Oppida is approved by the ANSSI as a CESTI laboratory and intervenes in the software fields to:

  • Performing Common Criteria evaluations (ISO 15408)
  • Carry out First Level Security Certification (FNSC) assessments
  • Assist our clients in their evaluation process

Evaluation is a technical assessment of a product with regard to the robustness of the security mechanisms it implements. The analysis is in-depth according to the chosen criteria. A certification is the result of a successful evaluation.

Evaluation Common Criteria

ISO 15408 (Common Criteria) is the standard used by the French certification scheme of the ANSSI.

It combines two axes of analysis: documentary conformity and the effectiveness of security mechanisms. The security requirements of the product depend on the level of evaluation targeted.


Several products evaluated:

  • Personal computer and server products: PrimX Technologies, IDNOMIC
  • Network products: Senetas, Thales, TheGreenBow, Stormshield

CSPN Assessment


The CSPN (Certificat de Sécurité Premier Niveau) is a certification issued by the ANSSI, and simplified in relation to the Common Criteria. 
This certification is also recognised by the BSI in Germany.


More than 100 product evaluations:

  • Secure storage: Idemia, Scille, cecurity.com
  • Firewall: Geoide
  • Malicious code protection: Hogo
  • Identification, authentication and access control: NEDAP, Elsylog, Omnitehc, Surys, Secure systems & services, ARD, ALCEA
  • Secure communication: Huawei
  • Secure messaging: Virtru
  • Programmable industrial controller: Schneider Electric France
  • Industrial switch: RSPE
  • SCADA: AVEVA, Codra ingénierie informatique
  • Digital signature API: LEX Persona



Our team of expert consultants in cryptography can assist you on various projects:

  • Electronic voting
  • Expertise in cryptographic mechanisms, from their design to their implementation
  • Cryptographic architecture review
  • Review of the cryptographic protocols used (documentary, formal)
  • Verification of RNG
  • Anonymisation and RGPD (especially in the e-health field)
  • Support in the context of the eIDAS regulation

 Assessment Assistance


Oppida has specific and recognised expertise in the evaluation process and can assist its clients in:

  • the drafting of the required documents (e.g. security target and cryptographic specifications),
  • getting to grips with the Common Criteria in the context of a training course,
  • the decision and supervision of the implementation of software products.


choose Oppida?


A "tailor-made" offer

Expertise, assessment and consulting services to manage your digital risks.

A trusted third party

The approvals and accreditations obtained are all guarantees that help to ensure the absence of external pressure and the confidentiality of the work carried out.

Recognised expertise

Oppida is PASSI LPM qualified "information systems security audit providers qualified for national security purposes".