New document: Security requirements
The Federation puts online its document “Security requirements for providers of infrastructure equipment and service platforms” after several months of work gathering the concerned operators and the French National Cybersecurity Agency.
Purpose of the document
This document describes the security requirements operators that are members of the FFT must demand from their suppliers of infrastructure equipment and service plat-forms, and their service providers.
This document applies to all the assets of every telecommunications operator. It includes requirements for the products and the services provided during their integration,
operation and maintenance.
The security requirements described in this document are drawn from the document referenced, including those related to the administration workstation for technical systems, an area that requires special attention from suppliers.
These requirements form a common base. Each operator may customise the base and add its own requirements depending on its architecture and SOC services.
Furthermore, for a critical information system, it is necessary to make sure that the supplier – or their service provider – as subcontractors of the operator, comply with all the applicable rules in the reference document.
This document is based on the Order of 28 November 2016, setting the security rules and the method for declaring critical information systems and security incidents concerning the sub-sector of critically important ’Electronic Communications and Internet’ activities, for the application of Articles R. 1332-41-1, R. 1332-41-2 and R. 1332-41-10 of the French Defence Code, published in the Official Gazette no 0282 on 04/12/2016.