Criteria and methodology for evaluation, in the current versions used by the Body of Certification:
Common Criteria
- CC:2022 Release 1
- ISO/IEC 15408:2022/ ISO/IEC 18045
- ISO/IEC 15408-1:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 1: Introduction and general model
- ISO/IEC 15408-2:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components
- ISO/IEC 15408-3:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components
- ISO/IEC 15408-4:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 4: Framework for the specification of evaluation methods and activities
- ISO/IEC 15408-5:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements
- ISO/IEC 18045:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Methodology for IT security evaluation
Errata to CC:2022 and CEM:2022.
Application of the latest published version of this document is mandatory.
- CC/CEM v3.1 release 5
CCV3.1R5 version is the last from the 3.1 series, and may optionally be used for evaluation starting no later than the 30th of June 2024.
STs conformant to CC:2022 based on PPs certified according to CC3.1 will be accepted up to the 31st of December 2027.
Assurance continuity activities (maintenance, re-evaluation and re-assessment) based on CC 3.1 evaluations can be started for up to 2 years from the initial certification date.
For further information: CCRA transition policy.
LINCE - Certificación Nacional Esencial de Seguridad
- Certificación Nacional Esencial de Seguridad (LINCE) versión 2.0
- CCN-STIC-2001 Definición LINCE
- CCN-STIC-2002 Metodología de Evaluación para la Certificación Nacional
- CCN-STIC-2003 Plantilla para la Declaración de Seguridad de la Certificación Nacional Esencial de Seguridad (LINCE)
- CCN-STIC-2004 Plantilla del Informe Técnico de Evaluación de la Certificación Nacional Esencial de Seguridad (LINCE)
The LINCE methodology is aimed at the evaluation and certification of ICT security products for inclusion in the CPSTIC catalog as a qualified product for systems affected by the ENS with a medium or basic category and can also be used to carry out complementary STIC Evaluations in accordance with what is specified in the CCN-STIC-106 and CCN-STIC-140 guides.
ITSEC/ITSEM
ISO
- ISO/IEC 19790, Security Requirements for Cryptographic Modules
- ISO/IEC 24759, Test Requirements for Cryptographic Modules
The ISO/IEC 19790:2012 and ISO/IEC 24759 standards are aimed at the evaluation and certification of the security requirements of cryptographic modules used within security systems that protect confidential information in computer and telecommunications systems that are of interest to the Public Administration in Spain. Before applying for this type of certification, the CCN must be contacted.



