Protection of sensitive and restricted information

Publish the 27 June 2023 Updated 16 November 2023

Interministerial instruction n° 901/SGDSN/ANSSI (II 901) related to the protection of sensitive information systems

This instruction, applicable to both public and private legal person, defines rules and requirements applicable on information systems to protect the confidentiality of sensitive or restricted information they contained. Like most of security regulation, the II 901 relies on the accreditation of the information system. Through this process, the stakeholder, known as accreditation authority, reviews the digital risks related to the information system and the associated security measures to cover them and decides whether to use or not this system.

Legal framework for protection of Nation scientific and technical capacities

This legal framework has been introduced in 2011 in order to protect facilities, knowledge, savoir-faire, information which, if intercepted, could:

Affect French economic interests (risk 1);
Reinforce military capacities of other country or weaken French military capacities (risk 2);
Lead to the proliferation of weapons of mass destruction in nuclear, ballistic, chemical or biological fields;
Lead to the development of terrorist activities on French territory or abroad.

This framework is mostly based on physical and legal measures. Information system security consideration is developed in a dedicated instruction, the interministerial instruction n° 901/SGDSN/ANSSI

On the same topic :

Réglementation

Search

About French Cybersecurity Agency (ANSSI)

Regulation

Scientific standing – the key roles of expertise

Protection of sensitive and restricted information

Interministerial instruction n° 901/SGDSN/ANSSI (II 901) related to the protection of sensitive information systems

Legal framework for protection of Nation scientific and technical capacities