July 2019
Intermediate to advanced
420 pages
8h 47m
English
This appendix presents the measures proposed by the ANSSI guides (ANSSI 2013a; ANSSI 2013b). They are defined according to the class of the system (Chapter 6).
Recommendations are prefixed with an R and directives with a letter D.
Table A4.1. Recommendations and guidelines for system knowledge
| Roles and responsibilities | C1 | R1 – A cybersecurity chain of responsibility must be put in place. It should cover all systems. R2 – Responsibilities for cybersecurity should be clearly defined for each of the stakeholders regardless of the aspect concerned (development, integration, operation, maintenance, etc.). |
| C2 | D3 – R1 is mandatory. D4 – R2 is mandatory. | |
| C3 | D5 – The identity and contact details of the person in charge of the cybersecurity chain of custody must be communicated to the cyber defense authority. D6 – The limits of liability must be reviewed periodically, at least once a year. | |
| Mapping | C1 | R7 – Build a map:
|
| C2 | D8 – Build a map:
|
|
| C3 | D10 – R9 is mandatory. | |
| Risk analysis | C1 | R11 – Carry out a risk analysis for cybersecurity, however brief. |
| C2 | D12 – Carry out a risk analysis for cybersecurity according to a method chosen by the responsible entity. ... |