Making your IS compliant
The challenges of compliance
Data leaks, questionable use of customer information, hacking, etc. The regulatory context is changing to adapt to the digitisation of all processes, protecting users as well as organisations – through different certifications and regulations.
Compliance is intended in particular to protect against potential sanctions, but above all it is a guarantee of credibility with your customers or users.
GDPR
The General Data Protection Regulation (GDPR) is a regulatory text adopted by the European Union that regulates the processing of personal data.
Implementing a solution to manage privileged access contributes to achieving this compliance with GDPR obligations, in particular the obligation to strengthen default security per Article 25(2) of the GDPR.
With a federated portal for sensitive access, you retain visibility and traceability on all accesses to your information system at all times.
The NIS directive
The Network and Information System Security (NIS) directive, adopted by European institutions, aims to raise the level of security for networks and information systems. It is aimed at essential service operators and digital service providers.
In this context, it includes obligations regarding governance and the security of networks and information systems.
Each sector has its own obligations
In particular with the NIS Directive, it is clear that there are areas of activity for which specific regulations govern the security of information systems.
This is why we take your specific characteristics into account, enabling us to support you at all times to respect legal constraints on the management of your privileged accounts.
ANSSI's recommendations
What is ANSSI
Attached to the General Secretariat for Defence and National Security, the French National Agency for Information Systems Security (ANSSI) ensures the security and defence of State information systems and operators of vital importance (OIV) by creating the conditions for a trusted environment.
Beyond this state role, it promotes solutions and know-how developed by French companies.
It provides a service to monitor, detect, raise the alarm and respond to computer attacks.
In this context, it develops best practice guides and a trust label for recognised solutions such as the Security Visa.
Best practice
To enable organisations to maintain their IS in an operational and secure condition, ANSSI publishes a guide which provides useful information to help in the design of secure architectures.
In particular, it recommends the implementation of a “protocol break” as part of traceability requirements, notably through the use of administration bastion solutions.
Security Visas
ANSSI Security Visas enable you to identify reliable and recognised security solutions following an evaluation carried out by approved laboratories using a rigorous and proven methodology. This evaluation takes the form of penetration tests and in-depth analysis to verify the compliance of these solutions with the corresponding requirement frameworks. A Security Visa is delivered, depending on the context and need, by a certification or qualification.
Security Visas are a guarantee of security for users.