""

Security Incident Response Service Provider: focus on PRIS qualification

Top News06/11/2024
LSTI is recognized by ANSSI to evaluate security incident response service providers (PRIS). LSTI was very active during the experimental phase with ANSSI, and assessed the majority of candidate service providers. But what is the PRIS qualification, and who can obtain it?

What is PRIS qualification?

The PRIS requirements repository is made up of various rules and requirements that service providers must apply if they wish to obtain this qualification. It covers incident response, as well as the provider's staff and the running of its services.

In addition, it identifies and promotes companies capable of ensuring the level of response to security incidents required by the French Military Planning Law (LPM) for 2019-2025, which makes obtaining the PRIS qualification demanding.

As with other ANSSI qualifications, the PRIS qualification process is made up of various milestones to gauge the candidate's level of expertise. The final stage of the assessment consists of carrying out a test service in real-life conditions, to validate the procedures and their application.

Who is eligible for this qualification?

This qualification is intended for service providers offering incident response services, either on their own behalf or on behalf of their customers. CERTs (Computer Emergency Response Teams) are typical candidates for this certification, particularly if they wish to support OIVs or OSEs.

They can be qualified in the following activities: technical management, system analysis, network analysis and malicious code analysis.

To obtain this qualification, candidates must meet the 213 requirements, 153 checkpoints and 66 documentary proofs listed in the PRIS standards.

Obtaining this qualification guarantees the technical, organizational and security level of an organization in terms of incident response. This certification is important for identifying reliable service providers and reinforcing community security.

LSTI's methodical approach to the qualification process for service providers, as defined by ANSSI, and its clear understanding of the requirements of the PRIS (ANSSI) guidelines were invaluable in the qualification process for CSIRT LEXFO.

While demonstrating great impartiality, the availability, responsiveness and adaptability of LSTI's experts were much appreciated by LEXFO's incident response team, who were able to meet the requirements of the qualification process in a calm and constructive atmosphere.

LSTI's administrative team was also extremely responsive in managing our file, saving us precious time in the qualification process.

Sébastien Chaudron
Director, CSIRT LEXFO

How does the qualification process work?

The requirements are verified by an on-site audit and the passing of written and oral exams by the service provider's staff.

Qualification attests to the candidate service provider's compliance with :

  • Requirements relating to the incident response provider (Protection of information at the Restricted Diffusion level),
  • The requirements for incident response services,
  • The competence of its analysts for qualified activities.

This certification is issued for a period of three years, on the basis of an inspection report, subject to a surveillance audit 18 months after initial certification or renewal. Examination results are also valid for three years.

More information on our dedicated page.

Contactez-nous

Discover our news