PAe - the first standard english together to the evaluation of cyber-based ICT products in LYNX
accesskey _ mod _ content

The first standard english together to the evaluation of cyber-based ICT products in LYNX

29 january 2021

The standard UNE 320001 establishes the requirements and defines the frame of reference in the area of cyber security assessment of ICT products.

The Spanish association for Standardization (Opens in new window) (A) has published the norm UNE 320001 (Opens in new window) Evaluation methodology LYNX to cybersecurity ICT products, thus becoming the first standard english for the assessment of cyber-ICT products based on the methodology LYNX. UNE helps to achieve success in the digital processing companies in Spain, through the standards.

UNE 320001 sets basic requirements and defines the frame of reference in the area of cyber security assessment of ICT products. LYNX is the first and most recognized certification of cybersecurity in Spain for levels of income and low-security, which demonstrates the maturity of the industry in Spain. It was developed three years ago by the CCN (Centre National Cryptographic) (Opens in new window) in order to assess ICT products of medium and low security at an affordable price by the developer. Now, becomes a standard UNE.

A standard certification LYNX allows, in addition to improving the safety of the product being evaluated and be carried out within a time and effort have been invaded, resulting in which they are accessible to all kinds of developers. It also enables access to assistive technologies catalogue CPSTIC Security, used as a model of cybersecurity in spain for ICT products, recommended by the Ncc. For a certificate under the methodology LYNX you need an an accredited laboratory.

Before the existence of lynx, cyber security certificates under which could be evaluated ICT products were the ones described in the international level, for example, Common Criteria. This type of standards aimed at high levels of security, require an effort, time and cost inasumibles are many companies, especially smes. For this reason born Lynx, a methodology of the so-called light "" which allows the expansion of the concept of cyber security certification at the national level.

This rule has been developed in the technical committee for CTN320 for a, with the participation and consensus of all parties involved. Thanks to the creation of a working group that was in charge of drawing up different versions after the various comments that have arisen, with the common interest of the industry.

Towards a european LYNX

LYNX is an idea born from other light certifications have been implemented in other european countries. The needs of different governments across europe have established national certifications of cybersecurity. This is the case of BSZ (Germany), CSPN (France), BSPA (Netherlands) and LYNXES (Spain). These are all certifications Agile and light weapons, focusing on vulnerability analysis and tests of penetration, with a concerted effort and a limited duration.

The development of all these methodologies and its certification directly corresponding to each country. This is creating a small fragmentation in the market that requires a lightweight scheme (or predetermined) at european level in order not to certify products in each country.

Indeed, in europe is creating a new standard that attempts to alleviate market fragmentation: FITCEM (Fixed-Time Cybersecurity Evaluation Methodology for ICT products) developed by CEN/CENELEC JTC13 WG3, for which approval is expected in the coming months.

A product that has passed a european certification will be competitive advantages in europe without having to carry out the certification to the national level in each country.

The adoption of Standard UNE 100 will promote the recognition of the methodology LYNX at european level and will allow manufacturers to prepare for future european regulations.

Original source of news (Opens in new window)

  • Security
Subscribe to the youtube channel of OBSAE
Subscribe to the youtube channel of OBSAE