With the global rise in cybercrime and complex, sophisticated attacks, the need for a robust national cybersecurity strategy, such as the RNSI (Référentiel National de Sécurité de l'Information), became essential and urgent.
The development of the RNSI (Référentiel National de Sécurité de l'Information) framework in 2016, later updated in 2020, aimed to address this pressing challenge.
The RNSI provides a comprehensive set of security guidelines, controls, and best practices based on international standards like ISO 27001/27002.
These measures are tailored to the unique requirements of public and government entities across the country.
The RNSI serves as a holistic approach to improve cybersecurity posture, strengthen resilience, and better protect information assets against evolving cyber threats.
Principles and Objectives of the RNSI 2020
The RNSI brings together guidelines and good practices in the field of information systems security.
It aims to improve the cybersecurity posture of organizations by putting in place adequate security controls through a risk-based approach.
The RNSI 2020 is based on international information systems security standards and benchmarks: ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO/IEC 27005:2018, ISO/IEC 22301:2019, ……
It provides :
- A set of information security requirements and measures;
- Implementation recommendations that enable any public body or government entity to better protect its information assets and strengthen its resilience to cyber-attacks.
The RNSI is composed of several parts, we can mention the fundamental principles of information security, the security requirements which encompass the different domains: networks, information systems, applications…, the audit and conformity assessment procedures, but also the guides and tools to help organizations to implement the standard.
The standard is composed of five (05) main parts:
- Fundamental principles of information security: this section includes the basic principles of information security (confidentiality, integrity, availability of data, legal and regulatory requirements…);
- Security requirements: this section focuses on the security requirements applicable to each area such as networks, information systems, applications, data, security incident management, etc. The security requirements are classified according to three levels, taking into account the potential impact on the organization in the event of a security breach: critical, important, normal.
- Audit and conformity assessment procedures: This section details the procedures for audit and conformity assessment against the security requirements defined in the standard. It includes information on information security certificates.
- Guides and tools to support implementation: these are made available to organizations to help and support them in implementing the security requirements specified in the standard.
- Glossaries and acronyms: they contain the terms, acronyms and abbreviations used in the RNSI but also in the field of information security.
Areas of security and controls
The main areas of security and controls of the RNSI are shown in the diagram.
The RNSI’s security controls:
- Are designed to meet the information security needs of all organizations and public entities;
- Vary in terms of applicability from one sector to another, taking into consideration organizational aspects, internal regulations, the nature of the activity and the technologies deployed.
It is essential to draw up a statement of applicability justifying the inclusion or exclusion of a safety measure on the basis of the outcome of the risk assessments.
The 20 areas covered by the RNSI 2020 are :
- Asset management
- Protection of personal data
- Access management and control
- Security of mobile devices
- Network security
- Security of information systems
- Operational safety
- Security of critical information systems
- Security of cloud services
- Cryptography
- Physical Security
- Internet of Things
- Monitoring and Logging
- Security Incident Management
- Business continuity management
- Human resources
- Security related to the use of Social Networks
- Integration of safety during the software development life cycle
- Security requirements for information technology projects
- Relationship with third parties
Normative framework of the RNSI 2020:
The normative framework of the RNSI is based on international best practice and recognized standards in information security.
How can Intervalle Technologies teams support you?
Our teams are certified on the methodologies and standards of information systems security audits (ISO 27001, PCI DSS, CSP SWIFT, CISA).
They have a mastery of the RNSI 2020 Framework and have proven skills in:
- GRC: Governance of Information Security, Risk and Compliance;
- Safety audits ;
- Network & security architecture audits ;
- Configuration audits ;
- Design and implementation of security solutions;
- Vulnerability management solutions ;
We have carried out numerous security and organizational audits in many territories.