About CPSTIC

The acquisition of a product or the contracting of an ICT security service for information systems under the scope of the National Security Framework (ENS) or for information systems that handle classified national information must be preceded by a process to verify that the security mechanisms implemented in the product or service are adequate and offer the necessary guarantees. This verification is carried out in evaluation and certification processes, which are considered the only objective means of assessing and accrediting their ability to handle information securely.

In response to this need, the CCN publishes the Catalogue of Information and Communication Technology Products and Services (CPSTIC). The purpose of this catalogue is to offer public bodies a set of reference STIC products or services whose security functionalities related to the object of their acquisition have been certified