ANSSI – Safe operation of Critical Information Systems
Regulations for the operation of systems for ‘ELECTRONIC COMMUNICATIONS AND THE INTERNET’ that are considered critical to national / economic security and safety. The regulation specifies the security requirements for these “Critical Information Systems” (CIS).
This is based around the development, implementation and maintainance of an Information Systems Security Policy (ISSP) describing organisation, processes and technical mechanisms to ensure security of the critical system(s). The ISSP is developed and maintained by the CIS operator, based on regular internal audits with remedial action and reported to the regulator.
Audience: Auditor, Technical security practitioner
Resource technology specifics: Generic
Resource type: Guideline
Resource enforcement: Regulatory mandated
Resource certification type: Self-assessment