MENU
OUR SERVICES

Stay at the forefront of security with our evaluation laboratory!

Our SERMA Safety and Security security evaluation laboratory assesses the level of security of your products and computer systems with the aim of achieving certification. Like a security operations center, it assesses risks and ensures the optimal protection of your infrastructure, grants trust certifications, and provides expert advice. Its purpose is to ensure the resilience of your systems and software against hackers and to mitigate risks. An essential process to identify cyber threats and ensure your security policy.

CESTI microscope electronique

The main missions of SERMA Safety and Security’s security evaluation laboratory

From inspection to certification, our SERMA Safety and Security laboratory performs several distinct missions.

Security Evaluation:

Our laboratory thoroughly examines the security features of computer products and systems. As part of a preventive approach, we inspect software, hardware, networks, information systems, and applications to assess their resilience against threats and intrusion risks.

Compliance with Security Standards:

Our security experts verify whether products and systems comply with the current security standards and adhere to the regulatory requirements established by governments and organizations.

Security Testing:

We conduct penetration tests (pentests) to assess the vulnerability of your infrastructure to cyberattacks and identify potential weaknesses in order to develop an action plan.

Security Certification:

Our laboratory thoroughly examines the security features of computer products and systems. As part of a preventive approach, we inspect software, hardware, networks, information systems, and applications to assess their resilience against threats and intrusion risks.

Research and Development:

Our computer experts continually research newly identified threats and defense methods to stay up-to-date on prevention.

The crucial role of the evaluation laboratory in the security of the ever-evolving cybersecurity landscape.

Our SERMA Safety and Security security evaluation laboratory plays an indispensable role in both the public and private sectors. We ensure the general principles of prevention for widely used computer products and systems

We annually assess more than 200 complex security products, ranging from electronic chips to complete hardware systems in a preventive approach. We have numerous accreditations, including Common Criteria, EMVCo, GlobalPlatform, PCI PTS, FIPS 140-3, SESIP (in progress), and SBMP.

We contribute to enhancing trust in the use of technologies and information. We ensure their resilience against the major risks of a cyberattack by providing appropriate certifications.

From the initial design to certification, our expert teams have been assisting you for 25 years in safeguarding your connected products and IT solutions. We belong to an independent group in the industry, with national institutes, all publishers, and manufacturers.

The majority of our clients are international public organizations or private companies operating in various risk-sensitive domains where security is a concern.

Our testing capabilities are extensive and adaptable to your product needs and constraints:

  • Fault Injection (Laser, EM, Power)
  • Listening stations, protocol analyzers, capture
  • Probing and micro-probing
  • Component opening (chemical, mechanical)

Versatile and innovative means for comprehensive assessments of your computer security.

Backed by an electronic group, we have advanced tools for hardware evaluations (X-Ray, FIB, microscopy, chemistry). Continuously evolving, we develop our own tools for software and hardware attacks to conduct comprehensive assessments. Our laboratory is in constant evolution and benefits from significant investments in equipment, software, and R&D.

The various services offered by our security evaluation laboratory:

Consulting

Training: Certification Preparation
  • Common Criteria, CSPN
  • PCI / FIPS
  • Site Audit
Design and Development: Assistance in Securing Products and Architectures
  • Secure coding
  • Hardware
Documentation Writing: Certification Assistance
  • Security Target, Common Criteria Documents
  • Product Guide
  • Architecture Documentation
Support
  • Site Audit
  • Certification preparation

Expertise

Pre-assessment: Certification Preparation
  • Preparatory Expertise for Certification (CSPN, CC, FIPS, PCI…)
Penetration testing
  • Hardware and Software (White Box, Grey Box, or Black Box)
  • Resilience Testing
Audit
  • Code Audit
  • Documentation
  • Technical Architecture
Cryptography
  • Cryptanalysis
  • Cryptographic Attacks (Side-Channel)
  • Protocol Evaluation

Evaluation

Site Audit
  • Common Criteria
  • EMVCo
State Diagrams
Banking Schemes
  • EMVCo, Visa, Mastercard, Discover, Amex, GIE-CB
  • NSPK, EFTPOS, NAPAS, ELO
Private schemes
  • Global Platform – SE
  • GSMA eSA (in progress)
  • MIFARE 3.1 & Felica
  • PCI : PCI-PTS, PCI-MPoC, PCI-SPoC (in progress)
  • PAYCERT ( GIE-CB) : SAFIRE (evaluation of firmware HSM)
  • PSA certified

You want to meet us

Contact us