FAQ

• What is CSPN?

The First-Level Security Certification (CSPN), also known as the "ANSSI Security Visa," is one of the certifications issued by the French National Cybersecurity Agency (ANSSI) for information technology products. Established by ANSSI in 2008, CSPN certifies that a product (software, operating system, appliance, hardware, etc.) has successfully undergone a security evaluation by an ANSSI-approved evaluation center (CESTI).

CSPN consists of "black-box" tests conducted under constrained time and conditions. It serves as an alternative to Common Criteria evaluations, which can be costly and time-consuming, particularly when a lower level of confidence is acceptable. This certification is based on criteria, methodology, and a process developed by ANSSI.

• What is SecNumCloud?

SecNumCloud is a security qualification proposed by ANSSI (National Cybersecurity Agency of France) to enhance the security of Cloud services. It applies to all cloud operators offering services in PaaS (Platform as a Service), IaaS (Infrastructure as a Service), or SaaS (Software as a Service).

The SecNumCloud security requirements encompass a comprehensive set of best practices from technical, operational, and legal perspectives. Compliance is verified by audit providers approved by ANSSI (PASSI).

• What is NIS2?

The NIS2 Regulation is an update to the NIS Directive adopted by the EU in 2016. Published in December 2020, it aims to strengthen cybersecurity across EU member states.

Highly ambitious, its implementation aims to help thousands of entities better protect themselves, especially in sectors deemed essential for societal and economic stability. It seeks to broadly mobilize the national economic fabric and the public sector in the face of increasing cyber threats.

The scope of the NIS2 directive addresses several key areas to enhance defense and response capabilities in cybersecurity:

• Risk management and security measures: Procedures for risk management and appropriate security measures to mitigate identified risks.
• Incident reporting and response: specific protocols for reporting cyber incidents to ensure rapid and detailed communication with national competent authorities.
• Supply chain security: procedures focusing on the interconnected nature of modern business operations.
• Cybersecurity training and awareness: regular training and awareness programs to promote a culture of cybersecurity at all organizational levels.

• What is GRPD?

Adopted in May 2018, the General Data Protection Regulation (GDPR) strengthens and unifies the protection of personal data for individuals within the EU, defining specific obligations to ensure the protection of data entrusted to organizations.

It applies to any organization, public or private, that processes personal data on its behalf or otherwise, as long as it is established within the European Union or targets European residents. The GDPR also applies to subcontractors processing personal data on behalf of other organizations.

The regulation dedines:

• Personal data as "any information relating to an identified or identifiable natural person."
• Processing of personal data as "an operation or set of operations performed on personal data, regardless of the method."