of March 29, 2006 No. 373
About approval of Rules of ensuring information protection in information, telecommunication and information and telecommunication systems
According to article 10 of the Law of Ukraine "About information protection in information and telecommunication systems" the Cabinet of Ministers of Ukraine decides:
Prime Minister of Ukraine
Approved by the Resolution of the Cabinet of Ministers of Ukraine of March 29, 2006 No. 373
1. These rules determine general requirements and organizational bases of ensuring protection of the state information resources or information which requirements concerning protection are established by the law, in information, telecommunication and information and telecommunication systems (further - system).
2. Action of these Rules does not extend to information protection in systems governmental and special types of communication, in the technical means and their components necessary for implementation by authorized bodies of operational search, prospecting actions and secret investigative (search) actions.
3. In Rules the terms below are used in the following value:
authentication - the procedure of establishment of accessory to the user of information in system (further - the user) the identifier shown them;
identification - the procedure of recognition of the user in system as a rule by means of in advance certain name (identifier) or other a priori information on him which is perceived by system.
Other terms are used in the value given in the Laws of Ukraine "About information", "About access to public information", "About the state secret", "About information protection in information and telecommunication systems", "About telecommunication", the Regulations on information technical protection in Ukraine approved by the Presidential decree of Ukraine of September 27, 1999 N1229.
4. Is subject to protection in system:
open information which belongs to the state information resources and also open information on activities of subjects of powers of authority, military forming which will be promulgated on the Internet, other wide information networks and systems or is transferred by telecommunication networks (further - open information);
confidential information which is in ownership of the managers of information determined by part one of article 13 of the Law of Ukraine "About access to public information" (further - confidential information);
information which is the state or provided by the law other secret (further - secret information);
information which requirement concerning protection is established by the law.
Requirements for ensuring information protection in system
5. Open information during processing in system shall save integrity which is provided by protection against unauthorized actions which can entail to it to accidental or deliberate modification or destruction.
Access to acquaintance with open information shall be provided to all users. Only the identified and authenticated users to whom appropriate authority is conferred can modify or destroy open information.
Attempts of modification or destruction of open information by users which have on it no powers by not identified users or users with not confirmed during authentication with compliance of the shown identifier shall be blocked.
6. During processing of the office and classified information its protection against unauthorized and uncontrollable acquaintance, modification, destruction, copying, distribution shall be provided.
7. Access to office information is provided only to the identified and authenticated users. Access attempts to such information of not identified persons or users with the compliance of the shown identifier which is not confirmed during authentication shall be blocked.
In system the possibility of provision is provided to the user of the right in pursuance of one or several transactions on processing of confidential information or deprivation of its such right.
8. Requirements for protection in system of information which is the state secret are determined by these Rules and the legislation in the field of protection of the state secret.
9. Providing technical and cryptographic information protection with limited access, and also open information which requirement concerning protection is established by the law is performed in system with observance of requirements imposed for ensuring protection of such information if other is not provided by the law.
Cryptographic protection in system of secret information which is not the state secret and confidential information in public authorities, local government bodies, at the companies, in organizations and the organizations which belong to the sphere of their management, the military forming created according to the law is performed with use of means of cryptographic information protection which meet the requirements to means of cryptographic information protection, intended for protection of the classified information which is not the state secret and confidential information that is confirmed by the expert opinion in the field of cryptographic information protection or the document on compliance.
10. Requirements for protection in system of information against unauthorized blocking are determined by the manager of information if another for this information or system in which it is processed is not established by the legislation.
11. In system obligatory registration is performed:
results of identification and authentication of users;
results of accomplishment by the user of transactions on information processing;
attempts of unauthorized actions with information;
facts of provision and deprivation of users of right of access to information and its processing;
results of integrity checking of information security products.
The possibility of carrying out the analysis of registration data only is provided with the user who is authorized to exercise control of information security products and control of information protection in system (security administrator).
Registration is performed by automatic method, and registration data are protected from modification and destruction by users who have no powers of security administrator.
Registration of attempts of unauthorized actions with information which is the state secret, and office information shall be followed by the message on them to security administrator (responsible person).
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.