Version 3.2 of the SecNumCloud repository introduces a number of important new features and creates the conditions for accelerating the transformation to a trusted digital environment.
Created in 2016 by ANSSI, the SecNumCloud standard was overhauled in 2022: version 3.2 introduces guarantees of legal security, in the form of protection requirements with regard to non-European legislation. This is the famous Article 19.6, which is essentially designed to protect European data from possible interference by the American secret services.
| What's new? | What impact will this have? |
|---|---|
| Immunity from the law extra-territorial | Players whose head office is not located within the European Union or who are capitalistically dependent on non-European players are no longer eligible for qualification. |
| Principle of composition | Software publishers can streamline their qualification process by focusing solely on the compliance of their software, provided that it is hosted on an infrastructure that has already been SecNumCloud-qualified. This simplifies the qualification process and significantly reduces the associated costs. |
| Integration of offers CaaS and PaaS | The standard clarifies the scope for qualifying cloud offerings, which now include Container-as-a-Service and Platform-as-a-Service solutions. |
"SecNumCloud version 3.2 meets the highest security standards in Europe. Its rigour in terms of data protection is unrivalled. By covering the functional, organisational and legal risks of the cloud, it offers a holistic approach to security."
The ANSSI is publishing the full list of SecNumCloud-qualified cloud services on its website.
https://cyber.gouv.fr/produits-services-qualifies