ANSSI – Safe operation of Critical Information Systems

Friday 13 Dec 2019 | Operational |

Regulations for the operation of systems for ‘ELECTRONIC COMMUNICATIONS AND THE INTERNET’ that are considered critical to national / economic security and safety. The regulation specifies the security requirements for these “Critical Information Systems” (CIS).

This is based around the development, implementation and maintainance of an Information Systems Security Policy (ISSP) describing organisation, processes and technical mechanisms to ensure security of the critical system(s). The ISSP is developed and maintained by the CIS operator, based on regular internal audits with remedial action and reported to the regulator.

Audience: Auditor, Technical security practitioner

Resource technology specifics: Generic

Resource type: Guideline

Resource enforcement: Regulatory mandated

Resource certification type: Self-assessment