Evaluation of the security of ICT products and systems according to certain criteria or regulations, according to the information they handle. Once the results of the evaluation are confirmed, the certification process begins. The CCN performs three types of certification: functional certification, cryptological certification in the case that they handle classified national information and TEMPEST certification.

The evaluation and certification of an ICT security product is the only objective means to assess and accredit the ability of a product to handle information securely.