As part of the implementation of Law No. 05-20 on cybersecurity and its implementing decree No. 2-21-406, the General Directorate for Information Systems Security (DGSSI) has developed the Guide on Data Classification.

This guide, based on internationally recognized best practices, aims to support entities and critical infrastructure operators in implementing the data classification process, in accordance with the reference framework defined by the aforementioned decree.

In this regard, the guide outlines the key steps to be followed, defines the roles and responsibilities of the stakeholders involved, and proposes a methodology for assessing the sensitivity of data based on the criteria of confidentiality, integrity, and availability. It also includes a set of indicative technical and organizational measures designed to ensure the protection of classified data.