Cybersecurity for Defence

Security Evaluation Services for the Defence Sector

We offer security evaluations under the Common Criteria, Lince, MEMeC, and STIC schemes for systems handling classified information, ensuring that products meet the highest standards and obtain the necessary certifications.

ICT Security Evaluations: Common Criteria, Lince, MEMeC, STIC, and FIPS 140-3

We provide evaluation services under different certification schemes required for the approval of these products and their inclusion in catalogs:

• Common Criteria Evaluations: An internationally recognized security scheme for ICT products, applicable to both the civil and defence and security sectors.
• Lince Evaluations: A security scheme specific to Spain, primarily aimed at the approval of products for the Spanish CPSTIC catalog.
• STIC Evaluations: Focused on evaluating products or services developed in the cloud for their inclusion in the CPSTIC catalog.
• MEMeC Evaluations: An evaluation methodology for products whose primary use is based on cryptography. It can be a standalone evaluation or part of a broader evaluation under the previously mentioned schemes.
• FIPS 140-3 Evaluations: A US and Canadian government co-sponsored security standard that specifies security requirements for cryptographic modules in hardware, software, and firmware solutions.

Certification is a key tool for companies to access secure product catalogs at both national and international levels. Depending on the product or the country where the product was developed, the entity managing each catalog may require additional or ad-hoc evaluations.

Spanish Catalog of Secure ICT Products (CPSTIC)

The Catalog of Secure ICT Products (CPSTIC) is an essential reference for the Public Administration in Spain. This catalog includes products approved for handling classified information and qualified products and services for handling sensitive information. Products included in the CPSTIC have undergone rigorous evaluation and certification processes to ensure their security.

List of Approved Cryptographic Products (LACP)

The List of Approved Cryptographic Products (LACP) is a list of cryptographic products approved for the protection of EU Classified Information (EUCI). Products included in the LACP must be evaluated by a national security authority and additionally by a second-party evaluator from another member state, adding an extra layer of rigor and confidence in the product's security. This catalog provides European-wide recognition, facilitating the acceptance and use of these products in multiple EU member states.

NATO Information Assurance Product Catalogue (NIAPC)

The NATO Information Assurance Product Catalogue (NIAPC) provides NATO nations and NATO civil and military bodies with a catalog of information security products, including cryptographic products that are in use or available for acquisition.

Cybersecurity Specialization Areas for Defence

We primarily evaluate products for tactical and secure communication systems for land and air segments in various environments, whether onboard a drone, terrestrial vehicle, or satellite, such as:

• Communication modules
• Mobile VoIP apps (Comsec)
• Mobile phones
• Key managers and loaders
• IP and offline encryptors
• Hardware Security Modules (HSM)
• Data diodes

A Cybersecurity Partner for the Defence Sector

We are committed to providing high-quality evaluation services that ensure the resilience of defence systems against cyberattacks. We work closely with our clients to ensure that their products meet the highest security standards and obtain the necessary certifications for inclusion in secure ICT product catalogs.

Testing of Electrical and Electronic Products

Beyond cybersecurity, Applus+ Laboratories also offers EMC, climatic, and vibration testing services to evaluate electrical and electronic products under the main aerospace and defence standards such as RTCA DO-160, MIL-STD 461, MIL-STD 810, and MIL-STD 464, among others.