CSPN assessment and Common Criteria

The CSPN (Certificat de Sécurité Premier Niveau) is a certification issued by the ANSSI, and simplified compared to the Common Criteria.

This certification is also recognised  by the BSI in Germany.

More than 100 product evaluations are available:

• Secure storage: Idemia, Scille, cecurity.com
• Firewall: Geoide
• Protection against malicious code: Hogo
• Identification, authentication and access control: NEDAP, Elsylog, Omnitehc, Surys, Secure systems & services, ARD, ALCEA
• Secure communication: Huawei
• Secure messaging: Virtru
• Industrial programmable controller: Schneider Electric France
• Industrial switch: RSPE
• SCADA: AVEVA, Codra ingénierie informatique
• Digital signature API: LEX Persona

ISO 15408 (Common Criteria) is the standard used by the French ANSSI certification scheme.

It combines two areas of analysis:

• Document compliance
• The effectiveness of security mechanisms.

Product security requirements depend on the target evaluation level.

Several products are evaluated:

• Personal computer and server products: PrimX Technologies, IDNOMIC
• Network products: Senetas, Thales, TheGreenBow, Stormshield

Our team of expert cryptography consultants can assist you with a variety of projects:

• Electronic voting
• Expertise in cryptographic mechanisms, from design to implementation
• Cryptographic architecture review
• Review of cryptographic protocols used (documentary, formal)
• RNG verification
• Anonymisation and GDPR (particularly in the e-health sector)
• Support in the context of the eIDAS Regulation

Oppida has specific, recognised expertise in the assessment process and can assist its clients with:

• Drafting the required documents (e.g. security targets and cryptographic specifications),
• Learning how to use the Common Criteria through training,
• Selecting and supervising the implementation of software products.