Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
LPMLawFranceMandatory

LPM

Authority : ANSSI
20 règles
Overview

What is LPM ?

The French Military Programming Law (LPM) defines cybersecurity obligations for Operators of Vital Importance (OIV) in France. Article 22 of the 2013 LPM and its sector-specific orders require OIVs to implement security measures defined by ANSSI, grouped in 20 rules covering governance, protection, defense, and resilience of Vital Information Systems (SIIV). OIVs must also report security incidents to ANSSI, submit to inspections, and use ANSSI-qualified products and providers.

Key Points

  • 20 ANSSI security rules: SSI governance, asset mapping, security maintenance, logging, detection
  • Mandatory security incident notification to ANSSI within 24 hours
  • Obligation to use ANSSI-qualified detection systems (IDS probes)
  • Security inspections and audits by ANSSI or PASSI-qualified providers
  • Mandatory risk analysis on SIIV using a recognized methodology (EBIOS RM recommended)

Why Zaxyr

Zaxyr helps OIVs structure their LPM compliance by tracking the 20 ANSSI security rules. The platform automates evidence collection from SIIV, facilitates PASSI audit preparation, and provides mapping to ISO 27001 and NIS2 for a coherent approach to French and European regulatory compliance.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.