The CPSTIC is the National Cryptologic Centre's Catalogue of Information and Communication Technology Security Products and Services.
The CPSTIC facilitates the acquisition of reliable security products and services for deployment in ICT systems under the National Security Framework (ENS) or systems that handle Classified Information by public administration bodies or private entities that provide services to them
The CPSTIC is organised in families for which Fundamental Security Requirements are defined.
These products and services offer security guarantees contrasted by evaluation and/or certification processes and, in addition, they have a Secure Employment Procedure (SEP), published as a CCN-STIC guide.
Products and services included in the CPSTIC
Qualified
Suitable for information systems under the scope of the National Security Framework.
Approved
Suitable for handling classified information.
Security compliance and governance
They facilitate the management or implementation of security measures of an information system.
Interested in including products or services in the CPSTIC?
Having products and services in the CPSTIC allows manufacturers to position themselves in the procurement processes of ICT systems that fall under the scope of the ENS, as indicated in RD 311/2022 of 3 May, which regulates the National Security Framework.
To include a product or service in the CPSTIC, see the steps in Inclusion.
