CICLON

What is CICLON?

CICLON is the Cloud Product Assessment Methodology, developed by the National Cryptologic Centre (CCN), which establishes the official framework for analyzing and certifying the security of ICT solutions deployed in cloud environments. It was created to address the need to evaluate products against all threat levels defined in the EU Cybersecurity Act and ensure they meet the security functions declared by their manufacturers.

CICLON

An objective and verifiable process

CICLON defines a structured procedure that details:

  • The stakeholders involved in the assessment.
  • The documentation required to initiate the process.
  • The phases and technical criteria applied by authorized laboratories.

This approach transforms the assessment into an objective mechanism for determining whether the robustness of the cloud product corresponds to the Security Declaration (SD).

 

CICLON

 

Two phases to guarantee security

The methodology combines:

1. Initial assessment

This includes document analysis, functional testing, penetration testing, and cryptographic review.

2. Continuous Monitoring

This allows for maintaining an up-to-date product confidence level through periodic reviews of libraries, components, and environment certifications.

Composite Guarantee Percentage (CGP)

The CICLON result is expressed using the CGP, a clear and comparable indicator that integrates the results of both phases. This value is updated periodically, reflecting the evolution of product security over time.

 

Composite Guarantee Percentage (CGP)

Key Features of CICLON

  • Two distinct phases: initial assessment and continuous monitoring.
  • Assessment effort adaptable to the complexity of the service.
  • Automation of key process activities.
  • Assessment model based on the CGP, updated in each iteration.

 

CICLON

A Reliable Framework for Cloud Security

CICLON provides a consistent, verifiable process aligned with current cloud security needs, fostering confidence in the assessed products for both public administrations and private organizations.