ANSSI has just published ReCyF, the French Cyber Framework. This new set of security measures is the cornerstone of NIS 2 compliance for the thousands of French entities concerned by the directive. A few days later, the framework was already integrated into Make IT Safe. Here is what ReCyF concretely changes for CISOs and DPOs.
What ANSSI announced on 17 March
The agency brought together at Campus Cyber the professional federations, elected-officials associations and cybersecurity stakeholders around a clear goal: launch the large-scale security drive supported by NIS 2.
At this event, three major resources were made public:
- ReCyF (Référentiel Cyber France), released as a working document. It lists the measures recommended by ANSSI to meet the security objectives set by NIS 2 and is structured around four maturity levels. This principle of proportionality is essential: the level of effort expected adapts to each entity’s resources and maturity.
- The ReCyF / ISO 27001 mapping, a valuable resource for any organisation already certified or going through certification, letting them measure how much of the new requirements they already cover.
- A framework comparison tool that maps ReCyF against other standards and regulations (sector-specific, national, European, international). A concrete lever for entities that have already started security work and want to adopt the new framework without starting from scratch.
ANSSI also reminded that the pre-registration service is open for companies. A voluntary step, but a recommended one to anticipate the registration that will be required when the regulation comes into force. A framework of basic measures will also be published soon on MesServicesCyber.
Why ReCyF is a turning point for NIS 2 compliance
Until now, French entities were navigating a grey area. With the legislative and regulatory transposition of NIS 2 not finalised, CISOs and DPOs had to rely on working documents, draft “acceptable means of compliance” and extrapolations from ISO 27001.
ReCyF changes the game. Even released as a working document, it provides, for the first time, a structuring framework validated by ANSSI, with concrete measures split across four levels. This is no longer speculation: it is a framework to build your roadmap on.
For organisations already committed to an ISMS or ISO 27001 certification, the mapping provided by ANSSI quickly surfaces the gaps to close. For less mature entities, the upcoming basic-measures framework will point to the priority actions that deliver high impact for low effort.
Quickly integrated into Make IT Safe
As soon as ANSSI’s announcement landed, our teams mobilised to analyse the framework and bring it into the platform. ReCyF is already available in Make IT Safe.
Our users can now assess their compliance posture against the ReCyF measures, level by level. They can also identify gaps between their existing coverage (ISO 27001, DORA, GDPR, etc.) and the new framework’s requirements, prioritise remediation through the integrated action-plan management, and steer maturity across the four ANSSI levels with real-time tracking of their compliance KPIs.
This reflects a constant commitment: follow regulatory evolutions closely so our customers always have an up-to-date tool.
Do not wait for the final version before acting
One important point: ReCyF is a working document. It will probably evolve after the ongoing consultations and legislative work. That is no reason to wait.
Entities that start today, building their security programme on ReCyF, are getting ahead. The measures they put in place will stay relevant whatever the final framework looks like, because they aim at an objective that will not change: protecting organisations from mass cybercriminal threats.
ANSSI itself encourages this mindset. The message on 17 March was clear: do not wait for the regulation to act.
Take action with Make IT Safe
You now have the cards in hand. ReCyF gives you a direction. Make IT Safe gives you the tool to follow it.
Already a Make IT Safe customer? Contact your CSM to activate the ReCyF framework in your workspace. New to the platform? Get in touch and let’s talk.
