National Essential Security Certification

LINCE Certification: Your Agile Path to the Spanish Market

Fast-track your product's entry into the Spanish public sector. We manage the entire LINCE evaluation end-to-end, turning a complex process into your clear path to market.

Get a Quote See Our Process
LINCE Certification Hero
Get a Quote

Methodology Experts

Deep knowledge of the LINCE methodology to guide and advise you throughout the entire process.

Collaborative Approach

We work with your team as a true security partner, not just as an auditor.

Agile & Transparent Process

Clear communication and a process with no surprises for a successful and predictable outcome.

What is the LINCE Methodology?

LINCE is the security evaluation methodology from Spain's National Cryptologic Center (CCN), designed to be an agile and cost-effective path to certification.

Our role is to act as your expert partner, handling all necessary preparations and conducting a comprehensive evaluation of your product. We manage the entire process so you can focus on your product.

See the official CCN methodology →
Logo LINCE

LINCE

Agile cybersecurity certification

LINCE vs. Common Criteria

A practical comparison for companies targeting the Spanish market.

LINCE Logo LINCE
CC Logo Common Criteria / EUCC
Primary GoalFast CPSTIC Inclusion & Spanish Market AccessInternational Recognition
Core FocusFunctional Tests and Vulnerability AnalysisExhaustive Process & Documentation Audit
Time & EffortLow (Weeks)High (Months/Years)
CostAffordableSignificant Investment

Key Benefits of LINCE Certification

Access the Public Sector

LINCE is your key to unlocking public administration tenders and contracts in Spain.

Gain a Competitive Edge

Differentiate your product in a crowded market with an official security seal recognized by the Spanish government.

Build Customer Trust

Demonstrate compliance with ENS, increasing confidence among your customers.

Improve Product Security

The evaluation process provides valuable insights to identify and remediate vulnerabilities, making your product stronger.

Our Process, Your Peace of Mind

We guide you step-by-step, from the initial analysis to obtaining the certificate. A clear path with no surprises.

1

Initial Analysis, No Commitment

We discuss your product and goals. We provide a clear, no-cost assessment to define the best path forward together.

2

Preparation and Strategy

We prepare key documentation, such as the Security Target, ensuring everything is aligned with LINCE requirements from the start.

3

Technical Evaluation

Our evaluation team tests your product. We conduct a thorough analysis, including vulnerability scanning and penetration testing, to identify any security gaps.

4

Findings Report and Support

We provide a clear report with our findings and work side-by-side with your team to ensure they understand how to effectively address them.

5

Verification and Report Issuance

Once corrections are applied, we verify that everything has been resolved and issue the evaluation report to the Certification Body.

6

Objective Achieved: Certification

The Certification Body reviews our report and issues the official certificate. Your product is now visible in the CPSTIC Catalogue, opening doors to new opportunities.

The Direct Path to LINCE Certification

Certification doesn't have to be a maze. We offer a direct, predictable route so you can focus on your product, not the bureaucracy.

  • No surprises or cost overruns: We anticipate. We perform a pre-evaluation that brings issues to light before they become an obstacle. Your team will have our support to solve them, saving time and money.

  • Access new opportunities sooner: Time is crucial when public tenders are on the line. Our streamlined process is built for speed, helping you get certified and ready to bid without unnecessary delays.

  • We Steer the Process: We handle everything from start to finish. We prepare the documentation, perform the evaluation, and manage all communication with the CCN to ensure a direct journey to certification.

  • Expert and Continuous Support: We work side-by-side with your development team to ensure they understand and effectively remedy every finding.

Is LINCE for my product?

Our evaluation is the ideal first step for:

  • Software and application developers
  • IoT and hardware device manufacturers
  • Products needing CPSTIC inclusion for tenders
  • Companies looking for a first step before Common Criteria
Talk to an Expert

Frequently Asked Questions

Who issues the official LINCE certificate?
The official certificate is granted by the Certification Body (CB) of the National Cryptologic Center (CCN). We manage the entire technical evaluation, delivering a comprehensive report directly to the CB that is meticulously designed to make final validation a seamless formality
How long does the LINCE evaluation process take?
Although it varies depending on the product's complexity, the technical evaluation part usually takes 4 to 8 weeks. This timeframe can vary based on the results. We ensure the process is as agile and efficient as possible.
Is our product a good fit for LINCE?
LINCE is ideal for on-premises software, applications, IoT devices, and hardware that need a robust yet agile security validation. It's the most direct path to getting listed in the CPSTIC (ICT Security Product Catalogue). For Cloud products, a STIC evaluation is the designated path. Contact us for a no-cost feasibility analysis.
What happens if vulnerabilities are found in my product?
This is a normal and expected outcome. Our goal is to improve your product. We will provide you with a clear and detailed report with the identified vulnerabilities and work with your team so they understand the findings and can effectively remediate them before issuing the final report to the CCN.
What is the Security Target?
The Security Target is the core document of the evaluation. It defines the product, its security features, and how it meets the requirements. Don't worry about its complexity, our team handles the entire process of writing the Security Target for you. It is a fundamental part of our service, ensuring the document is robust and perfectly aligned with the CCN's expectations.
What is the validity period of the certification?
The LINCE certification is valid for 2 years, after which it needs to be renewed. This renewal process includes a new evaluation to ensure the product continues to meet the established security requirements.
What if we update our certified product?
A LINCE certification is tied to a specific product version. To list a new version in the CPSTIC Catalogue, just contact us. We will perform a gap analysis to assess the changes and, if needed, conduct targeted testing to issue the updated report for the new version.
How much does a LINCE certification cost?
The cost depends on the type of product. However, our process is designed to be the most cost-effective on the market. We provide fixed-price projects with no hidden fees. Contact us for a free, no-obligation quote tailored to your product.
Is LINCE certification a direct path to the CPSTIC Catalogue?
Yes. For most on-premises products, LINCE is the fastest and most direct route to being listed in the CPSTIC Catalogue, which is essential for selling to the Spanish Public Administration. For cloud-based products, a STIC evaluation is the appropriate path, which we also manage.

Ready to Certify Your Product?

Schedule a free, no-obligation consultation to analyze your product and get a clear roadmap.