5.2. Military Programming Law (MPL)
5.2.1. Regulatory reminders
Some reminders of the main principles of the French Military Programming Law (MPL):
French Military Programming Law (Act no. 2013-1168 of 18 December 2013)
Article 22: implementation supervised by the ANSSI for the OIVs
Impose security measures
Impose controls on the most critical information systems
Make it compulsory to report incidents observed by the OIVs on their information systems
Article L.1332-6-1 of the Defense Code amended by Act no. 2015-917 of 28 July 2015 - Art. 27
Establish organizational and technical measures
Define procedures for identifying and reporting security incidents affecting vital information systems (IVIS)
5.2.2. Goal reminders
The goals are:
To protect national critical infrastructures against cyber attacks,
Reduce the exposure to risks and
Optimize the quality of services provided by organizations.
5.2.3. Requirements reminders
Requirements for OIVs and security incident detection service provider (PDIS) actors are to be taken into account on equipment:
Implement an information systems security policy
Carry out a security certification
Communicate the elements on the IVIS set up by the operator to the ANSSI
Observe and react to security alerts
Limit access
Partition the networks
Select the qualified technologies
5.2.4. MPL applied to the GTap
The GTap model GTAP_O_SM complies with the French Military Programming Law and has been qualified by the ANSSI.