Contact Us

Cybersecurity Services

Independent CSPN and Common Criteria certification accompaniment for security products — from security target drafting to OR response cycles.

About Our Cybersecurity Services

At Private Garden, we accompany security product vendors through the CSPN and Common Criteria certification processes as an independent advisor. We are structurally independent from any CESTI: we do not operate an evaluation laboratory, we hold no ANSSI evaluator accreditation, and we have no commercial or capital link to any CESTI. This is why we can represent your interests without conflict of interest during evaluation. We do not guarantee certification outcomes — those remain decided by ANSSI and the evaluating CESTI — but we do give your product, your documentation, and your team the best possible preparation for the evaluation that lies ahead.

Key Benefits

  • Reduce certification risk by running a realistic pre-audit before the real evaluation starts
  • Shorten OR cycles with expert-drafted responses aligned to ANSSI expectations
  • Protect your engineering time — we handle the certification-specific documentation so your team can focus on the product
  • Keep independence — as a non-CESTI advisor, our interests are aligned with yours, not with the lab’s billing schedule
  • Build a reusable baseline for future products and certification renewals
  • Navigate CSPN and Common Criteria with a team that has worked on both frameworks
  • Sovereign Infrastructure — host your product’s reference deployment and evaluation environment on open-source infrastructure we help you run.
  • Development — upstream OSS sponsorship and client-facing feature delivery for the libraries your certified product depends on.

Our Services

We offer three cybersecurity engagement modes, each tailored to a different certification stage and vendor maturity:

🛡️ CSPN Starter — Full-Cycle Accompaniment

Full CSPN certification preparation for first-time submitters. We draft the security target, cryptographic specifications, and guidance documentation, run a pre-audit (audit à blanc), help your team remediate findings, and carry you through up to three OR (Observation Report) response cycles. We will also help you navigate the French certification ecosystem and determine your actual needs. Ideal when you're bringing your first product to CSPN certification.

🎯 CSPN Focused — Streamlined for Established Vendors

Streamlined CSPN accompaniment for vendors with existing security documentation. We review, adapt, and reinforce what you already have rather than starting from scratch, with two OR response cycles included. Ideal when you've been through CSPN before or have a mature product security program.

🏛️ Common Criteria (CC) Framework

Per-proposal Common Criteria certification support for high-assurance products. We scope each engagement to match your Target of Evaluation, security assurance level, and evaluation context. Includes protection profile selection, security target drafting, and evidence production support.

Our Methodology

Our certification accompaniment follows a structured, phase-driven methodology aligned with ANSSI expectations:

1

Scope Definition

We collaborate with your team to precisely define the Target of Evaluation, the security functions in scope, and the certification goals. For Common Criteria engagements, this includes selecting or drafting an appropriate Protection Profile.

2

Documentation Pack

We draft or review the full documentation set expected by ANSSI: security target, cryptographic specifications, guidance documentation, and architecture descriptions. For the Focused tier, we adapt your existing documents rather than writing from scratch.

3

Pre-Audit (Audit à Blanc)

We run a pre-audit of your product against the declared security functions, exercising the same classes of tests a CESTI would perform, within the limits of our expertise and available means. Findings become your remediation roadmap before the real evaluation starts.

4

Remediation & Hardening

We help your development team address pre-audit findings, harden weak points, and prepare evidence for each declared security function.

5

OR Response Cycles

Once the CESTI evaluation starts, we manage your Observation Report responses — up to three rounds for Starter and two for Focused — drafting technical rebuttals and coordinating any needed code or documentation updates.

6

Certification Closeout

We see you through final ANSSI review and certificate issuance, and document the engagement as a reusable baseline for future products or certification renewals.

Why Choose Private Garden

Private Garden is an independent certification advisor. We are structurally independent from any CESTI (Centre d’Évaluation de la Sécurité des Technologies de l’Information) — we are not an evaluation laboratory, we are not accredited by ANSSI as an evaluator, and we hold no commercial or capital link with any CESTI. This structural separation is a feature, not a limitation: our interests are aligned with yours, not with an evaluation lab’s billing schedule. Our expertise spans networking equipment, Linux systems, virtualization and containerization, IoT devices, and embedded platforms, with deep knowledge of ANSSI’s CSPN and Common Criteria frameworks. Important: certification accompaniment is an advisory engagement — we do not guarantee certification outcomes, which remain the sole decision of ANSSI and the evaluating CESTI.

Get in touch