of February 8, 2021 No. 92
Questions of ensuring information protection in information, telecommunication and information and telecommunication systems
The Cabinet of Ministers of Ukraine decides:
1. Enter to the Rules of ensuring information protection in information, telecommunication and information and telecommunication systems approved by the resolution of the Cabinet of Ministers of Ukraine of March 29, 2006 No. 373 (The Official Bulletin of Ukraine, 2006, No. 13, the Art. 878, No. 50, Art. 3324; 2011, No. 69, the Art. 2624), changes which are applied.
2. Determine that certificates of compliance on the end-to-end systems of protection operating at the time of entry into force of this resolution are valid during the term of their action.
3. Declare invalid the resolution of the Cabinet of Ministers of Ukraine of April 12, 2002 No. 522 "About approval of the Procedure for connection to wide area networks of data transmission" (The Official Bulletin of Ukraine, 2002, No. 16, the Art. 864).
4. Administrations of Public service of special communication and information protection in three-months time from the effective date of this resolution to approve requirements to the means of cryptographic information protection intended for protection of the classified information which is not the state secret and confidential information in state bodies, local government bodies, at the companies, in organizations and the organizations which belong to the sphere of their management, the military forming created according to the law.
Prime Minister of Ukraine
Approved by the Resolution of the Cabinet of Ministers of Ukraine of February 8, 2021 No. 92
1. State Item 2 in the following edition:
"2. Action of these Rules does not extend to information protection in systems governmental and special types of communication, in the technical means and their components necessary for implementation by authorized bodies of operational search, prospecting actions and secret investigative (search) actions.".
2. State Item 9 in the following edition:
"9. Providing technical and cryptographic information protection with limited access, and also open information which requirement concerning protection is established by the law is performed in system with observance of requirements imposed for ensuring protection of such information if other is not provided by the law.
Cryptographic protection in system of secret information which is not the state secret and confidential information in public authorities, local government bodies, at the companies, in organizations and the organizations which belong to the sphere of their management, the military forming created according to the law is performed with use of means of cryptographic information protection which meet the requirements to means of cryptographic information protection, intended for protection of the classified information which is not the state secret and confidential information that is confirmed by the expert opinion in the field of cryptographic information protection or the document on compliance.".
3. The ninth Item 11 to state the paragraph in the following edition:
"Registration of attempts of unauthorized actions with information which is the state secret, and office information shall be followed by the message on them to security administrator (responsible person).".
4. State Items 13 and 14 in the following edition:
"13. Transfer of confidential information, the office and classified information through the unprotected circle (environment in which information concerning which there is no confirmation of conformity of protection against all possible threats which probability of manifestation exists in this circle circulates) is performed in encrypted form or via secure channels of communication according to requirements of the legislation in the field of technical and cryptographic information protection, except for information which is transmitted through channels (lines) of communication which are in limits of the controlled area (the territory (space) in which (in which) unauthorized and uncontrollable stay of strangers, placement technical and vehicles is impossible).
14. Connection of systems in which the office information and information which is the state secret to wide area networks of data transmission is processed is performed with use of means of cryptographic information protection which are allowed to operation for cryptographic information protection of the corresponding extent of access restriction, and/or equipment rooms, the hardware and software of information technical protection which has positive expert opinion by results of state examination in the field of information technical protection and the implementing safety features of the unidirectional (one-sided) data transmission and/or bidirectional data transmission taking into account their informative analysis.
In the hardware and software of information technical protection realizing functions of the unidirectional (one-sided) data transmission and or firewalling (filtering) of the data providing protection of the office information and information which is the state secret, the level of assurance of correctness of provision of functional services of safety shall be not lower than third.
Sufficiency of the implemented information security products is proved at stage of technical system design of information protection and is evaluated during conducting state examination of end-to-end system of information protection.".
5. Add Item 16 with paragraphs of the following content:
"The state information resources and information with limited access, except the state secret, office information and the state and unified registers which creation and ensuring functioning is determined by the laws can be processed in system without application of end-to-end system of information protection. Conditions under which it is possible not to apply end-to-end system of information protection are determined by the Law of Ukraine "About information protection in information and telecommunication systems".
In such systems the technical and organizational requirements on information protection determined by these rules shall be fulfilled.".
6. State Item 22 in the following edition:
"22. The procedure for conducting state examination of system of social protection, state examination of means technical and cryptographic information protection is established by Administration.
The executive bodies, military forming created according to the law which have permission to work on information technical protection for own needs have the right to organize conducting state examination of systems of protection at the companies, in organizations, the organizations, organizations, military connections and parts which belong to their field of management or are subordinated of the Procedure for conducting such examination is established by the executive body, military forming created according to the law in coordination with Administration.".
7. Exclude Item 23.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.