CICLON vs LINCE: Raising the Bar for Security in Cloud Services
Jun 29, 2026Digital Trust Stories / Cyber Security / Digital TrustThe cybersecurity landscape is evolving fast - and it's only getting more complex. As digital technologies expand into every corner of our lives, the attack surface grows alongside them.
This is not just a concern for large enterprises. According to Hiscox's 2025 Cyber Readiness Report, 59% of small and medium-sized enterprises (SMEs) experienced at least one cyberattack in the past twelve months.
The numbers speak for themselves: organizations need practical, reliable, and trustworthy evaluations to protect their systems, products, and their customers on the digital ecosystem. That’s why LINCE Certification was created - becoming a pathway toward inclusion in the CPSTIC product catalogue and qualification under Spain’s National Security Framework, the ENS.
But the landscape is shifting again. Artificial Intelligence (AI) and Cloud Computing are accelerating the way products and systems are developed, deployed, and updated. In this context, traditional certification cycles can struggle to keep pace. While LINCE remains a valuable evaluation methodology, it may not always be the best fit for fast-moving cloud services.
The good news? In March 2026, Spain's National Cryptologic Centre (CCN) released version 1.0 of the Cloud Product Evaluation Methodology, known as CICLON. This new methodology responds to the need to evaluate ICT products deployed in the cloud.
Unsure about which certification fits your needs? Let’s break down both methodologies, explore their strengths, and give you the context needed to choose the right path.
What is LINCE Certification?
LINCE Certification is a Spanish cybersecurity evaluation methodology designed for ICT products deployed in environments with basic or substantial security requirements, as defined by EU Cybersecurity Act (Art. 52).
In practice, LINCE is especially useful for vendors that need to demonstrate their products meet recognized security standards and can be trusted in public-sector or regulated areas. Its core value is the pathway it provides toward inclusion in the CPSTIC product catalogue and qualification under Spain’s National Security Framework, the ENS.
For technology providers, this is a key requirement when providing their products and services to public administrations, critical sectors, or organizations that need assurance over the security of the products they deploy.
The methodology is particularly relevant for products with relatively stable architectures and release cycles, where the evaluated version can remain representative of the product over time. This makes LINCE a strong fit for ICT products such as security tools, software products, network components, or other technologies that need formal recognition in the Spanish cybersecurity ecosystem.
What About CICLON? All You Need to Know About Security in Cloud Services
To respond to the need for evaluating the security of ICT products deployed in the cloud, the National Cryptology Center (CNN) decided to create CICLON methodology. This new certification responds to the challenge that traditional certification models were not built to address: security in cloud services and products. As the cloud environment changes quickly, update frequently and they can’t be assessed through the same approach used for more static products.
That’s what makes the real difference between CICLON and LINCE Certification. CICLON is particularly relevant for providers that need to demonstrate ongoing security assurance for cloud services. Despite its structure mirrors LINCE Certification in some ways, with official documentation, templates, and defined evaluation process, it’s adapted to the speed, flexibility, and operational reality of cloud environments.
- Ongoing assurance, rather than a one-time evaluation.
- A methodology adapted to cloud services, frequent updates, and rapid iteration.
- Automated evaluation support to reduce manual effort.
- Dynamic trust scoring, instead of a simple PASS/FAIL outcome.
From LINCE to CICLON: Strengthening Security in Cloud Services
In many cases, the move from LINCE to CICLON is not a replacement of one methodology by another, but a response to how the product is delivered.
While LINCE remains highly relevant for ICT products with stable versions, defined configurations, and evaluate conditions that can be reproduced by a laboratory. However, when that same type of product evolves into a cloud-based service - with continuous updates, third-party dependencies, infrastructure changes, and no physical access for evaluators - the traditional evaluation model can become harder to apply.
This is where CICLON becomes the natural next step. Rather than relying only on a point-in-time evaluation, CICLON introduces an iterative model based on an initial evaluation followed by periodic monitoring. This allows the product’s security posture to be assessed over time, which better reflects the operational reality of cloud services.
For vendors, the transition scenario will appear once a product previously suited to LINCE becomes cloud-native, SaaS-based, or hybrid. In that context, CICLON provides a more appropriate route to demonstrate security assurance for ICT cloud services, while still aligning with the broader objective of supporting trust, qualification, and access to the Spanish public-sector cybersecurity ecosystem.
How DEKRA Supports Your Certification Journey?
On paper, the certification process may seem straightforward. In practice, navigating the paperwork, coordinating with different stakeholders, defining a robust security declaration, and demonstrating how each attack surface is protected requires real technical expertise.
As a CCN-certified laboratory, DEKRA brings a proven track record across a wide range of certifications, including Common Criteria, LINCE, and CPSTIC. Through our streamlined approach, we verify ICT products meet baseline cybersecurity requirements while achieving compliance with regulations and standards.