Document from CIS Legislation database © 2003-2024 SojuzPravoInform LLC

THE ORDER OF OPERATIONAL ANALYTICAL CENTER IN CASE OF THE PRESIDENT OF THE REPUBLIC OF BELARUS

of July 25, 2023 No. 130

About measures for implementation of the Presidential decree of the Republic of Belarus of February 14, 2023 No. 40

Based on Item 3 of the Presidential decree of the Republic of Belarus of February 14, 2023 No. 40 "About cyber security" PRIKAZYVAYU:

1. Approve:

The regulations on procedure for information exchange of elements of national system of ensuring cyber security (are applied);

Regulations on procedure for functioning of national team of response to cyberincidents of the National center of ensuring cyber security and response to cyberincidents, the teams of response to cyberincidents of the centers of ensuring cyber security and response to cyberincidents of objects of information infrastructure of state bodies and other organizations (are applied);

Regulations on procedure for carrying out certification of the centers of ensuring cyber security and response to cyberincidents of objects of information infrastructure of state bodies and other organizations (are applied).

2. Establish structure of technical parameters of cyberincident according to appendix 1.

3. Determine:

requirements to the centers of ensuring cyber security and response to cyberincidents of objects of information infrastructure of state bodies and other organizations according to appendix 2;

standard structure of the centers of ensuring cyber security and response to cyberincidents of objects of information infrastructure of state bodies and other organizations according to appendix 3;

requirements for cyber security of objects of information infrastructure of state bodies and other organizations according to appendix 4.

4. This order becomes effective since August 17, 2023.

Chief

A. Yu. Pavlyuchenko

 

Appendix 1

to the Order of Operational analytical center in case of the President of the Republic of Belarus of July 25, 2023 No. 130

Structure of technical parameters of cyberincident

1. Technical parameters of cyberincident include the following information:

level of cyberincident and its name;

network (IP) addresses of versions 4 and (or) 6, subnets of addresses of objects of information infrastructure (in the presence);

the domain names connected with objects of information infrastructure (in the presence);

unique identifier of cyberincident;

e-mail addresses, URI addresses of objects of information infrastructure (in the presence);

network (IP) addresses of versions 4 and (or) 6, subnets of addresses of sources of cyberincident (in the presence);

the domain names connected with cyberincident sources (in the presence);

the e-mail addresses, URI addresses connected with cyberincident sources (in the presence);

malicious applications (in the presence);

the vulnerability identifier with indication of classification system of vulnerabilities * (in the presence);

types of the operating systems installed on objects of information infrastructure;

the additional data connected with cyberincident (in the presence).

2. Treat cyberincidents of the high level:

implementation and functioning of malicious applications on objects of information infrastructure;

illegal access to objects of information infrastructure with use of information and communication technologies;

use of objects of information infrastructure for implementation of cyber attacks and (or) distribution of malicious applications;

listening, capture, redirection of network traffic of objects of information infrastructure;

mailing of nonrequested information (spam) from objects of information infrastructure;

operation of vulnerabilities on objects of information infrastructure;

the termination of functioning of objects of information infrastructure caused by cyber attack like "failure in servicing".

3. Treat cyberincidents of the low level:

attempt of implementation of malicious applications on objects of information infrastructure;

carrying out the cyber attack like "failure in servicing" directed to objects of the information infrastructure which did not cause negative effects;

attempt of operation of vulnerabilities on objects of information infrastructure;

scanning of objects of information infrastructure for the purpose of search of vulnerabilities;

attempt of illegal access to objects of information infrastructure;

the termination of functioning of objects of information infrastructure which is not connected with cyberincident of the high level;

attempt of use of objects of information infrastructure for distribution of malicious applications;

attempt of carrying out cyber attack to web applications and other network protocols and services;

use of computing capacities of objects of information infrastructure for carrying out cyber attacks.

______________________________

* Classification systems of vulnerabilities – the international or accepted in some states lists (registers, databases) of the known vulnerabilities in safety (infrastructure) of computing systems existing.

 

Appendix 2

to the Order of Operational analytical center in case of the President of the Republic of Belarus of July 25, 2023 No. 130

Requirements to the centers of ensuring cyber security and response to cyberincidents of objects of information infrastructure of state bodies and other organizations

1. The centers of ensuring cyber security and response to cyberincidents of objects of information infrastructure of state bodies and other organizations (further – the centers of cyber security) shall provide:

1.1. availability on the property right or other legal cause of activities, necessary for implementation, or rendering services in ensuring cyber security of rooms, and also placed in the territory of the Republic of Belarus:

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.