The SERMA Security Laboratory supports companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 27 years of experience in evaluating IT products, we evaluate these products against requirements set by private and governmental schemes. SERMA Security Laboratory has been a Common Criteria and EMVCo hardware lab since 1998 following the quality management system based on ISO 17025.
THE MAIN MISSIONS OUR SECURITY EVALUATION LABORATORY ARE AS FOLLOWS:
Security assessment
Our laboratory thoroughly examines the preservation characteristics of IT products and systems. As a preventive measure, we inspect software, hardware, networks, information systems, and applications to determine their resilience against threats and intrusion risks.
Pre-evaluation (workshops and security training)
In the pre-evaluation, SERMA Safety and Security analyzes the security of IT products, whether finished or under development. This approach helps identify and fix potential issues before the final stages, thereby reducing risks and costs associated with late-stage corrections. The evaluation may also include specific tests depending on the certification requirements, with interactive feedback provided to the developers.
Site Security Evaluation
SERMA Safety and Security conducts security evaluations of development or production sites, which are required for various certifications. These evaluations can be carried out independently of the products and reused for multiple product evaluations, such as for Common Criteria or EMVCo. We also offer evaluation reports to help clients better understand and demonstrate the security of their sites.
Research and Development
Our security evaluation laboratory conducts research and development to innovate and improve the methods and tools used to test and assess the security of IT products or infrastructures. The main activities include: developing new evaluation techniques, optimizing testing tools, technological watch, collaboration with certification bodies, fundamental research, and more.
OUR SECURITY LABORATORY OFFERS A RANGE OF SERVICES INCLUDING:
Consulting
Training: preparation for certification
- Common Criteria, CSPN
- PCI / FIPS
- Site audit
Design and conception: assistance in product and architecture security
- Secure coding
- Hardware
Documentation writing: Assistance for certification
- Security target, CC documents
- Product guide
- Architecture documentation
Support
- Site audit
- Certification preparation
Expertise
Pre-assessment : preparation for certification
- Pre-certification expertise (CSPN, CC,
FIPS, PCI…)
Penetration testing
- Hardware and software (White, grey, or black box)
- Resistance tests
Audit
- Code audit
- Documentation
- Technical archtecture
Cryptography
- Cryptanalysis
- Cryptographic attacks (SideChannel)
- Protocol evaluation
Evaluation
Site audit
- Common Criteria
- EMVCo
State schemes
- ITSEF: CC under ANSSI accreditation
- FIPS, under NIST accreditation (NVLAP200977-0)
Banking schemes
- EMVCo, Visa, Mastercard, Discover, Amex, GIE-CB, EFTPOS, NAPAS, ELO, SBMP
Private schemes
- Global Platform – SE
- GSMA eSA
- MIFARE 3.1 & Felica
- PCI : PCI-PTS, PCI-MPoC, PCI-SPoC
- PAYCERT ( GIE-CB) : SAFIRE (firmware HSM evaluation), SESIP
- PSA certified
- ISO 19790 (in progress)
WHY COLLABORATE WITH THE EXPERTS FROM THE SECURITY EVALUATION LABORATORY?
Ranked among the top 5 security laboratories in the world
2nd laboratory in the world for Common Criteria evaluation
Experts in formal methods, cryptographie and static code analysis