What is CICLON?
CICLON is the Cloud Product Assessment Methodology, developed by the National Cryptologic Centre (CCN), which establishes the official framework for analyzing and certifying the security of ICT solutions deployed in cloud environments. It was created to address the need to evaluate products against all threat levels defined in the EU Cybersecurity Act and ensure they meet the security functions declared by their manufacturers.

An objective and verifiable process
CICLON defines a structured procedure that details:
- The stakeholders involved in the assessment.
- The documentation required to initiate the process.
- The phases and technical criteria applied by authorized laboratories.
This approach transforms the assessment into an objective mechanism for determining whether the robustness of the cloud product corresponds to the Security Declaration (SD).

Two phases to guarantee security
The methodology combines:
1. Initial assessment
This includes document analysis, functional testing, penetration testing, and cryptographic review.
2. Continuous Monitoring
This allows for maintaining an up-to-date product confidence level through periodic reviews of libraries, components, and environment certifications.
Composite Guarantee Percentage (CGP)
The CICLON result is expressed using the CGP, a clear and comparable indicator that integrates the results of both phases. This value is updated periodically, reflecting the evolution of product security over time.
Key Features of CICLON
- Two distinct phases: initial assessment and continuous monitoring.
- Assessment effort adaptable to the complexity of the service.
- Automation of key process activities.
- Assessment model based on the CGP, updated in each iteration.

A Reliable Framework for Cloud Security
CICLON provides a consistent, verifiable process aligned with current cloud security needs, fostering confidence in the assessed products for both public administrations and private organizations.
Methodology
- CCN-STIC-2010 Cloud Product Evaluation Methodology (CICLON)
- Annex A: Template for the Security Target of Cloud Products Evaluation (CICLON)
- Annex B: Template for the Service Architecture Document of Cloud Products Evaluation
- Annex C: Cloud Product Evaluation Technical Report Template (CICLON)
- Annex D: Cloud Product Monitoring Technical Report Template (CICLON)
- Annex D: Cloud Product Monitoring Technical Report Template (CICLON) - Script
Forms
Contact

PGP Key: Download
FINGERPRINT: 32F0 34D5 DB1D ECF9 A7EC 22C1 3663 50E7 A5F6 4AA3



