ITSEF* | Security evaluation & expertise

* ITSEF: Information Technology Security Evaluation Facility - Ensure, Guarantee & Certificate the security of all your software & hardware embedded developments

IoT & connectivity
Cyber protection
Defence

The ITSEF analyzes and detects vulnerabilities in your electronic systems, ensuring robust products before time-to-market, with tailored security levels, efficient delivery and personalized support

Our key selling points

Client satisfaction remains the ITSEF’s core concern. The following points are taken into account in each project :

Customer-centric

Our team adapts to each client and offering a realization of projects adjusted to the need and adapted through polyvalent experts and flexible scheduling.
Agile and responsive, we support you in your specific projects, providing tailored, fitted and adaptable solutions.
Different ways possible

Our ethical hackers can perform pentests using either White/Gray Box (product knowledge) or Black Box (external attacker simulation) approaches. The results help enhance the overall security of your system, from interfaces to deep or secret security functions.
Trustworthy

Endorsed by the French Cybersecurity Agency (ANSSI), the French MOD (DGA), and private certification bodies, the ITSEF team possesses the expertise and capabilities to handle sensitive projects. Our evaluators rigorously adhere to strict protocols when managing clients' intellectual property.

Application field

Software

TEE (Trusted Execution Environment)
Secure boot & Element
Firmware
Cryptographic library (PQC)
iOS & Android apps
COTS (OS, Open source, …)

Hardware

TPM (Trusted Platform Module),
IOT Systems (Camera, Access Control …)
Automotive ECU (Electronic Control Unit)
Chip (Passport, banking card ...)
Integrated components (SoC, CPU, memory, FPGA …)
IT systems
COTS (Printer, measuring Instrument …)

One job, two goals.

Whether you are looking for pentests as part of a cyber certification or to get an external perspective on your product's security, our teams support you every step of the way.

Global services offer

Our ITSEF is independent and realizes evaluations in compliance with:

COMMON CRITERIA:

According to EUCC or French National Scheme

Recognized on TIC Hardware, Software, Cryptography & Network
Get certified in CC up to Highest level

CSPN (French First Level Certificate) - through the following accreditation domains:

Intrusion detection
Firewall
Identification, authentication & access control
Secure communication, messaging & storage
Embedded hardware & software
Digital reception terminal

Thales ITSEF is independent and realizes evaluations in compliance for:

IoT: SESIP & PSA certified
Payment Industry (including card payment terminals, Host Card Emulation, chip for bankcard, platform): MasterCard, VISA, American Express, GIE-CB, Discover, EMVCo Software-Based Mobile Payment Evaluation Process (SBMP), Common SECC
TEE: Global Platform
Automotive device: Car Connectivity Consortium
Streaming device & application: Amazon Prime

Help you securing your product before a time-to-market by an expert team:

Pre-evaluation: anticipate your certification by pre-tests & a review of the required documents
Hardware & software pentests: get an external verification of your product
Post-Quantum Cryptography: design & implementation analysis
Artificial Intelligence: support & expertise to ensure the security product against software and hardware attacks

In an environment marked by the increasing use of COTS products within complex systems, coupled with a lack of trust of these third-party technologies that could compromise the integrity of an information system, our team proposes to audit hardware & software security products intended to integrate a critical system.

The service offer is divided into 3 levels, taking into account your budgetary and criticality issues: