Morocco: Adopted DGSSI Application Security Verification Framework (2022)

On 1 January 2022, the General Directorate of Information Systems Security (DGSSI) issued the Application Security Verification Framework (2022), outlining requirements for application security across public institutions and private entities. The framework is structured around 14 audit topics and 286 controls, classified into basic, standard, and advanced security levels. It incorporates recognised standards, including NIST, OWASP, and PCI-DSS, to ensure consistent practices in secure software design, development, and testing. The framework mandates specific requirements in critical areas such as architecture, cryptographic key management, authentication protocols, access control, session management, and secure data handling. It requires the adoption of secure coding practices, periodic security testing, and threat modelling to mitigate cyber risks. Designed to support critical infrastructure providers, financial institutions, and digital service operators.