RESOLUTION OF THE CABINET OF MINISTERS OF UKRAINE

of November 11, 2020 No. 1176

About approval of the Procedure for carrying out survey of condition of cybernetic protection of critical information infrastructure, the state information resources and information which requirement concerning protection is established by the law

According to item 4 of part three of article 27 of the Law of Ukraine "About homeland security of Ukraine" the Cabinet of Ministers of Ukraine decides:

Approve the Procedure for carrying out survey of condition of cybernetic protection of critical information infrastructure, the state information resources and information which requirement concerning protection is established by the law which is attached.

Approved by the Resolution of the Cabinet of Ministers of Ukraine of November 11, 2020 , No. 1176

Procedure for carrying out survey of condition of cybernetic protection of critical information infrastructure, the state information resources and information which requirement concerning protection is established by the law

1. This Procedure determines organizational bases of carrying out survey of condition of cybernetic protection of critical information infrastructure, the state information resources and information which requirement concerning protection is established by the law (further - survey).

This Procedure does not extend to carrying out survey of condition of cyberprotection concerning the information infrastructure intended for the information processing which is the state secret.

2. In this Procedure terms are used in such value:

1) the vital services and functions (further - the main services) - services and functions which are provided and carried out by public authorities, the companies, organizations and the organizations, irrespective of pattern of ownership, failures and interruptions in provision and which execution lead to negative effects for the population, society, economic and social situation and homeland security and defense;

2) cyberstability of critical information infrastructure - condition of critical information infrastructure in case of which its capability reliably is provided to function and provide the main services in the conditions of cyberthreats;

3) cyberprotection condition assessment - process of studying of results of application of means and measures for cyberprotection for determination of condition of security of subjects to survey and efficiency of the taken measures;

4) the subject of critical information infrastructure - public authority, the company, organization or the organization, legal entity and/or physical person which on the property rights, leases or on other legal causes possesses object of the critical information infrastructure used for rendering the main services for designated purpose in the relevant sectors (splits) of economy or fields of activity;

5) the authorized body of the government responsible for the sector (split) of economy or field of activity (further - authorized body) - the central executive body, other state body which provides forming and/or realization of state policy in one or several spheres.

Other terms are used in the value given in the Laws of Ukraine "About the basic principles of ensuring cyber security of Ukraine", "About homeland security of Ukraine", "About Public service special communication and information protection of Ukraine".

3. Subjects to survey are objects of critical information infrastructure, the state information resources and information which requirement concerning protection is established by the law.

Subjects of survey are authorized bodies, the teams of response to computer extraordinary events (incidents of computer security) determined by authorized bodies of division of cyberprotection and cyber security.

4. Inspection is performed for the purpose of estimation of condition of cybernetic protection of critical information infrastructure, the state information resources and information which requirement concerning protection is established by the law, and readiness of divisions of subjects of survey to which powers ensuring cybernetic protection of objects of critical information infrastructure, protection of the state information resources and information which requirement concerning protection is established by the law, to effective and rapid response to cyberthreats, warning, identification and protection against cyber attacks and cyberincidents, liquidation of their effects, recovery of functioning of objects of critical information infrastructure belongs.

5. By results of survey the directions of enhancement and development of national system of cyber security regarding cyberprotection taking into account real and potential hazards in cyberspace and financial and economic opportunities of the state are determined.

6. Tasks of survey are:

carrying out the analysis of cyberstability of critical information infrastructure, condition of cyberprotection of the state information resources and information which requirement concerning protection is established by the law;

forming of suggestions for improvement of the legislation in the field of cyber security and cyberprotection and determination of the directions of development of national system of cyber security regarding cyberprotection;

forming of suggestions for improvement by subjects of critical information infrastructure and authorized bodies of measures for cyberprotection;

planning of actions for ensuring cyberstability of critical information infrastructure.

7. Carrying out survey is based on the following principles:

centralized operation by process of carrying out survey;

objectivity which assumes carrying out survey on the basis of basic data which reflect real situation in the field of cyberprotection;

systemacity of implementation of actions for carrying out survey and collective nature in case of decision making by its results.

8. Inspection is performed based on results:

the analysis of condition of observance of requirements of the legislation in the field of cyberprotection of subjects to survey;

internal audit and the state control in spheres cryptographic and information technical protection, protection in cyberspace of the state information resources and information which requirement concerning protection is established by the law, cyberprotection of subjects to survey;

information security audit of objects of critical information infrastructure;

information analysis concerning condition of the cyberprotection of subjects to survey received on survey results of subjects of critical information infrastructure.

9. The common directorship of survey is performed by Administration of Gosspetssvyaz.

10. For holding actions for carrying out survey the interdepartmental working group on questions of carrying out survey is formed (further - working group).

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info