You have everything mixed up. And in fact, everything is very simple.
You need an information security system. To do this, invited experts with a FSTEC license for TZKI will conduct a survey, design a protection system using protective equipment. It is precisely the means of protection that can be chosen as certified. If the designed information security system will imply data encryption (for example, traffic from an IS segment to another IS segment), then the invited specialists must also have an FSB license to implement encryption tools.
And actually your information system itself is clean and free. It does not need licenses (and a license is a right to use - why is this concept even here? ..), it does not need certificates (a certificate is a confirmation of any requirements), since its task is to provide business tools, and certify information security tools. To be more precise, you will not certify, but will purchase already certified information security facilities.
It should also be noted that the mandatory use of certified information security facilities is currently defined only for state information systems.
In short, you can divide the task into 2 parts: separate IP, separate IPS.
You can read about protection requirements
- article 19 of the Federal Law 152,
- RF PP 1119,
- FSTEC orders 17 and 21,
- FSB order 378
They are simpler than they seem at first glance.

Need.
Search for yourself, as it will require a deep study of your IP, and this is beyond the scope of free help here.
And it’s better to hire a specialist right away, because. you will still need it to qualify.