The following organizations offer requirements for establishing and maintaining an information security program. These standards are periodically reviewed, revised, and updated. It is critical that the most current version of a published standard be used or referenced.

​

ANSSI's Security Recommendations:

• Website: ANSSI / https://cyber.gouv.fr/

 

RGS (Référentiel Général de Sécurité):

• Website: RGS / https://cyber.gouv.fr/le-referentiel-general-de-securite-rgs

 

PSSIE (Politique de Sécurité des Systèmes d'Information de l'État):

• Website: PSSIE / https://cyber.gouv.fr/publications/pssi-guide-delaboration-de-politiques-de-securite-des-systemes-dinformation

 

LPM (Loi de Programmation Militaire):

• Website: LPM / https://www.defense.gouv.fr/ministere/politique-defense/loi-programmation-militaire-2024-2030/loi-programmation-militaire-2024-2030-grandes

 

ISO/IEC 27001:

• Website: ISO/IEC 27001 / https://www.iso.org/fr/standard/27001

​

PCI DSS (Payment Card Industry Data Security Standard):

• Website: PCI DSS / https://www.pcisecuritystandards.org/standards

 

RGPD (Règlement Général sur la Protection des Données):

• The General Data Protection Regulation (GDPR) is enforced in France, establishing stringent standards for data protection and privacy.

• Website: GDPR / https://www.cnil.fr/fr/reglement-europeen-protection-donnees

​

NIS Directive (Network and Information Systems Directive):

• Transposed into French law, this directive aims to achieve a high common level of security for network and information systems across the EU.

• Website: NIS Directive / https://cyber.gouv.fr/la-directive-nis-2

​

HDS (Hébergement de Données de Santé):

• Specific to healthcare, HDS certification ensures that providers of health data hosting services meet high security and privacy standards.

• Website: HDS / https://esante.gouv.fr/produits-services/hds

​

EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité):

• A French risk management methodology used to identify and assess cybersecurity risks.

• Website: EBIOS / https://cyber.gouv.fr/la-methode-ebios-risk-manager

​

SecNumCloud:

• A certification scheme for cloud service providers to ensure they meet French security requirements.

• Website: SecNumCloud / https://cyber.gouv.fr/secnumcloud-pour-les-fournisseurs-de-services-cloud

 

Higher Education Information Security

 

Renater CERT (Computer Emergency Response Team):​

• Website: Renater CERT / https://www.renater.fr/securite/le-cert-renater/

 

ANSSI Guidelines:​

• Website: ANSSI / https://cyber.gouv.fr/

 

RGS (Référentiel Général de Sécurité):​

• Website: RGS / https://www.numerique.gouv.fr/publications/referentiel-general-de-securite/

 

EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité):​

• Website: EBIOS / https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_ebios.html

 

ISO/IEC 27001:

• ​​Website: ISO/IEC 27001 / https://www.iso.org/fr/standard/27001

​

GDPR (General Data Protection Regulation):​

• Website: GDPR

 

SecNumCloud:

• A certification for cloud service providers meeting French security requirements. Higher education institutions using cloud services ensure compliance with this standard.

• Website: SecNumCloud / https://cyber.gouv.fr/secnumcloud-pour-les-fournisseurs-de-services-cloud

​

NIS Directive (Network and Information Systems Directive):

• Transposed into French law, this directive aims to improve the cybersecurity of network and information systems across the EU, including higher education.

• Website: NIS Directive

​

ITIL (Information Technology Infrastructure Library):

• Many higher education institutions implement ITIL practices for effective IT service management and aligning IT services with institutional needs.

• Website: ITIL

​

HDS (Hébergement de Données de Santé):

• For higher education institutions involved in health research, HDS certification ensures compliance with high security and privacy standards for hosting health data.

• Website: HDS / https://esante.gouv.fr/produits-services/hds