Structure

The structure of the STIC Products and Services Catalogue (CPSTIC) is defined in the CCN-STIC 140 guide "Reference taxonomy for ICT security products". It is basically organised in three (3) lists:

Each of them is made up of several categories which, in turn, are made up of several families.

Qualified Products and Services

This list includes products and services that form part of the security architecture of ICT systems that are under the scope of the ENS in one of its BASIC, MEDIUM or HIGH categories, i.e. those that develop their activity in the operational context of the ENS and implement functionalities that increase the security level of the system in one of its dimensions (availability [D], integrity [I], confidentiality [C], authenticity [A] and traceability [T]).

For a product or service to be qualified, it must comply with the Fundamental Security Requirements (FSR) defined for each family, included in the corresponding annexes of the CCN-STIC 140 guide:

Access control Access control
Family Annexes (RFS)
  ENS Alta ENS Media
Control de Acceso a Red (NAC) A.1 A.1M
Dispositivos Biométricos A.2  
Dispositivos Single Sign-On A.3  
Servidores de Autenticación A.4 A.4M
Gestión de Acceso Privilegiado (PAM) A.6 A.6M
Gestión de Identidades (IM) A.7 A.7M
Operational safety Operational safety
Family Annexes (RFS)
  ENS Alta ENS Media
Anti-virus/EPP (Endpoint Protection Platform) B.1 B.1M
EDR (Endpoint Detection and Response) B.2 B.2M
Herramientas de gestión de red B.3 B.3M
Herramientas de actualización de sistemas B.4  
Herramientas de filtrado de navegación B.5 B.5M
Sistemas de gestión de eventos de seguridad (SIEM) B.6 B.6M
Device management tools (UEM) B.8 No Aplica
Sistemas de orquestación, automatización y respuesta de seguridad (SOAR) B.9 No Aplica
Security monitoring Security monitoring
Family Annexes (RFS)
  ENS Alta ENS Media
Dispositivos de prevención y detección de intrusiones C.1 C.1M
Sistemas Honeypot / Honeynet C.2  
Captura, Monitorización y Análisis de Tráfico C.3 C.3M
Herramientas de sandbox C.4 C.4M
Protection of communications Protection of communications
Family Annexes (RFS)
  ENS Alta ENS Media
Enrutadores D.1 D.1M
Switches D.2 D.2M
Cortafuegos D.3 D.3M
Proxies D.4 D.4M
Dispositivos de Red Inalámbricos D.5 D.5M
Pasarelas seguras de intercambio de datos D.6 No Aplica
Diodos de datos D.7 No Aplica
Redes privadas virtuales (IPSec) D.8A No Aplica
Redes privadas virtuales (SSL) D.8B No Aplica
Herramientas de voz por IP (VoIP) D.9A D.9AM
Herramientas de mensajería instantánea (IM) D.9B D.9BM
Herramientas de videoconferencia D.9C D.9C-M
Web Application Firewall (WAF) D.10 D.10M
Redes definidas por software (SDN) D.11  
Protection of Information and Information MediaProtection of Information and Information Media
Family Annexes (RFS)
  ENS Alta ENS Media
Almacenamiento cifrado de datos E.1  
Cifrado y compartición segura de información E.2  
Herramientas de Borrado Seguro E.3 E.3M
Sistemas de prevención de fugas de datos E.4  
Herramientas para firma electrónica E.5 No Aplica
Módulo de Seguridad Hardware (HSM) E.6  
Gestión de metadatos   E.7M 
Protection of Equipment and Services Protection of Equipment and Services
Family Annexes (RFS)
  ENS Alta ENS Media
Dispositivos móviles F.1 No Aplica
Sistemas operativos F.2 No Aplica
Protección de correo electrónico F.3 F.3M
Tarjetas inteligentes F.4 No Aplica
Copias de seguridad F.5  
Plataformas confiables F.6  
Virtualización F.7 F.7M
Balanceadores de carga F.8 F.8M
Herramientas CASB F.9 F.9M
Hiperconvergencia F.10 F.10M
Herramientas de Videoidentificación F.11 F.11M
Infraestructura de escritorio virtual (VDI) F.12 F.12M
Conmutadores KVM F.13  
Sistemas de Gestión de Bases de Datos (DBMS) F.14  
Cloud services Cloud services
Family Annexes (RFS)
  ENS Alta ENS Media
Servicios en la nube G G
Cryptographic mechanisms Cryptographic mechanisms
Family Annexes (RFS)
  ENS Alta ENS Media
Requisitos para mecanismos criptográficos H H
Protection of facilities and infrastructure Protection of facilities and infrastructure
Family Annexes (RFS)
  ENS Alta ENS Media
Cámaras IP   I.1M
Herramientas de gestión de vídeo   I.2M
OT security OT security
Family Annexes (RFS)
  ENS Alta ENS Media
Estaciones de carga de vehículos eléctricos   O.1M
This image for Image Layouts addon

Security product development tools

This image for Image Layouts addon

Other tools

Approved Products and Services

The taxonomy of products approved for the handling of classified information shall be the same as for qualified products together with the following categories:

Protección en entornos tácticos

Protection in tactical environments

This image for Image Layouts addon

Tempest

The Fundamental Security Requirements (FSR) shall be the same as those set out in this guide for qualified products, updated with those specific to encryption products set out in CCN-STIC-130 Approval Requirements for Encryption Products for Handling Classified National Information.

Compliance and Governance Products and Services

The list of Compliance and Governance Products and Services includes products and services that are not part of the security architecture of an ICT system, but which implement functionalities that facilitate compliance with security regulations. This group includes, for example, auditing tools, risk analysis or system/equipment basing.

From the point of view of inclusion in the CPSTIC, no specific requirements have been defined for these products and no certifications are required, although they are assessed in an accredited laboratory.

This list has a single category, Compliance and Governance, which is composed of the following families:

This image for Image Layouts addon

CG.1

Security Governance and Planning

This image for Image Layouts addon

CG.2

Safety and Compliance Regulations

Normativa de Seguridad y Conformidad

CG.3

Risk Analysis and Management

This image for Image Layouts addon

CG.4

Notification and Management of Cyber Incidents

This image for Image Layouts addon

CG.5

Cyber Intelligence Exchange

This image for Image Layouts addon

CG.6

Cybersecurity Awareness and Training

Image
Image
Image
Image