{"id":10951,"date":"2018-07-09T11:09:51","date_gmt":"2018-07-09T10:09:51","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=10951\/"},"modified":"2020-01-03T11:59:21","modified_gmt":"2020-01-03T10:59:21","slug":"security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/","title":{"rendered":"Security certification: the key to complying with the french military programming Law (MPL)"},"content":{"rendered":"<h2>Security certification, taking a risk-bases approach to ISS<strong><br \/>\n<\/strong><\/h2>\n<p>Under the French Military Programming Act (MPL), certification is a mandatory procedure that applies to Vitally Important Operators (VOI). It helps to manage the issues and security levels for all<strong> Vitally Important Information Systems (VIIS)<\/strong><\/p>\n<p>Certification is a core issue to the MPL compliance strategy, because it provides <strong>a concrete and operational means of breaking down the MPL\u2019s requirements<\/strong> while reducing security risks.<\/p>\n<p>ANSSI\u2014The French National Cybersecurity Agency\u2014has produced a guide that describes the key steps in certification. These steps are:<\/p>\n<ul>\n<li>Defining a certification strategy (a scoping document describing how to achieve certification)<\/li>\n<li>Performing a risk analysis on a VIIS<\/li>\n<li>Conducting a certification audit<\/li>\n<li>The certification decision<\/li>\n<li>Post-certification monitoring<\/li>\n<\/ul>\n<p><strong>The approval decision must be made by the Certification Authority (CA), <\/strong>which is the legal entity responsible for certifying VIIS. It is assisted by the Certification Commission, an internal group of experts responsible for doing the preparatory work for the certification decision.<\/p>\n<p>The information required to make the decision is compiled in the certification file. This allows the Certification Commission to attest to the level of security and accept the residual risks. Ultimately then, it is the Certification Commission that attests to the fact that the risks are being properly managed.<\/p>\n<h2>An approach to quickly assess existing VIIS<strong><br \/>\n<\/strong><\/h2>\n<h3>Retro-certification: how to certify VIIS already in production<\/h3>\n<p>For existing VIIS, the certification model is different, although the objectives remain the same. An assessment of existing VIIS is the starting point for certification, and performing <strong>a dry-run audit (or using a previous audit report)<\/strong> serves to speed up the gathering of information and the identification of risks.<\/p>\n<p>Conversely, the security measures have to be applied to a history that can be challenging to transpose. <strong>Compensatory measures<\/strong> therefore have to be identified, prioritized, and implemented.<\/p>\n<p>This retrospective certification, or retro-certification, must enable <strong>the business to consider the risks in an exhaustive fashion, and prioritize the actions,<\/strong> in order to reduce them to an acceptable level by making the necessary investments.<\/p>\n<p>While it\u2019s important to design the certification process such that it has the capacity to process future VIIS, <strong>it is mostly for existing VIIS that VOI are actually busy with,<\/strong> and retro-certification is, therefore, a priority.<\/p>\n<h3>Adopting a test &amp; learn approach<\/h3>\n<p>In order to define and deploy a certification procedure within the framework of the MPL, VOI can <strong>define an initial pilot stage<\/strong> to test and refine the process before using it\u2014at full scale\u2014on a VIIS.<\/p>\n<p>The objective of this pilot phase is to <strong>compare the methodology and the reality on the field<\/strong>, with the aim of validating the approach and the steps defined (procedures, people who need to be involved, etc.). Taking such approach highlights areas of difficulty (related to IS administration, partitioning, patch management, etc.), and enables <strong>a concrete and achievable remediation plan <\/strong>to be put together.<\/p>\n<p>The choice of pilot VIIS is essential in<strong> anticipating the problems that will be encountered.<\/strong>\u00a0It makes sense to choose a pilot VIIS that is representative of all the other VIIS (typical size, limited interactions, etc.).<\/p>\n<h3>Demonstrating the security level generated by the MPL<\/h3>\n<p>Among the various work streams and projects triggered by the MPL, it\u2019s the certification program that enables <strong>security to be strengthened effectively<\/strong>. This can be achieved not just by <strong>highlighting<\/strong> security at high level both internally (with senior management and those with accountability for certification) and externally (with ANSSI and the government), but also by <strong>quantifying the degree of risk reduction<\/strong> required (through risk analysis) and achieved (through audit).<\/p>\n<p>Achieving certification enables <strong>actual risks to be communicated<\/strong>, and <strong>the players involved<\/strong> to be made responsible and aware (particularly senior management\u2014as a result of interactions with those accountable for certification).<\/p>\n<p>All the activities undertaken for MPL compliance are compiled in a <strong>certification file,<\/strong> which gives them a practical reality. This includes observations about security, obstacles encountered, and an overview of the complexity involved in compliance.<\/p>\n<p>The certification file must be made <strong>available to ANSSI.<\/strong>\u00a0The file represents a showcase for ANSSI with respect to the VOI&#8217;s compliance with the MPL\u2014and it pays not to cut corners! The VOI must demonstrate the gains made in security and the clear validation of the theoretical responses to compliance.<\/p>\n<h2>Maintaining a high level of security over time<strong><br \/>\n<\/strong><\/h2>\n<h3>Creating a certification mindset<\/h3>\n<p>Certification doesn\u2019t end when the certification decision has been made and the system put into production. This only marks the start of the risk-management process. It\u2019s then a question of maintaining momentum, increasing visibility, and ensuring the ongoing management of security. Certification must be renewed at least <strong>every three years,<\/strong> or during <strong>periods of major change to the VIIS, something that forces a reconsideration of whether the VIIS is actually secure<\/strong> in the way described in the risk analysis.<\/p>\n<p>Therefore, for an existing VIIS, a process needs to be set up to monitor and identify security-related changes to it. This must be carried out in the context of an organizational structure, for example with <strong>a named person holding the responsibility to identify and assess any changes.<\/strong>\u00a0This person, can, in particular, establish a <strong>list of key events<\/strong>, for example: changes to the level of exposure of the VIIS, the arrival of new Service Providers, functional developments in the VIIS, or modifications to infrastructure or operational management); these will provide a basis for assessing any requirements for the system to be overhauled.<\/p>\n<p>The establishment of a certification governance committee ensures <strong>a degree of momentum in the certification process.<\/strong>\u00a0Updating the methodology for integrating security into projects enables new projects to be taken into account, risk management to be applied from the beginning, and advance preparation for VIIS compliance.<\/p>\n<h3>Providing a clear and understandable framework for application owners<\/h3>\n<p>Application owners are key players in maintaining security and certification over time. This is not just because they have a good overview of their VIIS, but also because they are aware of developments to it. If their attitude is one of fear of the MPL, this can lead to a poor approach to security. Conversely, a <strong>good understanding of MPL issues<\/strong>, certification, and continuous improvement, can enhance VIIS security.<\/p>\n<p>Special attention should be paid to <strong>supporting application owners, and raising their awareness about security<\/strong> in general, and the certification process in particular. To achieve a win-win approach, and improve security over time, you must bring application owners together and get their buy-in.<\/p>\n<h2>Security certification: an approach that enhances risk management over time<strong><br \/>\n<\/strong><\/h2>\n<p>Beyond essential regulatory requirements, the MPL has to be seen as a catalyst that can <strong>enhance risk management within a VOI:<\/strong> from operational level, through application owners, right up to the senior management.<\/p>\n<p>After taking the first step of overhauling and implementing risk-reduction measures on an existing VIIS, certification ensures that levels of security are maintained right across it. Given this, it\u2019s vital that <strong>the players involved remain engaged over time<\/strong> to ensure that the initial momentum is maintained.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security certification, taking a risk-bases approach to ISS Under the French Military Programming Act (MPL), certification is a mandatory procedure that applies to Vitally Important Operators (VOI). It helps to manage the issues and security levels for all Vitally Important&#8230;<\/p>\n","protected":false},"author":1286,"featured_media":10322,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3271],"tags":[3341,3450,3343,2999,2796,2994,2997,2998],"coauthors":[2847,1688],"class_list":["post-10951","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance-en","tag-anssi-en","tag-audit-en","tag-certification-en","tag-mpl","tag-risk","tag-risk-analysis","tag-viis","tag-voi"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The security certification, at the heart of MPL compliance - Risk Insight<\/title>\n<meta name=\"description\" content=\"The security certification is a process at the heart of getting to French Military Programming Act compliance. How to succeed the security certification?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The security certification, at the heart of MPL compliance - Risk Insight\" \/>\n<meta property=\"og:description\" content=\"The security certification is a process at the heart of getting to French Military Programming Act compliance. How to succeed the security certification?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-09T10:09:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-03T10:59:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"3tienneC@pgras\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"3tienneC@pgras\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\"},\"author\":{\"name\":\"Fr@Nc0isLuqu3t\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/296d1c8fba8c3ae1fe996840fbc6761f\"},\"headline\":\"Security certification: the key to complying with the french military programming Law (MPL)\",\"datePublished\":\"2018-07-09T10:09:51+00:00\",\"dateModified\":\"2020-01-03T10:59:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\"},\"wordCount\":1177,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg\",\"keywords\":[\"ANSSI\",\"audit\",\"certification\",\"MPL\",\"risk\",\"risk analysis\",\"VIIS\",\"VOI\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\",\"name\":\"The security certification, at the heart of MPL compliance - Risk Insight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg\",\"datePublished\":\"2018-07-09T10:09:51+00:00\",\"dateModified\":\"2020-01-03T10:59:21+00:00\",\"description\":\"The security certification is a process at the heart of getting to French Military Programming Act compliance. How to succeed the security certification?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security certification: the key to complying with the french military programming Law (MPL)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/296d1c8fba8c3ae1fe996840fbc6761f\",\"name\":\"Fr@Nc0isLuqu3t\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/frnc0isluqu3t\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The security certification, at the heart of MPL compliance - Risk Insight","description":"The security certification is a process at the heart of getting to French Military Programming Act compliance. How to succeed the security certification?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/","og_locale":"en_US","og_type":"article","og_title":"The security certification, at the heart of MPL compliance - Risk Insight","og_description":"The security certification is a process at the heart of getting to French Military Programming Act compliance. How to succeed the security certification?","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/","og_site_name":"RiskInsight","article_published_time":"2018-07-09T10:09:51+00:00","article_modified_time":"2020-01-03T10:59:21+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"3tienneC@pgras","twitter_misc":{"Written by":"3tienneC@pgras","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/"},"author":{"name":"Fr@Nc0isLuqu3t","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/296d1c8fba8c3ae1fe996840fbc6761f"},"headline":"Security certification: the key to complying with the french military programming Law (MPL)","datePublished":"2018-07-09T10:09:51+00:00","dateModified":"2020-01-03T10:59:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/"},"wordCount":1177,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg","keywords":["ANSSI","audit","certification","MPL","risk","risk analysis","VIIS","VOI"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/","name":"The security certification, at the heart of MPL compliance - Risk Insight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg","datePublished":"2018-07-09T10:09:51+00:00","dateModified":"2020-01-03T10:59:21+00:00","description":"The security certification is a process at the heart of getting to French Military Programming Act compliance. How to succeed the security certification?","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/01\/Fotolia_72331203_Subscription_Monthly_M.jpg","width":1378,"height":1378},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/07\/security-certification-the-key-to-complying-with-the-french-military-programming-law-mpl\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Security certification: the key to complying with the french military programming Law (MPL)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/296d1c8fba8c3ae1fe996840fbc6761f","name":"Fr@Nc0isLuqu3t","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/frnc0isluqu3t\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1286"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=10951"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10951\/revisions"}],"predecessor-version":[{"id":10979,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10951\/revisions\/10979"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/10322"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=10951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=10951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=10951"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=10951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}