Search
Close this search box.

Security laboratory

Stay at the forefront with our evaluation laboratory

The SERMA Security Laboratory supports companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 27 years of experience in evaluating IT products, we evaluate these products against requirements set by private and governmental schemes. SERMA Security Laboratory has been a Common Criteria and EMVCo hardware lab since 1998 following the quality management system based on ISO 17025.

THE MAIN MISSIONS OUR SECURITY EVALUATION LABORATORY ARE AS FOLLOWS:

Our laboratory thoroughly examines the preservation characteristics of IT products and systems. As a preventive measure, we inspect software, hardware, networks, information systems, and applications to determine their resilience against threats and intrusion risks.

In the pre-evaluation, SERMA Safety and Security analyzes the security of IT products, whether finished or under development. This approach helps identify and fix potential issues before the final stages, thereby reducing risks and costs associated with late-stage corrections. The evaluation may also include specific tests depending on the certification requirements, with interactive feedback provided to the developers.

SERMA Safety and Security conducts security evaluations of development or production sites, which are required for various certifications. These evaluations can be carried out independently of the products and reused for multiple product evaluations, such as for Common Criteria or EMVCo. We also offer evaluation reports to help clients better understand and demonstrate the security of their sites.

Our security evaluation laboratory conducts research and development to innovate and improve the methods and tools used to test and assess the security of IT products or infrastructures. The main activities include: developing new evaluation techniques, optimizing testing tools, technological watch, collaboration with certification bodies, fundamental research, and more.

OUR SECURITY LABORATORY OFFERS A RANGE OF SERVICES INCLUDING:

Consulting

Training: preparation for certification

  • Common Criteria, CSPN
  • PCI / FIPS
  • Site audit

Design and conception: assistance in product and architecture security

  • Secure coding
  • Hardware

Documentation writing: Assistance for certification

  • Security target, CC documents
  • Product guide
  • Architecture documentation

Support

  • Site audit
  • Certification preparation

Expertise

Pre-assessment : preparation for certification

  • Pre-certification expertise (CSPN, CC,
    FIPS, PCI…)

Penetration testing

  • Hardware and software (White, grey, or black box)
  • Resistance tests

Audit

  • Code audit
  • Documentation
  • Technical archtecture

Cryptography

  • Cryptanalysis
  • Cryptographic attacks (SideChannel)
  • Protocol evaluation

Evaluation

Site audit

  • Common Criteria
  • EMVCo

State schemes

  • ITSEF: CC under ANSSI accreditation
  • FIPS, under NIST accreditation (NVLAP200977-0)

Banking schemes

  • EMVCo, Visa, Mastercard, Discover, Amex, GIE-CB, EFTPOS, NAPAS, ELO, SBMP

Private schemes

  • Global Platform – SE
  • GSMA eSA
  • MIFARE 3.1 & Felica
  • PCI : PCI-PTS, PCI-MPoC, PCI-SPoC
  • PAYCERT ( GIE-CB) : SAFIRE (firmware HSM evaluation), SESIP
  • PSA certified
  • ISO 19790 (in progress)

WHY COLLABORATE WITH THE EXPERTS FROM THE SECURITY EVALUATION LABORATORY?

More than 200 complex security products evaluated annually
Holds numerous accreditations including Common Criteria, EMVCo, GlobalPlatform, PCI PTS, FIPS 10-3, SESIP, SBMP
Over 25 years of exerience

Ranked among the top 5 security laboratories in the world

2nd laboratory in the world for Common Criteria evaluation

Experts in formal methods, cryptographie and static code analysis

To go further

Testimony | The GSMA bears witness to its mission

Testimony | Fime bears witness to its mission

For any questions: