Regulatory compliance, GDPR and ANSSI recommendations Compliance with multiple regulations is sometimes perceived as a constraint, but it is nevertheless necessary to ensure an effective IS security. Contact us Regulatory compliance Information system security regulations guarantee that any organization in a specific business sector can protect the data entrusted to it or the integrity of its information system itself. By implementing certain solutions, it is possible to respond precisely and effectively to the heterogeneity of rules in terms of IS administration, access management and identity and authorization management in order to be able to react in real time in the event of malicious actions. Icon_Fichier 1 Track and secure IS access Icon_Fichier 2 Monitor administration actions Protect personal and sensitive data Our solutions to answer your problems: The sterile and disposable virtual desktop for the administration of all your resources, on premise or cloud. Discover Systancia Cleanroom Transparent authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows login). Several authentication modes can be made available to users: login and password, smart or contactless cards, biometrics, mobile … To classify an authentication mode it will be enough to rely on the principles of the 3 factors: “What do I have? “, ” What do I know? “, ” Who am I? ». The answers provided to these questions make it possible to say for a given authentication method whether it is “simple” or “double” factor. Secondary authentication is the access of a user to an application from an open session on a workstation. The application can be of any type: web, client-server, local to the workstation or external……, in all its forms, to all your applications, on premise or cloud Discover Systancia Access Powerful management of your entire ecosystem’s identities and authorizations for all your applications, on premise or cloud Discover Systancia Identity An airport group in a major French metropolitan area has chosen to use Systancia Cleanroom to secure the workstations of its administrators, both internal and external. Systancia Cleanroom has been deployed on 150 accounts defined to manage over 500 resources, while raising the level of security required by the organization’s sensitive nature, which is subject to numerous security regulations. Compliance of OVIs OVIs (Operators of Vital Importance) are organizations identified by the French State as having activities essential for the exercise of State authority, the functioning of the economy, the maintenance of the defense potential or the Nation’s security. These operators of vital importance are subject to certain regulations, particularly in terms of IT security. OVIs have a regulatory obligation to use solutions qualified by the ANSSIAgence Nationale de la Sécurité des Systèmes d’Information. The National Cybersecurity Agency of France (ANSSI) is a French government organisation reporting to the Secretary General for Defence and National Security (SGDSN), who is responsible for advising the Prime Minister in the exercise of his functions in the field of defence and national security. ANSSI is responsible for cybersecurity issues in France. The ANSSI provides its expertise and technical skills to organisations (administrations or companies) with a reinforced mission to the operators of vital importance (OIV), operating in areas of activity that are sensitive for the very integrity of the country and the population (health, regal, economic and technological fields). The scope of the Agency’s action concerns the computer population as a whole. In particular, it intervenes in the following areas – monitoring and reacting to any incident relating to cybersecurity, – in the development of products for civil society, – as an information and advisory body, – as a training organisation, – as a reference organisation for the labelling of trusted products and service providers… (French National Cybersecurity Agency), when they exist. After having obtained the ANSSI first level security certification (CSPNCertification de Sécurité de Premier Niveau. The First Level Security Certification (CSPN), awarded by the ANSSI (French National Agency for the Security of Information Systems) aims to certify the robustness of a technological product, based on a conformity analysis and intrusion tests carried out by a CESTI (Centre d’Evaluation de Sécurité des Technologies de l’Information), itself approved by the ANSSI. This certification is delivered for a specific product version. All subsequent versions of the product must therefore be re-certified. CSPN certification applies to several types of cybersecurity products such as “secure storage”, “identification, authentication and access control”, or “secure communication”. To see the complete list, click here. Each year, ANSSI publishes an updated catalogue of certified products….), IPdiva Secure, now Systancia Gate is the only solution to have obtained the ANSSI Qualification-Elementary level for identification, authentication and access control to the IT system. With this qualification, IPdiva Secure becomes the only solution recommended by the ANSSI to ensure the security of access to IT systems of administrations, of the 250 Operators of Vital Importance (OVI)**, and more broadly of companies. It is a guarantee of reliability, robustness and impermeability to external threats. Discover Systancia Gate Icon_Fichier 4 Meeting regulatory requirements Icon_Fichier 5 Tested and validated solution efficiency Icon_Fichier 6 Compliance of the solution monitored in time by the ANSSI Our solution to answer your problem: The high-security access portal to all your applications, on premise or cloud. Discover Systancia Gate One of the main French commercial ports, identified as an OVI by the State, has chosen the IPdiva Secure solution for securing access to IS resources. It was the only solution that would allow this commercial port to secure its employees’ access to the information system, in full compliance with its regulatory obligations.