L'alternative de confiance aux solutions de messagerie instantanée grand public.
Boostez la communication en invitant plusieurs milliers de membres dans des salons de discussions dédiés !
Comment pouvons-nous vous aider ? Vous trouverez l'aide qu'il vous faut.
S'enregistrer ou se connecter directement sur la plateforme Citadel Team
L'application est disponible sur toutes les plateformes.
Cryptobox est la solution de travail collaboratif et de transfert de fichiers agréée Diffusion Restreinte par l’ANSSI qui chiffre vos données de bout en bout, disponible en Cloud ou On Premise. Vos documents sont accessibles de manière totalement sécurisée depuis votre PC, smartphone et tablette.
Contrairement aux solutions grand public, Cryptobox est security by design : chaque fonctionnalité bénéficie nativement du plus haut niveau de sécurité. La solution offre diverses fonctionnalités pour vous permettre d’échanger en interne comme externe en toute confiance
La transformation numérique concerne toutes les organisations, privées ou publiques, des plus petites aux plus grandes. Les outils associés à cette transformation offrent de nombreux avantages : télétravail, partage d’informations simplifié, économies de temps et de coûts … et imposent de nouveaux défis concernant la protection des données collectées, stockées et partagées en interne et en externe.
Vos équipes pratiquent le télétravail ou travaillent à distance lors de déplacements. Vos équipes doivent avoir accès aux mêmes ressources que quand elles sont au bureau. Vos collaborateurs échangent des données sensibles. La DSI de votre entreprise doit pouvoir gérer les connexions à distance quel que soit le nombre de personnes connectées.
Vous stockez des informations professionnelles et personnelles sur votre smartphone Vous voyagez régulièrement à l’étranger et participez à des réunions téléphoniques Vous vous connectez fréquemment à des wifi publics Vous échangez des emails confidentiels via votre smartphone et votre tablette Vous accédez à des applications métier en mobilité Vous avez déjà perdu votre smartphone ou été victime d’un vol
Cybels Hub DR est la première solution cloud homologuée Diffusion Restreinte pour aider tous types d'entités à collaborer en toute sécurité avec des partenaires ! Collaborez en audio ou visio-conférence, échangez des données avec vos partenaires, le tout au niveau « Diffusion Restreinte » sur un cloud opéré et sécurisé par Thales.
Publié le 7 février 2023
What is “Restricted distribution”?
“Restricted Distribution” (“Diffusion Restreinte” or DR in French) is a designation identifying the level of protection for unclassified sensitive information.In a context of increased digitalization and exchange of documents between private and public entities, French or foreign partners, the French Interministerial General Instruction no. 1300 [1] regarding the protection of national defense secrets includes a new classification scheme for government information, with defined rules for its protection and processing. This directive identifies two categories of non-public information:
The Restricted designation is intended to provide protection for non-public information that is not covered by the national defense and security classification. Access, unauthorized dissemination or misappropriation of information protected by this designation:
The main purpose of the Restricted designation is to remind users of their duty of discretion, and the disciplinary or administrative sanctions they are exposed to in case of violation.
France is not the only country with a classification policy to protect its sensitive information. The Restricted designation has equivalents in the security policies of the European Union - EU restricted - and of NATO - NATO restricted. Their purpose is to protect the interests and information related to the political, military, diplomatic, scientific, economic or industrial strategies of these international organizations against the risk of disclosure or unauthorized access. Finally, there are additional protective designations created to exclude access to foreign individuals and organizations, even if they are authorized. This is the objective of the "Special France" or "Special France and [countries] eyes only" designation in a multinational program.
What is the regulatory framework for CIOs and CISOs who must ensure the security of restricted information?Organizations that process Restricted information must comply with the requirements of interministerial instruction no. 901/SGDSN/ANSSI (II 901) related to sensitive or Restricted information systems, which defines security measures and rules for the implementation of a Restricted approved information system.The requirements of II 901 apply to:
These requirements structure the protection of Restricted information processed by an organization, to meet the need for business continuity, protection of its reputation, prevention of data breach, and help secure the organization’s people and assets.
These measures are also based on existing technical standards and recommendations of the French National Agency for Information Systems Security (ANSSI). ANSSI has developed a “Recommendations for the architecture of sensitive or restricted information systems” guide to implement II 901 measures in the design of the information system (IS) architecture hosting Restricted information. The primary concern of this guide is to provide technical advice for the architecture of sensitive IS and Restricted. Some technical aspects are not covered in the guide, such as physical and environmental security, security related to IT developments, telephony over IP, access control information systems [2] ... It is therefore necessary for CISOs and CIOs to apply these state-of-the-art or best practice measures.
When setting up a Restricted Information System, organizations must set up a security certification procedure. This procedure identifies the perimeter of the information system that processes Restricted information and the components required for its operation and protection (filtering, detection, alerts, backup, etc.), then identifies and manages the risks on these elements. The certification also includes a process for complying with the regulatory requirements of Restricted systems. The combination of risk management and compliance results in a certification decision by the representative of the organization operating the system. It enshrines the acceptance of risk at the highest level of the organization. The architecture of the IS as well as the interconnections must be certified and periodically re-evaluated "in a process of continuous improvement and permanent adaptation to the evolution of threats”. II 901 specifies that the interconnections of the Restricted IS must be subject to a separate certification.
How to ensure the security and certification of your Restricted IS?
In order to protect and certify your IS, the following are prerequisites:
Today, both public and private organizations have increased needs for mobility, collaborative work and sharing sensitive information, all in a secure manner. Accessing and sharing this information with external partners require solutions capable of ensuring strong security.
Sources:
GENERAL INTERMINISTERIAL INSTRUCTION ON THE PROTECTION OF NATIONAL DEFENCE SECRETS
igi-1300-20210809.pdf (sgdsn.gouv.fr)
INTERMINISTERIAL INSTRUCTION ON THE PROTECTION OF SENSITIVE INFORMATION SYSTEMS
Instruction interministérielle relative à la protection des systèmes d'informations sensibles - Légifrance (legifrance.gouv.fr)
Cet article vous a plu ? N'hésitez pas à le partager