5.2. Military Programming Law (MPL)

5.2.1. Regulatory reminders

Some reminders of the main principles of the French Military Programming Law (MPL):

  • French Military Programming Law (Act no. 2013-1168 of 18 December 2013)

  • Article 22: implementation supervised by the ANSSI for the OIVs

    • Impose security measures

    • Impose controls on the most critical information systems

    • Make it compulsory to report incidents observed by the OIVs on their information systems

  • Article L.1332-6-1 of the Defense Code amended by Act no. 2015-917 of 28 July 2015 - Art. 27

    • Establish organizational and technical measures

    • Define procedures for identifying and reporting security incidents affecting vital information systems (IVIS)


5.2.2. Goal reminders

The goals are:

  • To protect national critical infrastructures against cyber attacks,

  • Reduce the exposure to risks and

  • Optimize the quality of services provided by organizations.


5.2.3. Requirements reminders

Requirements for OIVs and security incident detection service provider (PDIS) actors are to be taken into account on equipment:

  • Implement an information systems security policy

  • Carry out a security certification

  • Communicate the elements on the IVIS set up by the operator to the ANSSI

  • Observe and react to security alerts

  • Limit access

  • Partition the networks

  • Select the qualified technologies


5.2.4. MPL applied to the GTap

The GTap model GTAP_O_MM complies with the French Military Programming Law and has been qualified by the ANSSI.

../_images/ANSSI.png