of March 29, 2006 No. 373
About approval of Rules of ensuring information protection in information, electronic communication and information communications systems
According to article 10 of the Law of Ukraine "About information protection in information communications systems" the Cabinet of Ministers of Ukraine decides:
Prime Minister of Ukraine
Approved by the Resolution of the Cabinet of Ministers of Ukraine of March 29, 2006 No. 373
1. These rules determine general requirements and organizational bases of ensuring protection of the state information resources or information which requirements concerning protection are established by the law, in information, electronic communication and information communications systems (further - system).
2. Action of these Rules does not extend to information protection in systems governmental and special types of communication, in the technical means and their components necessary for implementation by authorized bodies of operational search, prospecting actions and secret investigative (search) actions.
3. In Rules the terms below are used in the following value:
authentication - the procedure of establishment of accessory to the user of information in system (further - the user) the identifier shown them;
identification - the procedure of recognition of the user in system as a rule by means of in advance certain name (identifier) or other a priori information on him which is perceived by system.
Other terms are used in the value given in the Laws of Ukraine "About information", "About access to public information", "About the state secret", "About information protection in information communications systems", "About electronic communications", the Regulations on information technical protection in Ukraine approved by the Presidential decree of Ukraine of September 27, 1999 N1229.
4. Is subject to protection in system:
open information which belongs to the state information resources and also open information on activities of subjects of powers of authority, military forming which will be promulgated on the Internet, other wide information networks and systems or is transferred by electronic communication networks (further - open information);
confidential information which is in ownership of the managers of information determined by part one of article 13 of the Law of Ukraine "About access to public information" (further - confidential information);
information which is the state or provided by the law other secret (further - secret information);
information which requirement concerning protection is established by the law.
Requirements for ensuring information protection in system
5. Open information during processing in system shall save integrity which is provided by protection against unauthorized actions which can entail to it to accidental or deliberate modification or destruction.
Access to acquaintance with open information shall be provided to all users. Only the identified and authenticated users to whom appropriate authority is conferred can modify or destroy open information.
Attempts of modification or destruction of open information by users which have on it no powers by not identified users or users with not confirmed during authentication with compliance of the shown identifier shall be blocked.
Creation and/or processing in system of electronic documents which analogs on papers shall contain the sign manual according to the legislation shall be performed using the qualified digital signature or seal.
Check and confirmation of the qualified digital signature or seal are performed according to requirements of article 18 of the Law of Ukraine "About electronic confidential services".
6. During processing of the office and classified information its protection against unauthorized and uncontrollable acquaintance, modification, destruction, copying, distribution shall be provided.
7. Access to office information is provided only to the identified and authenticated users. Access attempts to such information of not identified persons or users with the compliance of the shown identifier which is not confirmed during authentication shall be blocked.
In system the possibility of provision is provided to the user of the right in pursuance of one or several transactions on processing of confidential information or deprivation of its such right.
8. Requirements for protection in system of information which is the state secret are determined by these Rules and the legislation in the field of protection of the state secret.
9. Providing technical and cryptographic information protection with limited access, and also open information which requirement concerning protection is established by the law is performed in system with observance of requirements imposed for ensuring protection of such information if other is not provided by the law.
Cryptographic protection in system of secret information which is not the state secret and confidential information in public authorities, local government bodies, at the companies, in organizations and the organizations which belong to the sphere of their management, the military forming created according to the law is performed with use of means of cryptographic information protection which meet the requirements to means of cryptographic information protection, intended for protection of the classified information which is not the state secret and confidential information that is confirmed by the expert opinion in the field of cryptographic information protection or the document on compliance.
10. Requirements for protection in system of information against unauthorized blocking are determined by the manager of information if another for this information or system in which it is processed is not established by the legislation.
11. In system obligatory registration is performed:
results of identification and authentication of users;
results of accomplishment by the user of transactions on information processing;
attempts of unauthorized actions with information;
facts of provision and deprivation of users of right of access to information and its processing;
results of integrity checking of information security products.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.