{"id":13259,"date":"2022-10-13T12:08:00","date_gmt":"2022-10-13T10:08:00","guid":{"rendered":"https:\/\/www.thegreenbow.com\/?post_type=resource&p=13259"},"modified":"2023-11-23T10:26:26","modified_gmt":"2023-11-23T08:26:26","slug":"anssis-security-visas-what-are-they-and-which-one-is-right-for-you","status":"publish","type":"resource","link":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/","title":{"rendered":"ANSSI\u2019s security visas: what are they and which one is right for you?"},"content":{"rendered":"\n
\n

By Arnaud Dufournet<\/strong><\/p>\n\n\n\n

Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. It is precisely to set apart the most robust solutions that the French National Cybersecurity Agency (ANSSI) evaluates them and issues so-called security visas every year. In 2021, the agency issued 255 of these qualifications and certifications. However, it\u2019s not always easy to understand what they are and decide which one is right for you. Some even go so far as to say that these visas do not make the decision-making process any easier.<\/p>\n\n\n\n

Vulnerabilities are on a constant rise<\/strong><\/strong><\/strong><\/h2>\n\n\n\n

On average, organizations deploy dozens of cybersecurity solutions to protect their networks and information systems. At the same time, the number of vulnerabilities detected keeps rising. Log4shell\u2014the vulnerability that struck fear into CSIOs in December 2021\u2014is still on everyone\u2019s mind. The number of new CVE identifiers that MITRE publishes could be up to 35% higher than in 2021 according to the 2022 Telemetry Report<\/a> published by Trustwave SpiderLabs.<\/p>\n\n\n\n

VPN software has its share of vulnerabilities. Three SSL VPNs were already among the top 10 vulnerabilities in 2020, a ranking based on severity that ANSSI establishes every year.<\/p>\n\n\n\n

\"\"<\/figure>
\n

The top 10 from 2021, published this past February, once again includes a VPN whose vulnerability allowed attackers to modify certain files in view of installing backdoors and subsequently erasing their traces. Persistent command injection and remote code execution (RCE) are the most common types of vulnerabilities listed in CVEs.<\/p>\n<\/div><\/div>\n\n\n\n

<\/p>\n\n\n\n

For a software editor, having your product evaluated by an accredited laboratory with a view to obtaining a security visa from ANSSI is a good way to stand out and provide users with quality guarantees.<\/p>\n\n\n\n

Understanding the security visas that ANSSI issues<\/strong><\/h2>\n\n\n\n

The first thing to know about the visas ANSSI issues is that there are two types: certifications<\/em> and qualifications<\/em>. The purpose of these visas is to provide an easy way to identify the most reliable and recognized cybersecurity solutions based on an evaluation performed by an accredited laboratory according to a disciplined and proven methodology.<\/p>\n\n\n\n

A certification<\/strong><\/em> demonstrates the robustness of a product that has been subjected to a compliance analysis and penetration tests conducted by a third-party evaluator under ANSSI\u2019s authority. There are two certification schemes: Common Criteria (CC) certification and First Level Security Certification (Certification de S\u00e9curit\u00e9 de Premier Niveau<\/em> or CSPN). CC certification is an internationally recognized standard based on multilateral recognition agreements. The Common Criteria are broken down into seven Evaluation Assurance Levels (EALs) pertaining to the product\u2019s security. EAL1 comprises functional tests and tests to determine resistance to a basic level attacker. EAL7 consists in a formal verification of the solution\u2019s design as well as a test to determine resistance to a high-level attacker. It should be noted that the assurance level can also be increased by adding additional evaluation tasks. In this case, a \u201c+\u201d will be added to the level, for example EAL4+. To provide an alternative to CC evaluations, which can take up to 18 months, ANSSI has set up a CSPN. It isn\u2019t as exhaustive, focuses on product analysis, and consists of tests carried out with time and workload constraints (25 to 35 man-days).<\/p>\n\n\n\n

\"\"<\/figure>
\n

It should also be noted that a certification is only valid for a given version of a product. Certification may be extended to minor product updates carried out within the scope of a certificate maintenance, but major updates to a product imply that it will have to be evaluated again.<\/p>\n<\/div><\/div>\n\n\n\n

The second type of visa is a qualification<\/em><\/strong>. It is the French State\u2019s recommendation of tried and tested cybersecurity products or services that have been approved by ANSSI. This type of visa confirms that the solution complies with the regulatory, technical, and security requirements that ANSSI promotes. In this case, the evaluation demonstrates the product\u2019s robustness as confirmed by a certification, the service provider\u2019s competence, and the solution provider\u2019s commitment to comply with trust criteria. It is only granted for a maximum period of two to three years depending on the regulatory framework. Furthermore, there are three levels of qualification: basic, standard, and enhanced.<\/p>\n\n\n\n

Yet another subtlety is that it\u2019s possible to ask ANSSI for an approval<\/em><\/strong> with the qualification. When an information system (IS) handles sensitive data, the security devices that protect it must receive an ANSSI approval. The various approvals depend on the type and level of sensitivity of the information concerned. For example, the approvals available for ISs in the Defence sector are Restricted (Diffusion Restreinte<\/em> \u2013 DR) or Secret (Secret D\u00e9fense<\/em> \u2013 SD). NATO approval is for combined information systems and EU approval for information systems used in EU institutions.<\/p>\n\n\n\n

Is the Great Resignation looming over cybersecurity as well? Action is needed quickly to give CISOs the means to regain control and carry out their work\u2014which is so critical to the survival of an organization.<\/p>\n\n\n\n

Whose needs do the visas meet?<\/strong><\/h2>\n\n\n\n

The main question you should ask yourself is whether your French branch is restricted by regulations, such as the Network and Information Security (NIS) Directive at the European level or the General Security Database (R\u00e9f\u00e9rentiel G\u00e9n\u00e9ral de S\u00e9curit\u00e9<\/em> \u2013 RGS) and the Act on Military Spending Bill Programming (Loi de Programmation Militaire<\/em> \u2013 LPM) in France. If this is the case, then you must turn to a cybersecurity solution that has been qualified by a cybersecurity agency, such as ANSSI in France (see our use case on Restricted information<\/a>). If your information system handles sensitive data, then the qualified solution you require must additionally come with an approval.<\/p>\n\n\n\n

However, if your organization is not concerned by the regulations mentioned above and you still want robust solutions, especially to comply with the GDPR, you can use certified solutions to raise the security level of your IS.<\/p>\n\n\n\n

For organizations that have subsidiaries abroad, it is interesting to know that the Common Criteria standard is recognized in a certain number of countries.<\/p>\n\n\n\n

\n

The CC certification is recognized by 13 European countries (including France, Germany, Italy, Spain, and the United Kingdom) that have signed the Agreement on Mutual Recognition (SOG-IS agreement<\/a>). In turn, the Common Criteria Recognition Arrangement<\/a> (CCRA) allows mutual recognition with other non-European states, such as the United States, Canada, India, and Israel.<\/p>\n<\/div>

\"\"<\/figure><\/div>\n\n\n\n

TheGreenBow\u2019s certification process<\/h2>\n\n\n\n

For more than 20 years, TheGreenBow has been helping its customers manage privacy, sovereignty, and security issues at the highest level. This is why we have fully integrated the certification and qualification of our products by ANSSI into our development strategy. In 2013, TheGreenBow became the first European VPN software provider to obtain the EAL3+ Common Criteria certification as well as NATO Restricted and EU Restricted approval for its Windows VPN Client. TheGreenBow has also obtained additional visas for its Windows and Linux clients. A new version of the Windows VPN Client is currently undergoing a qualification process with ANSSI.<\/p>\n\n\n\n

We apply a consistent level of standards to the development of all our software and not only to versions for which we aim to obtain a security visa. Many critical market operators, including Dassault Aviation and the French Ministry of the Interior, trust TheGreenBow\u2019s VPN clients for their robustness and reliability.<\/p>\n\n\n\n

To find out more about our VPN clients, visit our online store<\/strong><\/a>.<\/strong><\/p>\n\n\n\n

You can also try them free of charge for 30 days by visiting this page<\/strong><\/a> on our website.<\/p>\n\n\n\n

<\/p>\n<\/div>\n","protected":false},"featured_media":13291,"template":"","meta":{"_acf_changed":false,"resource_type":"internal"},"resource_category":[30,342],"class_list":["post-13259","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource_category-blog","resource_category-blog-en"],"acf":[],"yoast_head":"\nANSSI\u2019s security visas: what are they and which one is right for you? - TheGreenBow<\/title>\n<meta name=\"description\" content=\"Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. The French National Cybersecurity Agency (ANSSI) evaluates them to set apart the most robust solutions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ANSSI\u2019s security visas: what are they and which one is right for you? - TheGreenBow\" \/>\n<meta property=\"og:description\" content=\"Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. The French National Cybersecurity Agency (ANSSI) evaluates them to set apart the most robust solutions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/\" \/>\n<meta property=\"og:site_name\" content=\"TheGreenBow\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-23T08:26:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2022\/10\/Securite-informatique-scaled.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1791\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@thegreenbow\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/\",\"url\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/\",\"name\":\"ANSSI\u2019s security visas: what are they and which one is right for you? - TheGreenBow\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.thegreenbow.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Securite-informatique-scaled.jpeg\",\"datePublished\":\"2022-10-13T10:08:00+00:00\",\"dateModified\":\"2023-11-23T08:26:26+00:00\",\"description\":\"Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. The French National Cybersecurity Agency (ANSSI) evaluates them to set apart the most robust solutions.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.thegreenbow.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Securite-informatique-scaled.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.thegreenbow.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Securite-informatique-scaled.jpeg\",\"width\":2560,\"height\":1791,\"caption\":\"Digital cybersecurity and network protection concept. Virtual locking mechanism to access shared resources. Interactive virtual control screen with padlock. Businessman working at laptop on background\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/ressource\\\/blog-en\\\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/resources\\\/blog-en\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ANSSI\u2019s security visas: what are they and which one is right for you?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/\",\"name\":\"TheGreenBow\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/#organization\",\"name\":\"TheGreenBow\",\"url\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.thegreenbow.com\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/Logotype@2x-min.png\",\"contentUrl\":\"https:\\\/\\\/www.thegreenbow.com\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/Logotype@2x-min.png\",\"width\":422,\"height\":84,\"caption\":\"TheGreenBow\"},\"image\":{\"@id\":\"https:\\\/\\\/www.thegreenbow.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/thegreenbow\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/thegreenbow\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCZKtI7_fmgFcmovgGSy8AnQ\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ANSSI\u2019s security visas: what are they and which one is right for you? - TheGreenBow","description":"Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. The French National Cybersecurity Agency (ANSSI) evaluates them to set apart the most robust solutions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/","og_locale":"en_US","og_type":"article","og_title":"ANSSI\u2019s security visas: what are they and which one is right for you? - TheGreenBow","og_description":"Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. The French National Cybersecurity Agency (ANSSI) evaluates them to set apart the most robust solutions.","og_url":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/","og_site_name":"TheGreenBow","article_modified_time":"2023-11-23T08:26:26+00:00","og_image":[{"width":2560,"height":1791,"url":"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2022\/10\/Securite-informatique-scaled.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@thegreenbow","twitter_misc":{"Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/","url":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/","name":"ANSSI\u2019s security visas: what are they and which one is right for you? - TheGreenBow","isPartOf":{"@id":"https:\/\/www.thegreenbow.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/#primaryimage"},"image":{"@id":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/#primaryimage"},"thumbnailUrl":"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2022\/10\/Securite-informatique-scaled.jpeg","datePublished":"2022-10-13T10:08:00+00:00","dateModified":"2023-11-23T08:26:26+00:00","description":"Not all cybersecurity solutions are the same when it comes to efficiency and trustworthiness. The French National Cybersecurity Agency (ANSSI) evaluates them to set apart the most robust solutions.","breadcrumb":{"@id":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/#primaryimage","url":"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2022\/10\/Securite-informatique-scaled.jpeg","contentUrl":"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2022\/10\/Securite-informatique-scaled.jpeg","width":2560,"height":1791,"caption":"Digital cybersecurity and network protection concept. Virtual locking mechanism to access shared resources. Interactive virtual control screen with padlock. Businessman working at laptop on background"},{"@type":"BreadcrumbList","@id":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/anssis-security-visas-what-are-they-and-which-one-is-right-for-you\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.thegreenbow.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/www.thegreenbow.com\/en\/resources\/blog-en\/"},{"@type":"ListItem","position":3,"name":"ANSSI\u2019s security visas: what are they and which one is right for you?"}]},{"@type":"WebSite","@id":"https:\/\/www.thegreenbow.com\/en\/#website","url":"https:\/\/www.thegreenbow.com\/en\/","name":"TheGreenBow","description":"","publisher":{"@id":"https:\/\/www.thegreenbow.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.thegreenbow.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.thegreenbow.com\/en\/#organization","name":"TheGreenBow","url":"https:\/\/www.thegreenbow.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.thegreenbow.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2021\/04\/Logotype@2x-min.png","contentUrl":"https:\/\/www.thegreenbow.com\/wp-content\/uploads\/2021\/04\/Logotype@2x-min.png","width":422,"height":84,"caption":"TheGreenBow"},"image":{"@id":"https:\/\/www.thegreenbow.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/thegreenbow","https:\/\/fr.linkedin.com\/company\/thegreenbow","https:\/\/www.youtube.com\/channel\/UCZKtI7_fmgFcmovgGSy8AnQ"]}]}},"_links":{"self":[{"href":"https:\/\/www.thegreenbow.com\/en\/wp-json\/wp\/v2\/resource\/13259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thegreenbow.com\/en\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.thegreenbow.com\/en\/wp-json\/wp\/v2\/types\/resource"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thegreenbow.com\/en\/wp-json\/wp\/v2\/media\/13291"}],"wp:attachment":[{"href":"https:\/\/www.thegreenbow.com\/en\/wp-json\/wp\/v2\/media?parent=13259"}],"wp:term":[{"taxonomy":"resource_category","embeddable":true,"href":"https:\/\/www.thegreenbow.com\/en\/wp-json\/wp\/v2\/resource_category?post=13259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}