pdf

ANSSI - French Regulation for SOC - pdis referentiel v1.0 en.pdf
Anssi French Regulation For Soc Pdis Referentiel V1.0 En

Requirements for PDIS certification under French critical infrastructure regulation.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the primary objective of the PDIS certification?
    A: To verify that a service provider has the capability to detect security incidents affecting critical information systems (CII) in compliance with French law.
  • Q: What does the acronym 'PDIS' stand for?
    A: Prestataires de Dction des Incidents de SritSecurity Incident Detection Service Providers).
  • Q: What are the two main types of data that a PDIS is expected to collect?
    A: Technical logs (from systems, networks, applications) and Security alerts (from detection probes).
  • Q: What is the maximum duration for retaining technical logs according to the PDIS requirements?
    A: Typically 1 year (or as defined by the specific service level agreement, but bounded by regulatory limits).
  • Q: What specific role must be separated from the 'Analyst' role in a PDIS?
    A: The 'Administrator' role of the detection service itself, to prevent tampering with evidence.
  • Q: What is the 'Qualification' process mentioned?
    A: A formal evaluation by a certified audit provider (LSTI, etc.) to ensure the PDIS meets all ANSSI requirements.
  • Q: Does the PDIS regulation apply to all companies in France?
    A: No, it is primarily targeted at Operators of Vital Importance (OIV) and Critical Information Infrastructure (CII).
  • Q: What physical security requirement is mandated for the SOC premises?
    A: Strict access control, video surveillance, and separation of the SOC zone from other business areas.
  • Q: What is the requirement regarding 'Data Sovereignty' for PDIS?
    A: Data collected from critical systems must be stored and processed within France or a trusted jurisdiction.
  • Q: How must a PDIS handle 'False Positives'?
    A: They must have a documented process for tuning detection rules to minimize false positives while maintaining detection efficacy.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.