Geekly Articles each Day
📜 ⬆️ ⬇️

New in certification of information security tools



About a year ago, on April 3, 2018, the FSTEC of Russia published order No. 55 . He approved the Regulation on the certification system of information security tools.

This determined who is a member of the certification system. It also clarified the organization and procedure for certification of products that are used to protect confidential information representing state secrets, the means for which protection must also be certified through this system.
')
So, what exactly does the Regulation refer to products that need to be certified?


The participants of the certification system included:


To get certified, you must do the following steps:


Further, the certificate may be issued or denied.

In addition, in this or that case is produced:


The 13th clause of the Provisions should be cited:

"13. Certification tests of information security tools are carried out on the material and technical base of the testing laboratory, as well as on the material and technical bases of the applicant and / or the manufacturer, located in the Russian Federation. "

Not so long ago, on March 29, 2019, the FSTEC published another improvement, which was entitled “ Information message of the FSTEC of Russia dated March 29, 2019 N 240/24/1525 ”.

The document has upgraded the system of certification of information security tools. Thus, information security requirements are approved. They establish levels of confidence in the means of technical protection of information and means of ensuring the security of information technology. They, in turn, determine the conditions for the development and production of information protection means, testing of information protection means, and also for ensuring the safety of information protection means during their use. There are six levels of trust. The lowest level is the sixth. The highest is the first.

First of all, levels of trust are intended for developers and manufacturers of protective equipment, applicants for certification, as well as for testing laboratories and certification bodies. Fulfillment of the Requirements to the level of trust is mandatory for certification of information security tools.
All this will take effect on June 1, 2019. In connection with the approval of the Requirements to the level of trust, FSTEC will no longer accept applications for certification of protection for compliance with the requirements of the guidance document “Protection from unauthorized access. Part 1. Software of information security tools. Classification according to the level of control over the absence of undeclared capabilities. ”

Information security tools that correspond to the first, second, and third levels of trust are used in information systems that process information containing information constituting state secrets.

The use of security tools from the fourth to the sixth level of trust for GIS and ISPDn of the corresponding classes / levels of security are shown in the table:



It is necessary to pay special attention to the fact that:

"The validity of certificates of conformity of information security in respect of which the specified conformity assessment will not be carried out until January 1, 2020, on the basis of paragraph 83 of the Regulations on certification of information security tools, approved by order FSTEC of Russia of April 3, 2018 No. 55, may be suspended . "

While lawmakers continue to work on improving the requirements for certification, we provide a cloud infrastructure that meets all the requirements of adopted laws. The solution provides for an already prepared infrastructure, a ready-made solution for compliance with federal law 152.

Source: https://habr.com/ru/post/449004/

More articles:


All Articles