Oppida, the Apave Group's specialist cybersecurity subsidiary, supports players in the defense and aerospace industries in managing digital risks. As an expert in operational systems (OS), weapons systems and classified infrastructures, Oppida works across the entire value chain, from classified infrastructures to the most complex systems.
Contact a Defense homologation expert

Securing Operational Systems (OS) and Weapon Systems

Against a backdrop of heightened geopolitical tensions, protecting the DITB (Defence Industrial and Technological Base) is a national priority. Oppida works across the entire value chain to secure your most sensitive assets.

Support for the certification of critical, industrial, embedded and classified information systems (IS)

Certification is not just a regulatory constraint, it's a guarantee of sovereignty. Certification is more than just a legal obligation: it is a structuring process for the implementation of an information system whose residual risks are controlled and accepted. It may be imposed by a public-sector sponsor, particularly in the context of strategic projects for the State.

We guide project managers through each stage of the process to secure theAuthorization to Operate. The approval process differs according to the various regulations: IGI 1300, IM 900, II 901, LPM, DIR 39, etc., which adds complexity to the project.

An end-to-end compliance process for which Oppida's support enables you to gain in efficiency and security

  1. Strategy & Framing: Identification of approval authorities (DGA, ANSSI...etc), definition of IS scope and criticality.
  2. RM EBIOS Risk Analysis: In-depth studies based on the national reference method.
  3. Security file preparation: Drafting of the PSSI, architecture file and logging procedures.
  4. Homologation Commission: Pre-commission preparation and support to maximize your chances of success.

Audit and Resilience of Critical Infrastructures

As part of the certification process, audits may be required to validate the compliance and robustness of the information system. In addition, even after certification, resilience audits of critical infrastructures test their ability to maintain their essential functions in the face of cyber threats or major incidents. These assessments, whether integrated into the certification process or carried out on an ongoing basis, are an essential lever for guaranteeing security and service continuity.

  • Certification audits: PASSI LPM audits of your classified information systems
  • Industrial Networks & Production : Comprehensive cybersecurity audits of production lines and securing flows between IT and OT.
  • Embedded Systems & Mobility: Security assessment of software/hardware components for armored vehicles, submarines and aircraft carriers.
  • Maintaining Security Conditions (MCS) : Resilience strategies to guarantee the availability of systems throughout their operational lifecycle.
Unique expertise in France: PASSI LPM & CESTI Laboratory

What sets Oppida apart in the French market is the fusion of field auditing and product evaluation.

  • PASSI & PASSI LPM qualification: Our auditors are qualified to carry out architecture and configuration audits and penetration tests on the most sensitive infrastructures, in compliance with the most stringent ANSSI and MINARM requirements.
  • CESTI laboratory (Common Criteria & CSPN) : Our CESTI accreditation enables us to carry out Common Criteria and CSPN assessments, and therefore gives us a certain knowledge of certified products, necessary for certain approved information systems. We assess the intrinsic robustness of critical components before they are integrated, giving us in-depth knowledge of hardware vulnerabilities.
Expertise
Contact a Defense homologation expert

Expertise for sovereignty and regulatory compliance

As a trusted partner, we place the protection of national defense secrets at the heart of our intervention processes. Our experts, specialized in Information Systems Security (ISS), intervene on highly sensitive perimeters where data confidentiality and integrity are vital. From the definition of security policies to the final audit, we keep a constant watch to ensure that your systems remain aligned with the highestANSSI and MINARM standards, thereby protecting your strategic interests and information assets over the long term.

Apave & Oppida synergy: the convergence of physical and digital security

The merger with the Apave Group enables us to offer a global response to safety issues. In modern industry, personal safety (Safety) and digital security (Cyber) are intrinsically linked.

Multidisciplinary expertise

Protecting people, machines and data.

Durability

The strength of a major group to support defense projects over the long term.

Innovation

An in-house research laboratory to anticipate tomorrow's attack modes.

Further information

Support
Defense: reliable equipment and systems
Training
Digital risks cybersecurity, safety, malicious acts

FAQ Cybersecurity for Defense and Industry (OT): our answers to your questions

  • Why choose a PASSI LPM-qualified service provider for your audits?

    PASSI LPM (Prestataire d'Audit de la Sécurité des Systèmes d'Information) qualification is required by the ANSSI to work on the critical systems of Operators of Vital Importance. Calling on Oppida means guaranteeing that our auditors have the technical skills,ethics andclearance (Secret Défense) required to handle sensitive data and provide reports directly usable by the DGA or MINARM.

  • What's the difference between a PASSI audit and an CESTI evaluation?

    The PASSI audit focuses on how a system is deployed and configured (architecture, network, penetration tests). The CESTI (Centre d'Évaluation de la Sécurité des Technologies de l'Information) assessment focuses on the product itself (software or hardware components). Oppida combines these two areas of expertise to offer a 360° view: we verify not only that your system is well built, but also that the products that make it up are intrinsically robust(Common Criteria, CSPN). To find out more

  • How does the EBIOS Risk Manager method facilitate certification?

    The EBIOS Risk Manager method, promoted by ANSSI, is the standard for risk analysis in France. It enables us to move from a purely technical approach to one based on threat scenarios (cyber-attacks, sabotage, espionage). At Oppida, we use this method to structure your approval file, thus facilitating dialogue with the authorities and obtaining theAutorisation d'Exploitation.

  • Does the NIS2 directive apply to DTIB players?

    Yes, the NIS2 directive considerably broadens the scope of regulated entities. Many Defence Industrial and Technological Base (DITB) subcontractors, previously less exposed, are now considered "Essential Entities" or "Important Entities". Oppida can help you anticipate these new security and incident notification obligations.

  • Why is the synergy between Apave and Oppida an asset for the industry?

    In industry and defense, digital security (Cyber) and physical security (Safety) converge. Hacking into an industrial system (OT) can have real physical consequences on machines or people. By combiningApave 's long-standing expertise in industrial risk management withOppida 's cybersecurity expertise, we offer a unique "Global Safety" approach.

Do you have a specific question about your certification project? Our accredited experts will get back to you within 48 hours.

Contact a Defense homologation expert

Our latest

news