{"id":8973,"date":"2016-05-11T15:52:36","date_gmt":"2016-05-11T14:52:36","guid":{"rendered":"https:\/\/www.solucominsight.fr\/?p=8973"},"modified":"2020-01-02T11:16:00","modified_gmt":"2020-01-02T10:16:00","slug":"cybersecurite-lpm-cadre-reglementaire-exigences","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/","title":{"rendered":"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ?"},"content":{"rendered":"

La mise en conformit\u00e9 \u00e0 la Loi de programmation militaire<\/strong> (LPM)\u00a0est un sujet cl\u00e9 pour les structures concern\u00e9es\u00a0: les op\u00e9rateurs d\u2019importance vitale (OIV). Tandis que les premi\u00e8res \u00e9ch\u00e9ances approchent \u00e0 grand pas, un nombre croissant d\u2019acteurs se mobilise sur ce sujet et est\u00a0\u00e0 la recherche de retours d\u2019exp\u00e9rience.<\/em><\/p>\n

Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et\u00a0r\u00e9glementaire\u00a0de la LPM<\/strong>\u00a0: quel est le p\u00e9rim\u00e8tre d\u2019application de la loi\u00a0? Quels sont les principes \u00e0 mettre en \u0153uvre\u00a0? Quid de sa compatibilit\u00e9 avec les directives europ\u00e9ennes\u00a0?<\/em><\/p>\n

Un contexte r\u00e9glementaire historique<\/h2>\n

Des LPM sont r\u00e9guli\u00e8rement vot\u00e9es en France depuis 1960. Elles permettent \u00e0 l\u2019\u00c9tat d\u2019inscrire le financement de sa strat\u00e9gie de d\u00e9fense militaire dans une logique pluriannuelle. La derni\u00e8re LPM a notamment servi de v\u00e9hicule l\u00e9gislatif pour adresser le sujet de la cybers\u00e9curit\u00e9 des OIV. Elle traduit les orientations du livre blanc sur la d\u00e9fense et la s\u00e9curit\u00e9 nationale, publi\u00e9 en avril 2013<\/strong><\/a>. En particulier, son chapitre IV<\/em><\/a> donne plus de pouvoirs au Premier ministre et \u00e0 l\u2019ANSSI en mati\u00e8re de s\u00e9curit\u00e9 et de d\u00e9fense des syst\u00e8mes d’information. Ce texte responsabilise pour la premi\u00e8re fois les OIV quant \u00e0 la s\u00e9curisation de leurs syst\u00e8mes d\u2019information d\u2019importance vitale (SIIV).<\/p>\n

La notion d\u2019op\u00e9rateur d\u2019importance vitale appara\u00eet dans l\u2019ordonnance n\u00b058-1371 du 29 d\u00e9cembre 1958<\/a>, tendant \u00e0 renforcer la protection des installations d\u2019importances vitales<\/strong>\u00a0: \u00ab Les entreprises exploitant des \u00e9tablissements ou utilisant des installations et ouvrages, dont l’indisponibilit\u00e9 risquerait de diminuer d’une fa\u00e7on importante le potentiel de guerre ou \u00e9conomique, la s\u00e9curit\u00e9 ou la capacit\u00e9 de survie de la nation, sont tenues de coop\u00e9rer \u00e0 leurs frais dans les conditions fix\u00e9es \u00e0 la pr\u00e9sente ordonnance, \u00e0 la protection desdits \u00e9tablissements, installations et ouvrages contre toute tentative de sabotage<\/em> \u00bb. La liste des op\u00e9rateurs est confidentielle.<\/p>\n

Jusqu\u2019\u00e0 la LPM, les exigences portaient exclusivement sur la protection physique des points d\u2019importance vitale<\/strong> (PIV) vis-\u00e0-vis des actes de sabotage. Depuis, les principes de s\u00e9curisation de ces PIV et les interlocuteurs mobilis\u00e9s (ministres, pr\u00e9fets, responsables de la s\u00fbret\u00e9, etc.) sont globalement rest\u00e9s les m\u00eames, tandis qu\u2019en 2006 les OIV se sont vus structur\u00e9s en douze secteurs d\u2019activit\u00e9<\/a>, via<\/em> le d\u00e9cret n\u00b0 2006-212 du 23 f\u00e9vrier 2006<\/a>. Tout cela est r\u00e9sum\u00e9 dans l\u2019instruction g\u00e9n\u00e9rale interminist\u00e9rielle relative \u00e0 la s\u00e9curit\u00e9 des activit\u00e9s d\u2019importance vitale (SAIV), l\u2019IGI n\u00b06600 du 7 janvier 2014<\/a>.<\/p>\n

On peut donc retenir que la LPM vient compl\u00e9ter le dispositif SAIV existant et d\u00e9ploy\u00e9 chez les OIV par un volet cybers\u00e9curit\u00e9<\/strong>. Elle apporte par la m\u00eame occasion son lot de nouveaux interlocuteurs, avec en t\u00eate l\u2019ANSSI et les RSSI des OIV, et n\u00e9cessite de faire \u00e9voluer un existant en place souvent depuis plusieurs dizaines d\u2019ann\u00e9es.<\/p>\n

De nombreuses exigences visant les SI d\u2019importance vitale<\/h2>\n

Les OIV ne sont directement impact\u00e9s que par l\u2019article 22 de la LPM<\/strong>, et plus pr\u00e9cis\u00e9ment par les sections du code de la d\u00e9fense qu\u2019il vient cr\u00e9er et mettre \u00e0 jour\u00a0: les articles L. 1332-6-1 \u00e0 L. 1332-7 traitant de la protection des installations d\u2019importance vitale et dispositions sp\u00e9cifiques \u00e0 la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information<\/a>.<\/p>\n

Le premier objectif est de s\u00e9curiser les SI d\u2019importance vitale, les SIIV, dont la d\u00e9finition reprend celle des OIV\u00a0: \u00ab\u00a0syst\u00e8mes pour lesquels l’atteinte \u00e0 la s\u00e9curit\u00e9 ou au fonctionnement risquerait de diminuer d’une fa\u00e7on importante le potentiel de guerre ou \u00e9conomique, la s\u00e9curit\u00e9 ou la capacit\u00e9 de survie de la Nation ou pourrait pr\u00e9senter un danger grave pour la population\u00a0\u00bb<\/em>.<\/p>\n

Plusieurs exigences sont impos\u00e9es : respect de r\u00e8gles de s\u00e9curit\u00e9 sp\u00e9cifiques, recours \u00e0 du mat\u00e9riel et des prestataires qualifi\u00e9s pour la d\u00e9tection<\/strong> des \u00e9v\u00e9nements de s\u00e9curit\u00e9, notification<\/strong> obligatoire des incidents de s\u00e9curit\u00e9, contr\u00f4les<\/strong> de s\u00e9curit\u00e9 r\u00e9guliers commandit\u00e9s par l\u2019ANSSI. Les sanctions p\u00e9nales<\/strong> applicables aux OIV lorsqu\u2019ils ne satisfont pas aux obligations pr\u00e9vues s\u2019\u00e9l\u00e8vent \u00e0 150\u00a0000 \u20ac pour le dirigeant de l\u2019OIV et \u00e0 750\u00a0000 \u20ac pour la personne morale<\/strong>.<\/p>\n

Il est important de noter que les exigences portent uniquement sur les SIIV, et non sur l\u2019ensemble du SI de l\u2019OIV. D\u2019autre part, nos retours d\u2019exp\u00e9rience sur l\u2019identification des SIIV montrent que la logique \u00ab\u00a0d\u2019importance vitale\u00a0\u00bb diff\u00e8re entre une vision de l\u2019entreprise (qui vise \u00e0 assurer sa propre survie) et celle de l\u2019\u00c9tat (qui vise \u00e0 assurer la s\u00e9curit\u00e9 des citoyens). Concr\u00e8tement, les syst\u00e8mes commerciaux assurant les ventes ou la facturation, ne sont souvent pas r\u00e9pertori\u00e9s dans la liste des SIIV.<\/p>\n

\"\"<\/figure>\n

D\u00e9crets\u00a0: r\u00e9partition des responsabilit\u00e9s, classification et qualifications<\/h2>\n

Deux d\u00e9crets ont pr\u00e9cis\u00e9 les conditions de mise en \u0153uvre de la LPM. Le premier (D\u00e9cret n\u00b0 2015-351 du 27 mars 2015<\/a>) vient pr\u00e9ciser les modalit\u00e9s pour chaque th\u00e8me abord\u00e9 par l\u2019article 22 de la LPM\u00a0et d\u00e9finit la r\u00e9partition des responsabilit\u00e9s entre les acteurs (Premier Ministre, Ministres coordinateurs, ANSSI, OIV et prestataires)<\/strong>, la classification des documents<\/strong> produits et les qualifications exig\u00e9es<\/strong>.<\/p>\n

En compl\u00e9ment, le deuxi\u00e8me (D\u00e9cret n\u00b0 2015-350 du 27 mars 2015<\/a>) concerne la qualification des produits de s\u00e9curit\u00e9 et des prestataires de service de confiance<\/strong> pour les besoins de la s\u00e9curit\u00e9 nationale. L\u2019objectif de ce d\u00e9cret est de donner aux OIV les moyens de mettre en \u0153uvre la LPM en s\u2019appuyant potentiellement sur des prestataires et produits de confiance, \u00e9valu\u00e9s de mani\u00e8re impartiale dans le cadre de processus de qualification formels. On peut notamment citer PASSI[1]<\/a> (audit), PDIS[2]<\/a> (d\u00e9tection d\u2019incident) et PRIS[3]<\/a> (r\u00e9action aux incidents).<\/p>\n

Et l\u2019Europe dans tout \u00e7a\u00a0?<\/h2>\n

L\u2019Europe, \u00e0 travers la directive Network and Information Security<\/em> (NIS)<\/a>, s\u2019inscrit dans la m\u00eame logique de protection de ses op\u00e9rateurs essentiels. Elle pose un cadre europ\u00e9en, compatible avec la LPM, que chaque pays aura la responsabilit\u00e9 de d\u00e9cliner sur son territoire<\/strong>. A ce stade et pour les OIV, il suffit donc de retenir que la LPM est finalement une transposition avant l\u2019heure de la directive europ\u00e9enne NIS<\/a><\/strong>.<\/p>\n

Prochaine \u00e9tape\u00a0: publication des r\u00e8gles \/ arr\u00eat\u00e9s sectoriels<\/h2>\n

En d\u00e9finitive, les exigences qui devront concr\u00e8tement s\u2019appliquer aux SIIV sont celles r\u00e9dig\u00e9es par l\u2019ANSSI en concertation avec les OIV depuis plus d\u2019un an maintenant. Elles verront le jour sous la forme d\u2019arr\u00eat\u00e9s sectoriels, applicables \u00e0 compter du 1er juillet 2016<\/strong>. Les actions en cours actuellement chez les OIV visent \u00e0 identifier les \u00e9carts de conformit\u00e9s et \u00e0 budg\u00e9ter les chantiers requis.<\/p>\n

Suite \u00e0 ce premier volet, un article analysant les arr\u00eat\u00e9s sectoriels a \u00e9t\u00e9 publi\u00e9<\/a>.<\/p>\n

[1]<\/a> PASSI\u00a0\u2013 Prestataire d\u2019Audit de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information\u00a0: http:\/\/www.ssi.gouv.fr\/administration\/qualifications\/prestataires-de-services-de-confiance-qualifies\/prestataires-daudit-de-la-securite-des-systemes-dinformation-passi-qualifies\/<\/a><\/p>\n

[2]<\/a> PDIS\u00a0\u2013 Prestataire de D\u00e9tection d\u2019Incidents de S\u00e9curit\u00e9\u00a0: http:\/\/www.ssi.gouv.fr\/administration\/qualifications\/prestataires-de-services-de-confiance-qualifies\/prestataires-de-detection-dincidents-de-securite-pdis\/<\/a><\/p>\n

[3]<\/a> PRIS \u2013 Prestataire de R\u00e9ponse aux Incident de S\u00e9curit\u00e9\u00a0: http:\/\/www.ssi.gouv.fr\/administration\/qualifications\/prestataires-de-services-de-confiancequalifies\/prestataires-de-reponse-aux-incidents-de-securite-pris\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

La mise en conformit\u00e9 \u00e0 la Loi de programmation militaire (LPM)\u00a0est un sujet cl\u00e9 pour les structures concern\u00e9es\u00a0: les op\u00e9rateurs d\u2019importance vitale (OIV). Tandis que les premi\u00e8res \u00e9ch\u00e9ances approchent \u00e0 grand pas, un nombre croissant d\u2019acteurs se mobilise sur ce…<\/p>\n","protected":false},"author":292,"featured_media":8951,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[1166,1157,1160,2632,1247,3326,2630],"coauthors":[1688],"class_list":["post-8973","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-anssi","tag-cyberdefense","tag-defense-nationale","tag-lpm","tag-oiv","tag-sectoral-regulations","tag-siiv"],"acf":[],"yoast_head":"\nCybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ? - RiskInsight<\/title>\n<meta name=\"description\" content=\"La mise en conformit\u00e9 \u00e0 la Loi de Programmation Militaire (LPM) est un sujet cl\u00e9 pour les structures concern\u00e9es : les Op\u00e9rateurs d\u2019Importance Vitale (OIV). Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et r\u00e8glementaire de la LPM.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ? - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"La mise en conformit\u00e9 \u00e0 la Loi de Programmation Militaire (LPM) est un sujet cl\u00e9 pour les structures concern\u00e9es : les Op\u00e9rateurs d\u2019Importance Vitale (OIV). Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et r\u00e8glementaire de la LPM.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-11T14:52:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T10:16:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"3tienneC@pgras\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"3tienneC@pgras\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\"},\"author\":{\"name\":\"3tienneC@pgras\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8e30defbba7df387b82d5658d500bf70\"},\"headline\":\"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ?\",\"datePublished\":\"2016-05-11T14:52:36+00:00\",\"dateModified\":\"2020-01-02T10:16:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\"},\"wordCount\":1253,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg\",\"keywords\":[\"ANSSI\",\"cyberd\u00e9fense\",\"d\u00e9fense nationale\",\"LPM\",\"OIV\",\"sectoral regulations\",\"SIIV\"],\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\",\"name\":\"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ? - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg\",\"datePublished\":\"2016-05-11T14:52:36+00:00\",\"dateModified\":\"2020-01-02T10:16:00+00:00\",\"description\":\"La mise en conformit\u00e9 \u00e0 la Loi de Programmation Militaire (LPM) est un sujet cl\u00e9 pour les structures concern\u00e9es : les Op\u00e9rateurs d\u2019Importance Vitale (OIV). Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et r\u00e8glementaire de la LPM.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378,\"caption\":\"Mise en conformit\u00e9 avec les cadres l\u00e9gislatif et r\u00e9glementaire\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8e30defbba7df387b82d5658d500bf70\",\"name\":\"3tienneC@pgras\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/3tiennecpgras\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ? - RiskInsight","description":"La mise en conformit\u00e9 \u00e0 la Loi de Programmation Militaire (LPM) est un sujet cl\u00e9 pour les structures concern\u00e9es : les Op\u00e9rateurs d\u2019Importance Vitale (OIV). Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et r\u00e8glementaire de la LPM.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/","og_locale":"en_US","og_type":"article","og_title":"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ? - RiskInsight","og_description":"La mise en conformit\u00e9 \u00e0 la Loi de Programmation Militaire (LPM) est un sujet cl\u00e9 pour les structures concern\u00e9es : les Op\u00e9rateurs d\u2019Importance Vitale (OIV). Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et r\u00e8glementaire de la LPM.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/","og_site_name":"RiskInsight","article_published_time":"2016-05-11T14:52:36+00:00","article_modified_time":"2020-01-02T10:16:00+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"3tienneC@pgras","twitter_misc":{"Written by":"3tienneC@pgras","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/"},"author":{"name":"3tienneC@pgras","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8e30defbba7df387b82d5658d500bf70"},"headline":"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ?","datePublished":"2016-05-11T14:52:36+00:00","dateModified":"2020-01-02T10:16:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/"},"wordCount":1253,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg","keywords":["ANSSI","cyberd\u00e9fense","d\u00e9fense nationale","LPM","OIV","sectoral regulations","SIIV"],"articleSection":["Cybersecurity & Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/","url":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/","name":"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ? - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg","datePublished":"2016-05-11T14:52:36+00:00","dateModified":"2020-01-02T10:16:00+00:00","description":"La mise en conformit\u00e9 \u00e0 la Loi de Programmation Militaire (LPM) est un sujet cl\u00e9 pour les structures concern\u00e9es : les Op\u00e9rateurs d\u2019Importance Vitale (OIV). Ce premier article vise, en respectant le secret de la d\u00e9fense nationale, \u00e0 r\u00e9sumer le cadre l\u00e9gislatif et r\u00e8glementaire de la LPM.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2016\/05\/Fotolia_79955475_Subscription_Monthly_M.jpg","width":1378,"height":1378,"caption":"Mise en conformit\u00e9 avec les cadres l\u00e9gislatif et r\u00e9glementaire"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/05\/cybersecurite-lpm-cadre-reglementaire-exigences\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybers\u00e9curit\u00e9 et Loi de programmation militaire : quel cadre r\u00e9glementaire pour quelles exigences ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8e30defbba7df387b82d5658d500bf70","name":"3tienneC@pgras","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/3tiennecpgras\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/292"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=8973"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8973\/revisions"}],"predecessor-version":[{"id":12512,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8973\/revisions\/12512"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8951"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=8973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=8973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=8973"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=8973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}