of June 27, 2018 No. 105/Tax Code
About approval of Profiles of protection and the Technique of development of profiles of protection
According to the subitem 18) article 7-1 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" PRIKAZYVAYU:
1. Approve:
1) Profiles of protection of means of antivirus protection for workstations and servers, and also intrusion detection systems of level of network, according to appendix 1 to this order;
2) Profiles of development of profiles of protection according to appendix 2 to this order.
2. To provide to committee on information security of the Ministry of the defense and aerospace industry of the Republic of Kazakhstan in the procedure established by the legislation of the Republic of Kazakhstan:
1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;
2) within ten calendar days from the date of state registration of this order the direction it the copy in paper and electronic form in the Kazakh and Russian languages in the Republican state company on the right of economic maintaining "The republican center of legal information" for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;
3) within ten calendar days after state registration of this order the direction it the copy on official publication in periodic printing editions;
4) placement of this order on official Internet resource of the Ministry of the defense and aerospace industry of the Republic of Kazakhstan after its official publication;
5) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of the defense and aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1), 2), 3) and 4) of this Item.
3. To impose control of execution of this order on the supervising vice-minister of the defense and aerospace industry of the Republic of Kazakhstan.
4. This order becomes effective after ten calendar days after day of its first official publication.
Minister of the defense and aerospace industry of the Republic of Kazakhstan
B. Atamkulov
It is approved Chairman of Committee of homeland security of the Republic of Kazakhstan "___" ________ 2018 |
___________ K. Masimov |
Appendix 1
to the Order of the Minister of the defense and aerospace industry of the Republic of Kazakhstan of June 27, 2018 No. 105/Tax Code
1. This Profile of protection of means of antivirus protection for workstations and servers, is developed according to the subitem 18) of article 7-1 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization".
2. In this profile of protection of means of antivirus protection for workstations and servers the following basic concepts are used:
1) objects of information and communication infrastructure (further - OIKI) - information systems, technological frameworks, the hardware and software, networks of telecommunications, and also systems of ensuring smooth functioning of technical means and information security;
2) information safety hazard - set of the conditions and factors determining potential or real-life danger of violation of safety of information;
3) assessment object (further - OO) - the OIKI components which are subject to assessment with managements of the administrator and user;
4) security policy of OO (further - PBO) - set of the rules regulating management, protection and distribution of the information resources controlled by OO;
5) safety features of OO (further - FBO) - set of all safety features of OO directed to implementation of PBO;
6) antivirus protection - information protection and the OIKI components from malicious computer programs (viruses) (detection of malicious computer programs (viruses), blocking, isolation of the "infected" objects, removal of malicious computer programs from the "infected" objects);
7) means of antivirus protection (further - SAVZ) - the software realizing functions of detection of computer programs or other computer information intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of information security products, and also response to detection of these programs and information;
8) the database of signs of malicious computer programs (viruses) (further - DB of the Communist Refoundation Party) - the component of SAVZ containing information on malicious computer programs (viruses) (signature), used by SAVZ for detection of malicious computer programs (viruses) and their processing;
9) security administrator - responsible for installation, administration and operation of OO;
10) task on safety (further - ZB) - set of safety requirements and specifications, held for use as basis for assessment of specific OO;
11) protection profile (further - PZ) - the list of the minimum requirements to safety of the program and technical means which are components of objects of informatization;
12) signature - the characteristic signs of computer malicious application (virus) (further - KV) used for its detection.
3. The main threats, for opposition to which use SAVZ, the threats connected with implementation in OIKI from information and telecommunication networks, including networks of the international information exchange (communication networks public) and (or) removable machine information mediums, KV are.
4. In SAVZ the following safety features are realized:
1) differentiation of access to management of SAVZ;
2) management of work of SAVZ;
3) management of the SAVZ parameters;
4) management of installation of updates (updating) of DB of the Communist Refoundation Party of SAVZ;
5) security audit of SAVZ;
6) accomplishment of checks of objects of impact;
7) processing of objects of impact;
8) signaling of SAVZ.
5. In the circle in which SAVZ functions the following safety features of the circle are realized:
1) ensuring confidential communication (route) between SAVZ and users;
2) providing the confidential channel of receipt of the SAVZ updates;
3) providing conditions of safe functioning;
4) management of security attributes.
6. In PZ the following types of safety requirements shown to SAVZ:
1) functional safety requirements (further - FTB);
2) requirements of trust to safety.
7. FTB SAVZ include:
1) requirements to the modes and methods of accomplishment of checks for the purpose of detection of KV;
2) requirements to functionality on the DB updating of the Communist Refoundation Party;
3) requirements for management of run modes of safety features of SAVZ (work of SAVZ);
4) requirements for data management of safety features (data SAVZ);
5) requirements for management;
6) requirements to audit of functioning of SAVZ.
8. Requirements of trust to safety of SAVZ cover the following main questions:
1) configuration management;
2) delivery and operation;
3) development;
4) managements;
5) support of lifecycle;
6) testing;
7) assessment of vulnerabilities;
8) SAVZ updating.
9. SAVZ corresponding to this PZ provide:
1) accomplishment of checks for the purpose of detection of the infected KV of objects in file areas of information mediums;
2) accomplishment of checks for the purpose of detection of the infected KV of objects on command;
3) accomplishment of checks for the purpose of detection of the infected KV of objects by signature methods;
4) obtaining and installations of the DB updates of the Communist Refoundation Party without use of the automation equipment;
5) generation of records of audit for the events subjected to audit;
6) readings information from records of audit;
7) access restriction to reading records of audit;
8) search, sorting, streamlining of data of audit.
10. SAVZ are installed on the workstations and the OIKI servers functioning based on the computer network.
11. The standard scheme of application is provided to OIKI SAVZ in appendix 1 to this PZ.
12. Assumptions concerning the predetermined use of OO include:
1) assumption-1.
Access of OO to all OIKI which are necessary for OO for realization of the functionality (to controlled OIKI);
2) assumption-2.
Installation, configuring and management of OO according to operational documentation;
3) assumption-3.
Compatibility of OO with the OIKI controlled resources;
4) assumption-4.
Correct joint operation of SAVZ with SAVZ of other vendors in case of their joint use in information system;
5) Assumption-5.
Physical protection of the OIKI elements on which OO is established;
6) assumption-6.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.