Case Study

First accredited laboratory to assess ICT product safety

JTSEC has become the first ENAC-accredited laboratory to assess Information and Communications Technology (ICT) product safety according to LINCE methodology, the National Essential Security Certification scheme developed by the National Cryptologic Centre (CCN), which aims to provide more guarantees for cybersecurity certification in Spain.

The LINCE certification and assessment methodology enables assessment of an ICT product’s capability to treat information securely. In addition, this certification is one way for these products to be included in the ICT Security Product Catalogue (CPSTIC), which regulates IT product acquisition in the Spanish administration. With LINCE, products will be recognized as suitable for systems whose security criticality is medium or low according the National Security Scheme (Esquema Nacional de Seguridad, ENS) classification.

This activity’s accreditation also provides an added guarantee that a product has been assessed by a technically competent certification authority, giving the customer an additional level of confidence.

LINCE, an adapted methodology

The LINCE methodology, based on the principles of Common Criteria (the internationally recognised standard to assess security functions and an IT product’s level of trust), was created by CCN for products requiring a medium or low-level security. LINCE aims to pay attention to the critical aspects of each product and give more importance to specific and practical tests in order to fight real threats to dense documentation or comprehensive functionality testing that require Common Criteria for high-category products, helping to therefore reduce the assessment process’ time and effort as well as the manufacturers costs.