Protection of sensitive and restricted information
Interministerial instruction n° 901/SGDSN/ANSSI (II 901) related to the protection of sensitive information systems
This instruction, applicable to both public and private legal person, defines rules and requirements applicable on information systems to protect the confidentiality of sensitive or restricted information they contained. Like most of security regulation, the II 901 relies on the accreditation of the information system. Through this process, the stakeholder, known as accreditation authority, reviews the digital risks related to the information system and the associated security measures to cover them and decides whether to use or not this system.
Legal framework for protection of Nation scientific and technical capacities
This legal framework has been introduced in 2011 in order to protect facilities, knowledge, savoir-faire, information which, if intercepted, could:
- Affect French economic interests (risk 1);
- Reinforce military capacities of other country or weaken French military capacities (risk 2);
- Lead to the proliferation of weapons of mass destruction in nuclear, ballistic, chemical or biological fields;
- Lead to the development of terrorist activities on French territory or abroad.
This framework is mostly based on physical and legal measures. Information system security consideration is developed in a dedicated instruction, the interministerial instruction n° 901/SGDSN/ANSSI