ANSSI has led the way in France for establishing regulations for the protection of information. So what do these guidelines mean for security managers in the rest of the world?
What is ANSSI?
ANSSI stands for the Agence Nationale de la Sécurité des Systèmes d’Information – the National Agency for the Security of Information Systems. It was created in 2009 and serves as France’s cyberdefence body.
ANSSI is tasked with setting out rules for the protection of information systems being operated in sectors of vital importance.
These sectors are defined as carrying out essential activities that are difficult to replace and the absence of which would constitute a serious threat to the population.
ANSSI identifies 12 sectors of vital importance: transport, military, health, energy, water, finance, civil industry, media, R&D, legal, food and industry.
Relevance of ANSSI
France is the first country in the world to use regulations for developing an effective cybersecurity system to protect critical infrastructure.
It is expected that these regulations could be used as a template by other countries in Europe and possibly beyond.
Impact of ANSSI on Access Control Systems
One aspect of ANSSI's regulations focuses on access control systems.
Specifically the following areas:
- Protecting IDs against the risk of identity theft
- Types of architecture
- Communications encryption
It defines four levels of security for protecting IDs and the recommended security architectures.
You can read about these in more detail in our Guide to ANSSI Certification for Access Control Systems.