Document from CIS Legislation database © 2003-2024 SojuzPravoInform LLC

Unofficial transfer (c) Soyuzpravoinform LLC

RESOLUTION OF THE CABINET OF MINISTERS OF UKRAINE

of May 16, 2023 No. 497

About the approval of the Procedure for search and detection of potential vulnerability information (automated) electronic communication, information communications systems, electronic communication networks

According to Item 2 of the Section II "Final provisions" of the Law of Ukraine "About introduction of amendments to the Criminal code of Ukraine concerning increase in efficiency of fight against cybercrime in the conditions of action of warlike situation" the Cabinet of Ministers of Ukraine decides:

Approve the Procedure for search and detection of potential vulnerability information (automated), electronic communication, information communications systems, the enclosed electronic communication networks.

Prime Minister of Ukraine

D. Shmygal

Approved by the Resolution of the Cabinet of Ministers of Ukraine of May 16, 2023, No. 497

Procedure for search and detection of potential vulnerability information (automated), electronic communication, information communications systems, electronic communication networks

1. This Procedure determines the mechanism of implementation of search and detection of potential vulnerability information (automated), electronic communication, information communications systems, electronic communication networks (further - search of potential vulnerability of system).

Action of this Procedure does not extend on information (automated), electronic communication, information communications systems, electronic communication networks in which the office information and/or information which is the state secret, prospecting secret, bank secrecy is processed.

2. In this Procedure terms are used in the following value:

the owner of system - physical person or legal entity which possesses the property right to system;

vulnerability of system property of system because of which use the threat for its safety is created is broken the steady, reliable and normal mode of functioning of system, unauthorized intervention in its work is performed, the threat for safety (security) of electronic information resources, confidentiality, integrity, availability of such resources is created;

decompiling conversion of the computer program from the object code in the source text;

disassembling - binary code conversion of the computer program to form, available to reading by the person;

the researcher of potential vulnerability (further - the researcher) - the physical person or legal entity performing search of potential vulnerability of system according to requirements of this Procedure;

the report on vulnerability of system on search results of its potential vulnerability (further - the report) - information on vulnerability of system prepared by the researcher by results of implementation of search of its potential vulnerability by it;

the return engineering process of the analysis of system for identification of its components and determination of tasks which they carry out in system;

the changes in system change made in information (automated), electronic communication, information communications system, electronic communication network (further - system) for the problem resolution of vulnerability of system, prevention of use of vulnerability, minimization of possible effects of its use;

the coordinator of search of potential vulnerability of system (further - the coordinator) - the physical person or legal entity providing services in the organization of search of potential vulnerability of system;

the period of nondisclosure of information on vulnerability of system term during which information on the potential vulnerability of system found by the researcher is not subject to disclosure by the researcher.

Other terms are used in the value given in the Laws of Ukraine "About the basic principles of ensuring cyber security of Ukraine", "About electronic communications", "About information protection in information communications systems", general requirements to cyberprotection of the objects of critical infrastructure approved by the resolution of the Cabinet of Ministers of Ukraine of June 19, 2019 No. 518 (The Official Bulletin of Ukraine, 2019, No. 50, the Art. 1697), DSTU ISO/IEC 29147:2016 "Information technologies. Protection methods. Disclosure of vulnerabilities", DSTU ISO/IEC 27000:2015 "Information technologies. Protection methods. Information security management system. Overview and dictionary".

3. The organization of search of potential vulnerability of system is performed by its owner.

If necessary the owner of system can make the decision on involvement of the coordinator for the organization of search of potential vulnerability of system.

Involvement of the coordinator happens by the conclusion between the owner of system and the coordinator of the service provision agreement on the organization of search of potential vulnerability of system in whom, in particular, are determined:

the rights and obligations, questions of the paid nature or gratuitousness of provision of services on the organization of search of potential vulnerability of system;

procedure and conditions of payment of remuneration to the researcher if such remuneration is provided by public offer about the implementation of search and detection of potential vulnerability information (automated), electronic communication, information communications systems, electronic communication networks (further - public offer);

procedure for the reporting of the coordinator before the owner of system about remuneration payment to the researcher if such remuneration is provided by public offer;

the mechanism of informing system by the coordinator of the owner on the received report and results of its check;

the mechanism of informing the coordinator by the owner of system on results of verification of the report and the made decision on introduction or not modification of system taking into account the revealed vulnerability.

In case when the service provision agreement on the organization of search of potential vulnerability of system provides the coordinator of paid services, such agreement is signed according to requirements of the legislation in the field of public purchases.

4. Search of potential vulnerability of system is performed based on public offer.

The public offer is published by the owner of system on own official site.

In case of involvement of the coordinator by the owner of system the public offer is published by the coordinator on its own official site. In that case the owner of system publishes the reference to the corresponding page of the website of the coordinator on the official site.

The public offer is taught in Ukrainian, at the same time in addition the owner of system or the coordinator can state the offer in foreign language which is official language of the Council of Europe.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.