CSPN Certification : a guarantee of trust and robustness
Twice already since 2018, our administration bastion PROVE IT has been awarded the CSPN Security Visa by The Frenche Cybersecurity Agency (ANSSI), a concrete proof of its reliability and robustness.
The key role of security certifications
To effectively protect your information system, you need to be able to trust the solutions you deploy. That trust should not rest solely on a vendor's claims, it must be grounded in independent, rigorous and recognised evaluations.
This is precisely the purpose of security certifications delivered by national cybersecurity authorities, which establish demanding evaluation frameworks for cybersecurity products.
Products recognised through these processes demonstrate that their protection mechanisms have been analysed, tested and validated against strict criteria, giving organisations a concrete, independent guarantee in managing their cyber risks.
The CSPN Security Visa
The CSPN ("Certification de Sécurité de Premier Niveau " — First-Level Security Certification) is a French national security certification scheme administered by ANSSI, the French National Cybersecurity Agency. It constitutes an official recognition of a product's robustness against cyber threats, attesting that the evaluated version achieves a level of protection appropriate for its intended use.
The certification is valid for three years, ensuring that the product remains compliant with security requirements over time. The evaluation reference, including its validity date, is a critical detail that should not be overlooked when selecting a solution, particularly for critical components such as a privileged access management bastion.
To assess product robustness, the CSPN evaluation relies on a series of technical tests conducted by an independent evaluation centre (CESTI) accredited by ANSSI. These tests may be carried out :
- In black-box mode, analysing observable behaviour without access to internal mechanisms
- Or in white-box mode, with full access to the technical documentation and source code, enabling a deeper examination of the product's design and architecture (the approach chosen by Rubycat)
The evaluation is conducted within a defined and constrained timeframe, in accordance with the framework set by ANSSI.
Why is CSPN certification a key criterion when choosing a PAM bastion ?
For a Privileged Access Management (PAM) solution, a vendor label is not enough. CSPN certification attests that the product effectively limits the risks associated with privileged accounts and protects sensitive access, a prime target for cyber attackers.
For CISOs and IT Directors, it is proof that the product has demonstrated its ability to withstand targeted attacks and secure critical operations.
This criterion is particularly significant for organisations subject to regulatory constraints, where this type of independent accreditation is frequently recommended or required.
PROVE IT, CSPN-certified since 2018
In 2018, Rubycat was awarded its first CSPN Security Visa for PROVE IT, its bastion software specialised in the control and traceability of sensitive access to IT infrastructure. The certification was renewed in 2023, reflecting a continuous commitment to improvement and compliance with the highest market standards. Both evaluations were conducted in white-box mode, with evaluators granted full access to the source code to analyse the product's architecture and protection mechanisms in depth.
"We are now fully committed to initiating a third evaluation of our administration bastion, reaffirming our long-term dedication to transparency and digital trust. Ensuring the security of our software and therefore of our clients is fundamental to RUBYCAT."
CSPN : A certification also recognised in Germany
Since March 2022, ANSSI and its German counterpart, the BSI (Bundesamt für Sicherheit in der Informationstechnik), have concluded a mutual recognition agreement between the CSPN and BSZ (Beschleunigte Sicherheitszertifizierung) certification schemes. In practical terms, this means that our CSPN Security Visa is officially recognised in Germany by the BSI, with no requirement for a new evaluation.
For organisations operating in a Franco-German or broader European context, this provides an additional layer of assurance : our PAM solution is backed by a certification whose value is officially acknowledged by two leading national cybersecurity authorities.
While CSPN is a national scheme, the rigour of its evaluation process (white-box testing, independent accredited laboratories, mandatory renewal) reflects the same principles that underpin European security standards. For any organisation seeking a trusted, independently validated PAM solution, CSPN certification is a meaningful and substantive quality signal.
PROVE IT: A proven choice for protecting your infrastructure
PROVE IT is currently the only French bastion holding a valid CSPN Security Visa. This reflects our commitment to reliability and transparency: clients and partners can rely on a rigorously evaluated tool to protect their critical infrastructure access, with regular renewal ensuring lasting compliance.
What is CSPN certification and who issues it ?
CSPN (Certification de Sécurité de Premier Niveau) is issued by ANSSI, the French National Cybersecurity Agency. It attests to the robustness and reliability of a software or hardware product against cyber threats, following in-depth testing conducted by an accredited independent evaluation centre.
Why does this certification matter for a product like PROVE IT?
It demonstrates a high level of protection, validated by an independent and recognised authority. For our clients, it is the assurance that our product has proven its resistance against targeted attacks, an essential prerequisite for securing privileged access.
What process must a product undergo to obtain it ?
The process is rigorous : in-depth analysis of the product's design and architecture, followed by penetration testing conducted by an ANSSI-accredited CESTI. These evaluations aim to identify and address vulnerabilities in order to achieve a defined level of resistance.
How can I verify that PROVE IT's CSPN certification is still valid ?
The Security Visa is granted for three years and subject to renewal. You can check the official ANSSI website directly, which maintains an up-to-date list of certified and qualified products.
Discover PROVE IT PAM bastion
Our solutionTake control of your privileged access with our trusted bastion solution