Evaluate product security with the LINCE methodology.
The LINCE methodology, developed by Spain’s National Cryptologic Center (CCN), addresses the need for the certification of products for deployment in environments where the threat level is low or medium. We can verify whether your product is in accordance with its specification to determine the effectiveness of the security functions implemented.
LINCE certification from SGS qualifies your products for inclusion in the IT security product catalogs of Spain’s public administration and CCN.
Why choose LINCE certification from SGS?
We can help you:
- Gain LINCE certification for your products and confirm that they are suitable for use in low to medium threat-level environments
- Verify the effectiveness of the security functions implemented in your product
- Qualify your products for inclusion in the IT security product catalogs of Spain’s public administration and CCN
LINCE – a lightweight security evaluation
Based on a Security Target (ST) and documentation provided to your clients, such as user manuals, evaluations can be completed in less than two months. In the event that an evaluation is not successful, the product’s non-conformities can be resolved within a period of six months without the need to conduct the whole evaluation process again.
Compared to Common Criteria, the LINCE methodology has less focus on document evaluation. Evaluators have the same information that is available to a real attacker. 80% of the evaluation effort focuses on testing security functionality, a vulnerability analysis and penetration testing, mostly in a black box setup. This approach allows detection of the most dangerous vulnerabilities at minimal cost.
A LINCE basic evaluation can be augmented with the cryptographic and the source code modules to provide a higher assurance level. These modules increase the evaluation effort by two working weeks.
As leading cybersecurity experts, our state-of-the-art SGS cyberlabs around the world provide you with trusted, impartial testing, verification and certification solutions to help you meet the challenges of cybersecurity.