Common Criteria certification with CPSTIC requirements.
- Identify any gaps that need to be addressed through Complementary STIC evaluation.
- Leverage your existing security documentation and testing efforts to streamline the CPSTIC evaluation process.
Why choose Brightsight?
Ready to achieve CPSTIC inclusion?
Contact Brightsight today to discuss your CPSTIC evaluation needs. Our expert team is ready to help you navigate the process and achieve this important security validation.
