The trusted alternative to mass market instant messaging solutions
Boost communication by inviting thousands of members in dedicated chat rooms!
Comment pouvons-nous vous aider ? Vous trouverez l'aide qu'il vous faut.
S'enregistrer ou se connecter directement sur la plateforme Citadel Team
L'application est disponible sur toutes les plateformes.
Cryptobox provides businesses and organizations with a sharing and collaboration solution to secure internal and external exchanges, using end-to-end encryption.
Cryptobox is the first secure sharing and collaboration solution to provide end-to-end data encryption, whether your device is a smartphone or a computer.
The digital transformation affects all businesses and organizations, from the smallest to the largest. This transformation brought about by technological developments offers many benefits:
To meet the new challenges of mobility and remote work, Ercom has developed Cryptosmart PC, a sovereign VPN solution to secure the connections of your remote Windows computers.
Cryptosmart is the only “Restricted” French & NATO certified solution, jointly developed with Samsung, to secure end-to-end mobile communications on consumer devices.
Cybels Hub DR, the first "Restricted" level accredited cloud solution to help inter-entity collaboration in a secure environment with partners! Collaborate in voice or videoconferencing, exchange data with your partners, all at the "Restricted Distribution" level, on a cloud operated and secured by Thales.
Posted 7 février 2023
What is “Restricted distribution”?
“Restricted Distribution” (“Diffusion Restreinte” or DR in French) is a designation identifying the level of protection for unclassified sensitive information.In a context of increased digitalization and exchange of documents between private and public entities, French or foreign partners, the French Interministerial General Instruction no. 1300 [1] regarding the protection of national defense secrets includes a new classification scheme for government information, with defined rules for its protection and processing. This directive identifies two categories of non-public information:
The Restricted designation is intended to provide protection for non-public information that is not covered by the national defense and security classification. Access, unauthorized dissemination or misappropriation of information protected by this designation:
The main purpose of the Restricted designation is to remind users of their duty of discretion, and the disciplinary or administrative sanctions they are exposed to in case of violation.
France is not the only country with a classification policy to protect its sensitive information. The Restricted designation has equivalents in the security policies of the European Union - EU restricted - and of NATO - NATO restricted. Their purpose is to protect the interests and information related to the political, military, diplomatic, scientific, economic or industrial strategies of these international organizations against the risk of disclosure or unauthorized access. Finally, there are additional protective designations created to exclude access to foreign individuals and organizations, even if they are authorized. This is the objective of the "Special France" or "Special France and [countries] eyes only" designation in a multinational program.
What is the regulatory framework for CIOs and CISOs who must ensure the security of restricted information?Organizations that process Restricted information must comply with the requirements of interministerial instruction no. 901/SGDSN/ANSSI (II 901) related to sensitive or Restricted information systems, which defines security measures and rules for the implementation of a Restricted approved information system.The requirements of II 901 apply to:
These requirements structure the protection of Restricted information processed by an organization, to meet the need for business continuity, protection of its reputation, prevention of data breach, and help secure the organization’s people and assets.
These measures are also based on existing technical standards and recommendations of the French National Agency for Information Systems Security (ANSSI). ANSSI has developed a “Recommendations for the architecture of sensitive or restricted information systems” guide to implement II 901 measures in the design of the information system (IS) architecture hosting Restricted information. The primary concern of this guide is to provide technical advice for the architecture of sensitive IS and Restricted. Some technical aspects are not covered in the guide, such as physical and environmental security, security related to IT developments, telephony over IP, access control information systems [2] ... It is therefore necessary for CISOs and CIOs to apply these state-of-the-art or best practice measures.
When setting up a Restricted Information System, organizations must set up a security certification procedure. This procedure identifies the perimeter of the information system that processes Restricted information and the components required for its operation and protection (filtering, detection, alerts, backup, etc.), then identifies and manages the risks on these elements. The certification also includes a process for complying with the regulatory requirements of Restricted systems. The combination of risk management and compliance results in a certification decision by the representative of the organization operating the system. It enshrines the acceptance of risk at the highest level of the organization. The architecture of the IS as well as the interconnections must be certified and periodically re-evaluated "in a process of continuous improvement and permanent adaptation to the evolution of threats”. II 901 specifies that the interconnections of the Restricted IS must be subject to a separate certification.
How to ensure the security and certification of your Restricted IS?
In order to protect and certify your IS, the following are prerequisites:
Today, both public and private organizations have increased needs for mobility, collaborative work and sharing sensitive information, all in a secure manner. Accessing and sharing this information with external partners require solutions capable of ensuring strong security.
Sources:
GENERAL INTERMINISTERIAL INSTRUCTION ON THE PROTECTION OF NATIONAL DEFENCE SECRETS
igi-1300-20210809.pdf (sgdsn.gouv.fr)
INTERMINISTERIAL INSTRUCTION ON THE PROTECTION OF SENSITIVE INFORMATION SYSTEMS
Instruction interministérielle relative à la protection des systèmes d'informations sensibles - Légifrance (legifrance.gouv.fr)
Cet article vous a plu ? N'hésitez pas à le partager