Back to Catalog
Defense-Anssi-Auditor icon

Defense-Anssi-Auditor

Verified

by Dryade

enterprise general
0.0 (0 ratings) 0 downloads
Subscribe & Install

Requires enterprise tier subscription

Description

ANSSI compliance auditing for defense organizations - maps security documentation against RGS, II 901, and IGI 1300 frameworks

Screenshots

Details

defense-anssi-auditor

Tier: Enterprise | Type: Agent | Category: Compliance | Version: 1.0.0

AI-powered ANSSI compliance auditor that maps organizational security documentation against RGS, II 901, and IGI 1300 frameworks. Reduces audit preparation from months to weeks by automating requirement mapping and gap analysis.

1. Overview

Plugin Name: defense-anssi-auditor Slug: defense-anssi-auditor Required Tier: Enterprise Plugin Type: Agent Category: Compliance Author: Dryade License: DSUL

What It Does

Analyzes organizational security documentation (PSSI, network architecture, procedures) and maps findings against ANSSI frameworks (RGS, II 901, IGI 1300). Produces structured compliance matrices showing status per requirement, evidence references, and prioritized gap analyses.

Key Capabilities

  • RGS compliance audit with 26+ requirement mappings across 8 security domains
  • PSSI document completeness analysis against ANSSI best practices
  • II 901 compliance checking for classified information systems
  • Compliance matrix generation with evidence tracking
  • Prioritized gap analysis with remediation recommendations
  • Formal audit report generation with French defense terminology

2. User Stories

Primary User Stories

US-1: Annual ANSSI Audit Preparation

As a RSSI, I want to map my security documentation against RGS requirements so that I can identify compliance gaps before the annual ANSSI audit.

Acceptance Criteria:

  • [x] All 26 RGS requirements are checked against the documentation
  • [x] Compliance status (conforme/non-conforme) is determined per requirement
  • [x] A prioritized gap list with remediation recommendations is generated

US-2: PSSI Completeness Review

As a security officer, I want to verify my PSSI covers all required sections so that I can ensure compliance with ANSSI guidelines.

Acceptance Criteria:

  • [x] All 10 required PSSI sections are checked
  • [x] An alignment score is calculated
  • [x] Missing sections are identified with recommendations

Edge Cases

  • Empty document: Returns 0% compliance with all requirements marked as non-conforme
  • Non-security document: Low match rate, suggestions to provide appropriate documentation

3. Architecture

Component Diagram

+------------------+     +------------------+     +------------------+
|   Orchestrator   | --> |  ANSSI Auditor   | --> |  Data Provider   |
|  (agent tools)   |     |  plugin.py       |     |  (mock / real)   |
+------------------+     +------------------+     +------------------+
                                |
                          +-----v------+
                          |  Demo Data |
                          |  data/*.json|
                          +------------+

Components

| Component | File | Responsibility | |-----------|------|----------------| | Plugin | plugin.py | Agent tools, RGS/II 901 audit logic | | Data | data/ | RGS requirements, II 901 articles, PSSI sections, samples |

Dependencies

  • Internal: core.plugins.EnterprisePluginProtocol, core.plugin_config_store.PluginConfigStore
  • External: None (standard library only)
  • Plugin: None

4. Agent Capabilities

Agent Tools

| Tool Name | Input | Output | Description | |-----------|-------|--------|-------------| | audit_rgs_compliance | document_content: str | JSON compliance findings | Audit document against RGS requirements | | analyze_pssi | pssi_content: str | JSON analysis with score | Analyze PSSI completeness | | check_ii901_compliance | system_description: str | JSON compliance status | Check II 901 compliance | | generate_compliance_matrix | organization_name: str | JSON compliance matrix | Generate full compliance matrix | | identify_gaps | audit_results: str | JSON prioritized gaps | Identify and prioritize compliance gaps | | generate_audit_report | organization_name: str, scope: str | JSON audit report | Generate formal audit report |

5. Data Flow

Processing Pipeline

  1. User provides security documentation text to the orchestrator
  2. Orchestrator routes to appropriate audit tool (RGS, II 901, PSSI)
  3. Plugin loads framework requirements from data directory
  4. Content is analyzed against requirements via keyword matching (mock) or NLP (real)
  5. Structured compliance results returned to orchestrator

Data Sources

| Source | Type | Format | Update Frequency | |--------|------|--------|-----------------| | RGS requirements | mock | JSON | Static (v1.0) | | II 901 articles | mock | JSON | Static (v1.0) | | PSSI sections | mock | JSON | Static (v1.0) |

Demo Data Description

  • rgs_requirements.json: 26 RGS requirements across 8 security domains
  • ii901_articles.json: 10 key II 901 articles for classified systems
  • pssi_sections.json: 10 required PSSI sections with keywords
  • sample_pssi.json: Fictional PSSI document for organization AERODEF
  • sample_network_architecture.json: Fictional network architecture with 5 security zones

Total: 5 demo files covering ANSSI compliance frameworks.

6. Security Considerations

Data Handling

  • PII: No - analyzes security documentation, not personal data
  • Encryption: N/A - on-premise only, no data transmission
  • Data Retention: Plugin does not persist data beyond the session

External API Keys

None required. Fully self-contained for on-premise deployment.

Isolation

  • Plugin runs in sandboxed context via core plugin loader
  • No direct database access -- uses core plugin config API only
  • Designed for air-gapped network deployment
  • No external network calls in mock mode

7. Test Plan

Test Classes

| Class | Tests | Coverage Target | |-------|-------|----------------| | TestPluginAttributes | 8 tests | Manifest consistency | | TestPluginConfig | 2 tests | Mock/real toggle | | TestDemoData | 7 tests | Data presence and structure | | TestAnssiAudit | 7 tests | Core audit functionality |

Running Tests

cd dryade-plugins
python -m pytest enterprise/defense-anssi-auditor/tests/ -x -v --tb=short

8. Deployment Notes

Requirements

No external packages required. Uses Python standard library only.

Configuration

{
    "data_source": "mock"
}

Set data_source to "real" for production NLP analysis (when available).

Compatibility

  • Min Dryade Version: 1.0.0
  • Python: >=3.11
  • Notes: On-premise deployment only. No cloud dependencies.

9. User Guide

Getting Started

  1. Ensure your Dryade instance has an Enterprise tier license
  2. Install the plugin via the marketplace or dryade-pm push
  3. Ask the AI assistant to "audit my security documentation against ANSSI RGS"
  4. Provide your security documentation when prompted

Common Workflows

Workflow 1: RGS Compliance Audit

  1. Provide security documentation text
  2. Ask: "Audit this against RGS requirements"
  3. Review findings and gap analysis

Workflow 2: PSSI Review

  1. Provide PSSI document content
  2. Ask: "Analyze my PSSI for completeness"
  3. Review alignment score and missing sections

10. Screenshots

Screenshots will be added after UI integration.

11. Changelog

1.0.0 (2026-03-05)

  • Initial release
  • RGS requirement mapping engine (26 requirements, 8 domains)
  • PSSI completeness analysis (10 sections)
  • II 901 compliance checking (10 articles)
  • Compliance matrix generation
  • Gap analysis with prioritization
  • Formal audit report generation
  • Demo data with fictional organization AERODEF

Future Roadmap

  • [ ] NLP-powered content analysis for real mode
  • [ ] PDF document ingestion
  • [ ] SecNumCloud compliance module
  • [ ] EBIOS RM risk analysis integration

Plugin Info

Version 1.0.0
Author Dryade
Tier enterprise
Category general
Type backend
Downloads 0
Updated Mar 15, 2026

Tags

enterprisedefense-anssi-auditor