In Europe, in critical sectors such as Defense and Industry, sensitive information can be classified according to specific rules. In organizations, Tixeo plays a role in the protection of classified information. How?
Classification Types
Information is deemed “classified” when its unauthorized handling or dissemination results in more or less severe consequences.
In France
Since July 1, 2021, the reform of the protection of national defense secrecy, known as IGI 1300, has established two levels of information classification:
- Secret Level The Secret level concerns information whose disclosure harms national defense and security, such as diplomatic communications or military plans.
- Very Secret Level The Very Secret level protects information whose disclosure would have “exceptionally grave” consequences for national defense and security, such as information on nuclear capabilities or intelligence operations.
Difference with “Restricted Dissemination”
Classified information is distinct from information marked “Restricted Dissemination.” The latter is not classified under IGI 1300 but still has a sensitive nature. Personnel who may access it for legitimate reasons must maintain complete discretion regarding its content.
Instruction No. 901/SGDSN/ANSSI (II 901) defines organizational and technical requirements applicable to information systems handling sensitive information.
As indicated by ANSSI in its recommendations, there are three main types of information:
- Public information (freely accessible) and usual information (hosted on systems not necessarily certified) not subject to IGI 1300 or II 901
- Sensitive information (hosted on certified sensitive systems with recommended application of II 901) and restricted dissemination (hosted on DR-certified systems with mandatory application of II 901)
- Classified information, hosted on certified systems, subject to IGI 1300
In Europe
The Council of the European Union has established strict rules for the protection of EU Classified Information (EUCI). These apply to all entities of the Council as well as to Member States, to protect EUCI against unauthorized disclosures. These rules encompass various aspects such as personnel access security, physical data security, and information management. Essential criteria are necessary to maintain the integrity of the EU’s sensitive data.
EUCI is classified into four levels:
- VERY SECRET EU,
- SECRET EU,
- CONFIDENTIAL EU,
- and RESTRICTED EU.
Each level reflects the potential impact of a leak, ranging from very severe to moderately detrimental to the interests of the EU or its Member States. This classification aids in determining the appropriate security measures to implement for each type of information.
At the NATO Level
Access to NATO’s sensitive information also meets strict security criteria. Its disclosure could harm the alliance’s forces, members, and missions.
There are three major categories of classification:
- Unclassified: for information that can be publicly disseminated
- Unclassified: for this information generally marked “NATO UNCLASSIFIED,” its use is limited to official purposes and is subject to authorization
- And classified
These are supplemented by four levels of security classification:
- NATO RESTRICTED, for information whose disclosure could harm NATO’s interests
- NATO CONFIDENTIAL, for information whose disclosure could seriously harm NATO
- NATO SECRET, for vital NATO information whose disclosure would have severe consequences
- and COSMIC TOP SECRET, for NATO’s most important information, whose disclosure would cause exceptionally grave damage.
“Unclassified” and “Restricted” are the most common classifications within NATO.
Three commitments of Tixeo for the protection of classified information
Authorized personnel can exchange classified information remotely. They therefore need a perfectly secure communication solution that meets various criteria, for the protection of classified information.
Communication Confidentiality
End-to-end encryption technology prevents the capture of audio, video, and data communication streams during an online meeting. It is essential to ensure total confidentiality of exchanges.
Tixeo offers a proprietary end-to-end encryption technology that operates from client to client. In other words, only the sender and recipient of the exchanges can decrypt the communications, regardless of the number of participants in the videoconference.
Thanks to this maximum security, Tixeo has been certified and qualified by the ANSSI for over six consecutive years.
Sovereignty of the Solution
The origin of the solution is an essential criterion to consider when choosing a secure videoconferencing tool. Indeed, unsecured data hosting can expose classified information. Most traditional videoconferencing solutions are subject to extraterritorial data protection laws: the confidentiality of exchanges is therefore never guaranteed. Such is the case with the series of extraterritorial US laws known as the Cloud Act. It enables the authorities to compel publishers located in the United States to provide data relating to electronic communications. This data can be stored on American or foreign servers.
Furthermore, the USA’s Patriot Act requires publishers of computer tools to insert backdoors into their systems, making encryption of communications impossible.
Tixeo hosts all of its cloud data in France, with sovereign operators, and fully complies with the GDPR.
Secure Software Deployment
Choosing an on-premise secure videoconferencing software meets a strong need for security, especially on certified Information Systems. The data and communication flows must have the highest level of security. This generally concerns Essential Service Operators or Operators of Vital Importance or other organisations handling sensitive and classified information.
Deployed and hosted on an organisation’s internal infrastructure, the on-premise secure videoconferencing solution limits the risks of security breaches. Opening a single network port helps limit the impacts on the Information System’s security policy.
By choosing an on-premise videoconferencing software, the organisation also limits its technological dependence on external providers and strengthens its sovereignty.
What is on-premise videoconferencing software?
Tixeo offers its secure videoconferencing solution in an on-premise version with the TixeoServer offer.
Tixeo is a partner of the Cluster Défense Sécurité firm
The Cluster Défense Sécurité firm offers tailored support and training to protect sensitive information, “Restricted Dissemination” level information, and the secret of national defense (IGI 1300) of organisations. The protection of “DR” information and supports involves a comprehensive approach. This concerns the domain of physical protection as well as logical or organisational protection. The implementation of secure communication tools is essential.
In this context, Tixeo and Cluster Défense Sécurité each bring dedicated and perfectly complementary expertise, on a technical and informational level, to assist organisations in protecting their DR and classified information.
