CNIL publishes update to security guide

For this edition, the main changes concern the following files:

  • Sheet no. 2 “Authenticating users” takes into account the new recommendation relating to passwords and other shared secrets adopted in 2022 by the CNIL. In particular, it uses the notion of password entropy to offer greater freedom in the definition of password policies and abandons the obligation to renew passwords for “classic” user accounts.
  • Sheet no. 4 “Tracing operations and managing incidents” takes into account the recommendation relating to logging adopted in 2021. It explains how to ensure traceability of access and actions in multi-user systems while finding the balance between security, surveillance and associated risks.
  • Sheet no. 12 “Supervising IT developments” has also been enriched with elements from the GDPR guide for the development team .
  • Finally, sheets no. 15 “Securing exchanges with other organisations” and no. 17 “Encrypting, hashing or signing” have been updated to take into account changes in currently recommended practices.

Other more ad hoc updates and improvements have been made to keep up with the evolution of the threat and knowledge.