What is the RGS, General Security Reference ?
15 June 2023
15 June 2023
The General Security Reference, or RGS, provides a framework for security in electronic administration, or e-administration. Applying these rules means that individuals and businesses alike can exchange information electronically with the administrations’ online services in complete confidence and security (thanks to processes set up internally or through an EDI partner).
In this article, we look at the objectives, the different levels of security and the implications for the implementation of secure electronic exchanges between users and public authorities.
This is a guide to rules and best practices for information systems security.
According to ANSII (Agence Nationale de la Sécurité des Systèmes d’Information), the body that drafted the RGS : “The general security reference framework (RGS) is the regulatory framework for establishing confidence in exchanges within the administration and with citizens”.
The RGS is kept up to date by ANSII. Its first version, published in 2010, was considered useful but complex to understand and implement. It was replaced by the more accessible V2 version published in July 2014. This second version has, among other things, added a chapter on the qualification of information systems security audit providers.
Its main objective is to establish confidence in e-administration, to enable its deployment.
The main mission of the RGS is to set out the security rules and best practices with which public administration information systems must comply, in order to :
The RGS is aimed at :
More generally, the RGS is aimed at any public or private organization seeking to organize the security management of its information systems and electronic exchanges. The RGS is therefore a guide to best practices.
Decree no. 2010-112 of February 2, 2010 makes RGS certification mandatory for all government agencies that exchange electronic information with the public or with government departments.
The aim is to provide a global vision for identifying threats, analyzing risks and defining an action plan.
The RGS offers three levels of electronic certificates: basic RGS*, standard RGS** and reinforced RGS***. These are based on the four pillars of IT security: authentication, electronic signature, confidentiality and time-stamping.
This first level of authentication is awarded on application. Once the application has been validated, the RGS* certificate enables users to authenticate themselves on public platforms, time-stamp and sign documents.
This certificate enables documents to be sent in a tamper-proof electronic envelope, certifying the authenticity of the sender. It is an application downloaded onto the user’s terminal, but can also be delivered on a cryptographic USB key.
The RGS** certificate is issued exclusively on a hand-delivered cryptographic USB key. It enables time stamping, signing and access to specific portals such as :
This certificate is linked to an individual.
All documents used to prepare the RGS*** certificate application must be signed by hand and sent by post. They are rigorously checked before the certificate is issued.
The USB key containing the electronic signature is strictly personal. It may only be used on the owner’s computer.
It is accepted that the RGS** and RGS*** levels correspond respectively to the advanced and qualified signatures defined by the eIDAS regulation.
The equivalent of RGS at European level is the eIDAS regulation, Electronic Identification Authentication and trust Services, which has applied since July 2014.
The fres administrations accept authentication and signature means that do not comply with RGS if they meet the specifications of the eIDAS regulation.
In fact, dual RGS and eIDAS certification is strongly recommended. However, work is underway on a V3 version of the RGS to simplify the compatibility of RGS rules with eIDAS rules.
Tenor has been an expert in data flow exchanges for over 30 years, supporting you in your EDI, EAI and e-invoicing projects. Contact our experts and let’s see how we can help you perform even better.