DNSSI v2.0 Compliance, Automated
National Directive for Information Systems Security v2.0. Automate gap analysis, evidence collection, and continuous monitoring with Zaxyr's AI-powered compliance platform.
What is DNSSI v2.0?
DNSSI v2.0 (National Directive for Information Systems Security) is the reference cybersecurity framework in Morocco, published by the DGSSI under the authority of the Strategic Committee for Information Systems Security. This directive defines the minimum security requirements that public administrations, Operators of Vital Importance (OIV), and Operators of Essential Services (OSE) must implement.
Version 2.0 significantly strengthens the requirements compared to the initial version, with 112 controls covering governance, risk management, asset protection, incident detection, crisis response, and business continuity. It falls within the scope of Law 05-20 on cybersecurity, which gives legal force to the directive's requirements and provides for penalties in case of non-compliance.
Accreditation of information systems is a central process of the DNSSI: each system must undergo a security assessment, a risk treatment plan, and a formal accreditation decision by the competent authority. The directive also provides for regular audits, crisis management exercises, and mandatory reporting of security incidents to maCERT (the Moroccan center for monitoring, detection, and response to IT incidents).
Official source: DGSSI (Direction Generale de la Sécurité des Systemes d'Information)Who must comply
- Moroccan public administrations and public institutions
- Operators of Vital Importance (OIV) designated by the ANRT
- Operators of Essential Services (OSE) within the meaning of Law 05-20
- Critical infrastructure (energy, telecoms, finance, health, transport)
- Subcontractors and IT service providers of the targeted entities
- Organizations seeking accreditation of their information systems
Key Requirements
- Governance: IS security policy, security organization, ISS steering committee
- Risk management: formal risk analysis, treatment plan, periodic review
- Human resources security: awareness, training, confidentiality clauses
- Asset management: inventory, classification, acceptable use rules
- Access control: access policy, identity management, strong authentication
- Cryptography: encryption policy, key management, protection of sensitive data
- Operations security: operating procedures, change management, backup
- Communications security: network segmentation, secure transfers, monitoring
- Incident management: detection, reporting to maCERT, response and lessons learned
- Accreditation: security assessment, accreditation decision, maintenance of security conditions
The Cost of Inaction
Fines of MAD 100,000 to 1,000,000 and prison sentences of 1 to 5 years (Law 05-20)
Beyond financial penalties, non-compliance can result in reputational damage, loss of business licenses, and personal liability for executives.
How Zaxyr Automates Compliance DNSSI
Automated gap analysis across all 112 DNSSI v2.0 controls with maturity scoring and prioritized remediation roadmap
Native support for the DNSSI framework in French and Arabic, including the specific requirements of Law 05-20
Continuous evidence collection from your infrastructure (SIEM, AD, firewall, cloud) with timestamped audit trail
ISS steering dashboards aligned with the expectations of the DGSSI and the steering committee
Accreditation module: security assessment, accreditation decision, and tracking of maintenance of security conditions
Automatic ISO 27001 to DNSSI mapping: leverage your existing ISO controls to accelerate national compliance
DNSSI Compliance FAQ
Start Your Compliance Journey DNSSI
Get a personalized compliance assessment. Our team will guide you through.