Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
\u{1F1F2}\u{1F1E6}DNSSIMandatory

DNSSI v2.0 Compliance, Automated

National Directive for Information Systems Security v2.0. Automate gap analysis, evidence collection, and continuous monitoring with Zaxyr's AI-powered compliance platform.

Controls
112 controls
Authority
DGSSI (Direction Generale de la Sécurité des Systemes d'Information)
Effective
2023 (v2.0)
Overview

What is DNSSI v2.0?

DNSSI v2.0 (National Directive for Information Systems Security) is the reference cybersecurity framework in Morocco, published by the DGSSI under the authority of the Strategic Committee for Information Systems Security. This directive defines the minimum security requirements that public administrations, Operators of Vital Importance (OIV), and Operators of Essential Services (OSE) must implement.

Version 2.0 significantly strengthens the requirements compared to the initial version, with 112 controls covering governance, risk management, asset protection, incident detection, crisis response, and business continuity. It falls within the scope of Law 05-20 on cybersecurity, which gives legal force to the directive's requirements and provides for penalties in case of non-compliance.

Accreditation of information systems is a central process of the DNSSI: each system must undergo a security assessment, a risk treatment plan, and a formal accreditation decision by the competent authority. The directive also provides for regular audits, crisis management exercises, and mandatory reporting of security incidents to maCERT (the Moroccan center for monitoring, detection, and response to IT incidents).

Official source: DGSSI (Direction Generale de la Sécurité des Systemes d'Information)

Who must comply

  • Moroccan public administrations and public institutions
  • Operators of Vital Importance (OIV) designated by the ANRT
  • Operators of Essential Services (OSE) within the meaning of Law 05-20
  • Critical infrastructure (energy, telecoms, finance, health, transport)
  • Subcontractors and IT service providers of the targeted entities
  • Organizations seeking accreditation of their information systems

Key Requirements

  • Governance: IS security policy, security organization, ISS steering committee
  • Risk management: formal risk analysis, treatment plan, periodic review
  • Human resources security: awareness, training, confidentiality clauses
  • Asset management: inventory, classification, acceptable use rules
  • Access control: access policy, identity management, strong authentication
  • Cryptography: encryption policy, key management, protection of sensitive data
  • Operations security: operating procedures, change management, backup
  • Communications security: network segmentation, secure transfers, monitoring
  • Incident management: detection, reporting to maCERT, response and lessons learned
  • Accreditation: security assessment, accreditation decision, maintenance of security conditions
Non-Compliance Risk

The Cost of Inaction

Maximum Penalty

Fines of MAD 100,000 to 1,000,000 and prison sentences of 1 to 5 years (Law 05-20)

Beyond financial penalties, non-compliance can result in reputational damage, loss of business licenses, and personal liability for executives.

Platform Capabilities

How Zaxyr Automates Compliance DNSSI

Automated gap analysis across all 112 DNSSI v2.0 controls with maturity scoring and prioritized remediation roadmap

Native support for the DNSSI framework in French and Arabic, including the specific requirements of Law 05-20

Continuous evidence collection from your infrastructure (SIEM, AD, firewall, cloud) with timestamped audit trail

ISS steering dashboards aligned with the expectations of the DGSSI and the steering committee

Accreditation module: security assessment, accreditation decision, and tracking of maintenance of security conditions

Automatic ISO 27001 to DNSSI mapping: leverage your existing ISO controls to accelerate national compliance

Frequently Asked Questions

DNSSI Compliance FAQ

Start Your Compliance Journey DNSSI

Get a personalized compliance assessment. Our team will guide you through.