ANSSI publishes a set of guides on remediation of cyber incidents
ANSSI publishes a set of guides on remediation, laying out principles for the management and implementation of remediation efforts within an organisation affected by a cyber security incident.
Remediation affects the life cycle of the information system for several weeks or even months after a major incident, and impacts many business units during this period. If remediation is managed effectively, the incident becomes an opportunity to significantly improve the resilience of the affected organisation.
![]()
ANSSI's guides on remediation
Remediation: a key issue for organizations
The financial and material damage that can result from a cyberattack is considerable. If a major incident is only partially or inadequately remedied, its effects can be long-lasting. This high potential for destabilisation requires both organisations and cybersecurity service providers to possess the know-how necessary to contain these cyberattacks, regain control of the compromised information system, and restore it to a sufficiently operational state. Remediation is key to achieving this. It is one of the major aspects of cyber-incident response, along with investigation and crisis management.
Guides to support organizations at every stage
ANSSI is working with the cybersecurity ecosystem to develop and disseminate the doctrinal pillars pertaining to the implementation and management of remediation. It publishes a corpus of doctrines broken down into three sections (strategic, operational and technical).
The corpus incorporates feedback from the cyber community. It is intended to be gradually enriched with new content.