ORDER OF THE GOVERNMENT OF THE KYRGYZ REPUBLIC

of November 21, 2017 No. 762

About approval of Requirements to the information security containing in databases of the state information systems

According to article 19 of the Law of the Kyrgyz Republic "About electronic control", articles 10 and 17 of the constitutional Law of the Kyrgyz Republic "About the Government of the Kyrgyz Republic" the Government of the Kyrgyz Republic decides:

1. Approve Requirements to the information security containing in databases of the state information systems (further - Requirements).

2. To the state committee of information technologies and communication of the Kyrgyz Republic together with the State committee of homeland security of the Kyrgyz Republic till April 1, 2018 to make offers on the organization of execution of the Requirements approved by this resolution in the Government of the Kyrgyz Republic.

3. To the ministries, the state committees, administrative departments, other state bodies (in coordination), to local government bodies (in coordination), to the state and municipal companies, the organizations and organizations financed from republican and/or local budgets, which are owners and/or operators of state/municipal information systems till July 1, 2018 to take the measures following from the Requirements approved by this resolution.

4. Determine that control of observance of Requirements is exercised by the Ministry of digital development of the Kyrgyz Republic together with the State committee of homeland security of the Kyrgyz Republic.

5. Recommend to the local government bodies creating and operating the information systems which are subject to inclusion in the Register of the state infrastructure of electronic control since July 1, 2018 annually to provide the relevant information on fulfillment of requirements, approved by this resolution, in the Ministry of digital development of the Kyrgyz Republic.

6. To impose control of execution of this resolution on department of construction, transport and communications of Government office of the Kyrgyz Republic.

7. This resolution becomes effective after fifteen days from the date of official publication.

Appendix

Approved by the Order of the Government of the Kyrgyz Republic of November 21, 2017 No. 762

Requirements to the information security containing in databases of the state information systems

Chapter 1. General provisions

1. Requirements to the information security containing in databases of the state information systems (further - Requirements), are developed according to the Law of the Kyrgyz Republic "About electronic control" and determine measures for information security, and also requirements to use of information technologies in the state information systems and safety of information containing in their databases.

2. Provisions of these Requirements are obligatory for application by the state bodies, local government bodies, state and municipal companies, organizations and organizations financed from republican and/or local budgets, which are owners and/or operators of state/municipal information systems.

3. Provisions of these Requirements do not extend to the state information systems containing information carried to the state secrets according to the legislation of the Kyrgyz Republic on the state secrets in the databases, to networks of telecommunications of special purpose and/or the governmental, secret, encoded and coded communication, the information systems which are not part of the state infrastructure of electronic control.

4. In these Requirements the following determinations are used:

the assets connected with means of information processing (further - data asset) - material or non-material object which is information or contains information or serves for processing, storage, information transfer and having value for the organization;

internal audit of information security - the objective, documentary process of control of quality and quantity characteristics of current status of information security of elements of the state infrastructure of electronic control performed by the organization (the owner/operator of information system) in the interests;

journalizing of events - process of data recording about the taking place program or hardware events in the online magazine of registration of events;

the secret communication - the protected connection with use of the coding equipment;

time source infrastructure - hierarchically connected server hardware which is using the network protocol of synchronization of time, carrying out task of synchronization of the internal clock of servers, workstations and the telecommunication equipment;

cyber security - preserving properties of integrity (which can include authenticity and fault tolerance), availability and confidentiality of information in objects of information infrastructure, provided due to use of set of means, strategy, the principles of safety, security guarantees, approaches to risk management and insurance, professional training, practical experience and technologies;

the crucial equipment - the equipment, failures in which operation or refusal of which have essential value for accomplishment by state body, its territorial subdivision performing powers of the owner and/or the operator of information system, local government bodies by the organization of the main functions will be resulted in impossibility of accomplishment (termination) of the functions assigned to them. The list of such equipment is determined by the state body, its territorial subdivision performing powers of the owner and/or the operator of information system, local government bodies, the organization independently;

critical information infrastructure - set of the objects of critical information infrastructure of the Kyrgyz Republic functioning in the sector of public administration and the state electronic services in the field of health care, transport, telecommunications and communication, the credit and financial sphere, the defensive sector, fuel industry, industry of generation and electricity distribution, the food industry and the mining industry;

the coded communication - the protected connection with use of documents and technology of coding;

local network of internal contour - the local network of state body carried to internal contour of telecommunication network of state body, its territorial subdivision performing powers of the owner and/or the operator of information system, having connection with the single transport circle of state bodies;

local network of external contour - the local network of state body carried to external contour of telecommunication network of state body, its territorial subdivision performing powers of the owner and/or the operator of information system, having connection with the Internet, access to which for state body is provided by telecom operators only through single lock of Internet access;

marking of the asset connected with means of information processing - drawing conventional signs, letters, figures, graphical signs or texts on asset for the purpose of its further identification (recognition), specifying of its properties and characteristics;

scalability - capability of element of the state infrastructure of electronic control to provide increase in the performance in process of growth of amount of the processed information and (or) the number of at the same time working users;

multiple-factor authentication - method of check of authenticity of the user by means of combination of various parameters, including generation and input of passwords or authentication signs (digital certificates, tokens, smart cards, generators of one-time passwords, means of biometric identification);

objects of information infrastructure - information centers, subsystems, banks and/or databases and knowledge, communication systems, control centers, the hardware and software and technology of collection, storage, processing and information transfer;

application software - software complex for the solution of applied task of certain class of subject domain;

the workstation - the desktop or portable computer as a part of local network intended for the solution of applied tasks;

the server room - the room intended for placement of the server, active and passive network (telecommunication) hardware and the equipment of the structured cable systems;

the system software - set of the software for ensuring operation of the computing equipment;

means of cryptographic information security - the software or the hardware and software realizing algorithms of cryptographic transformations, generation, forming, distribution or management of enciphering keys;

system of electronic interdepartmental interaction Tunduk - the hardware-software decision and the organizational circle providing safe data exchange in electronic format between information systems and databases of state bodies and local government bodies during the rendering electronic state and municipal services, accomplishment of the state and municipal functions;

technical documentation on cyber security - documentation establishing policy governed, the protective measures concerning processes of ensuring integrity (including authenticity and fault tolerance), availability and confidentiality of information containing in databases of the state information systems;

terminal system - the thin or zero client for work with appendices in the terminal circle or programs - thin clients in client-server architecture;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info