Crowdsourcing in the development of state standards
It is not a secret for anybody that many of the current Russian state standards (GOST) on information security are currently obsolete. This is obvious for the reason that most of them were developed in the 1980s – 1990s, when most modern information technologies were not used as widely as they are today, or simply did not exist.
Recently, Russian state regulators have begun to update the regulatory framework, which in itself is good news. There are many underwater stones on this way, a vivid example is the epic with the Federal Law No. 152- “On Personal Data” and the accompanying orders of the FSTEC and the FSB. Many copies were broken, several iterations of the FSTEC orders were taken, and then replaced with new versions. And the other day, namely on May 14, 2013, the Ministry of Justice registered a fresh order of FSTEC No. 21 of February 18, 2013 “On approving the composition and content of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems” , which the professional community has generally accepted with approval. It should be said separately that during the development of this document, the regulator turned to independent industry experts.
The positive trend of the FSTEC is that now when developing new standards, the regulator asks the public for its opinion on the documents being developed. And the most recent example is the recently arrived requests.
')
Technical Committee 362 "Information Security" , relating to the FSTEC, is developing projects of new Russian GOSTs for information security. Organizations - members of TC 362 were sent letters asking them to consider and comment on the following draft future state standards of Russia:
Draft documents are open and available via links on the TC 362 website. Comments and suggestions should be given before June 20 of the current year.
I offer everyone who is interested and not indifferent to the fate of future Russian GOSTs on information security, to get acquainted with the draft documents and write their comments. We will add efficient comments and tips to our own and send them to TC 362 as a member organization of this technical committee.
A big request to write comments on the substance of the draft documents under consideration and refrain from proposals like “let's throw it all out and take the world-tested ISO, NIST, CIS ...”. There is no guarantee that our proposals will be fully taken into account, as we can only offer. The final decision will still be taken by the regulator. However, practice has shown that they can listen to comments on the case.
Recently, Russian state regulators have begun to update the regulatory framework, which in itself is good news. There are many underwater stones on this way, a vivid example is the epic with the Federal Law No. 152- “On Personal Data” and the accompanying orders of the FSTEC and the FSB. Many copies were broken, several iterations of the FSTEC orders were taken, and then replaced with new versions. And the other day, namely on May 14, 2013, the Ministry of Justice registered a fresh order of FSTEC No. 21 of February 18, 2013 “On approving the composition and content of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems” , which the professional community has generally accepted with approval. It should be said separately that during the development of this document, the regulator turned to independent industry experts.
The positive trend of the FSTEC is that now when developing new standards, the regulator asks the public for its opinion on the documents being developed. And the most recent example is the recently arrived requests.
')
Technical Committee 362 "Information Security" , relating to the FSTEC, is developing projects of new Russian GOSTs for information security. Organizations - members of TC 362 were sent letters asking them to consider and comment on the following draft future state standards of Russia:
- GOST R “Information Security. Vulnerabilities of information systems. Rules for the description of vulnerabilities ;
- GOST R “Information Security. Vulnerabilities of information systems. Content and order of performance of work on identification and assessment of information systems vulnerabilities ” ;
- GOST R “Information Security. Information systems and information objects. Information security threats. General provisions " ;
- GOST R “Information Security. Documentation on the technical protection of information on the object information. General provisions .
Draft documents are open and available via links on the TC 362 website. Comments and suggestions should be given before June 20 of the current year.
I offer everyone who is interested and not indifferent to the fate of future Russian GOSTs on information security, to get acquainted with the draft documents and write their comments. We will add efficient comments and tips to our own and send them to TC 362 as a member organization of this technical committee.
A big request to write comments on the substance of the draft documents under consideration and refrain from proposals like “let's throw it all out and take the world-tested ISO, NIST, CIS ...”. There is no guarantee that our proposals will be fully taken into account, as we can only offer. The final decision will still be taken by the regulator. However, practice has shown that they can listen to comments on the case.
Source: https://habr.com/ru/post/180317/
All Articles