Oppida is approved by the ANSSI as a CESTI laboratory and intervenes in the software fields to:

  • Performing Common Criteria evaluations (ISO 15408)
  • Carry out First Level Security Certification (FNSC) assessments
  • Assist our clients in their evaluation process

Evaluation is a technical assessment of a product with regard to the robustness of the security mechanisms it implements. The analysis is in-depth according to the chosen criteria. A certification is the result of a successful evaluation.

Evaluation Common Criteria

ISO 15408 (Common Criteria) is the standard used by the French certification scheme of the ANSSI.

It combines two axes of analysis: documentary conformity and the effectiveness of security mechanisms. The security requirements of the product depend on the level of evaluation targeted.

 

Several products evaluated:

  • Personal computer and server products: PrimX Technologies, IDNOMIC
  • Network products: Senetas, Thales, TheGreenBow, Stormshield

CSPN Assessment

""
""

The CSPN (Certificat de Sécurité Premier Niveau) is a certification issued by the ANSSI, and simplified in relation to the Common Criteria. 
This certification is also recognised by the BSI in Germany.

 

More than 100 product evaluations:

  • Secure storage: Idemia, Scille, cecurity.com
  • Firewall: Geoide
  • Malicious code protection: Hogo
  • Identification, authentication and access control: NEDAP, Elsylog, Omnitehc, Surys, Secure systems & services, ARD, ALCEA
  • Secure communication: Huawei
  • Secure messaging: Virtru
  • Programmable industrial controller: Schneider Electric France
  • Industrial switch: RSPE
  • SCADA: AVEVA, Codra ingénierie informatique
  • Digital signature API: LEX Persona

 Cryptography

""
""

Our team of expert consultants in cryptography can assist you on various projects:

  • Electronic voting
  • Expertise in cryptographic mechanisms, from their design to their implementation
  • Cryptographic architecture review
  • Review of the cryptographic protocols used (documentary, formal)
  • Verification of RNG
  • Anonymisation and RGPD (especially in the e-health field)
  • Support in the context of the eIDAS regulation

 Assessment Assistance

""
""

Oppida has specific and recognised expertise in the evaluation process and can assist its clients in:

  • the drafting of the required documents (e.g. security target and cryptographic specifications),
  • getting to grips with the Common Criteria in the context of a training course,
  • the decision and supervision of the implementation of software products.

Why

choose Oppida?

1

A "tailor-made" offer

Expertise, assessment and consulting services to manage your digital risks.
""

A trusted third party

The approvals and accreditations obtained are all guarantees that help to ensure the absence of external pressure and the confidentiality of the work carried out.
3

Recognised expertise

Oppida is PASSI LPM qualified "information systems security audit providers qualified for national security purposes".