IGI 1300 Cybersecurity Checklist

Document validated by management and distributed to relevant staff

Named and trained person, reporting to management

ANSSI methodology, risk mapping, treatment measures

Complete accreditation file: strategy, EBIOS, security baseline, decision

Initial training + annual refresher, signed certificates

Algorithms approved by ANSSI (AES-256 minimum), secure key management

MFA for all access to the classified IS, smart card or token

Time-stamped, centralised logs protected for integrity, retention ≥1 year

Qualified solution, daily updates, centralised alerts

VLAN, internal firewall, DMZ, documented authorised flows

Unidirectional transfer between networks of different classification levels

Protected physical perimeter with access control, entry log

Badge readers, anti-passback, access traceability

Resistance class adapted to the level, key/combination management

Cameras with ≥30-day recording, 24/7 supervision for TS

Perimeter detection, real-time alert, response <15min

Crisis scenarios, switchover procedures, annual tests

Encrypted backups, fallback site, defined RTO/RPO

Audit by an ANSSI-qualified PASSI provider, remediation plan

Detection, qualification, containment, ANSSI/DRSD notification, post-mortem

Comprehensive register, numbering, movement traceability

P-7 shredder, degausser for magnetic media, destruction certificate

USB ports disabled or controlled, authorised media registered