Common Criteria Certification

Third party certification provides the client with independent and impartial confirmation that a product complies with a specification document or published technical specifications. These technical specifications may or may not be drafted within a normative framework.

Publish the 09 August 2022 Updated 16 November 2023

Decree 2002-535

The decree 2002-535 dated 18 April 2002 relating to the evaluation and certification of the security offered by information technology products describes the French certification framework for security products and systems.
The French Network and Information Security Agency (ANSSI) is responsible for examining certifications according to the directives given by the certification management committee.
Certification is based on evaluation studies conducted by laboratories licensed by the French Prime minister and accredited by the French accreditation committee (COFRAC) according to the standard NF EN ISO/CEI 17025. These laboratories are commonly referred to as Information Technology Security Evaluation Facilities (ITSEF). The evaluations are conducted in accordance with specifications or standards specified by the ANSSI. 


Certificates issued by the ANSSI by delegation from the Prime minister certify that the certified products comply with a technical specification referred to as the security target.
This security target may itself be certified in accordance with a specification document referred to as the protection profile. The protection profile is used to express high-level requirements and may be shared by a community of interests such as the banking, healthcare, transport community, etc.
Certified products or systems may bear the “IT Security Certification” mark below:

International recognition

By virtue of the international agreements signed by the ANSSI, the certificates issued may be recognised outside France.

Certificate maintenance

The certificate certifies, on the day of signature, the compliance of a specific version of a product or system with the requirements listed in its security target.
To extend confidence in this compliance over time or facilitate the certification of the upgrades of a previously certified product, the certification body offers certificate maintenance packages.
The evaluation and certification proceduresspecifications and standards specified by the ANSSI are published on this site.
Contact certification body: certification.anssi [at]