Document from CIS Legislation database © 2003-2025 SojuzPravoInform LLC

It is registered

Ministry of Justice

Republic of Uzbekistan

On September 22, 2023 No. 3458

ORDER OF THE CHAIRMAN OF SERVICE OF STATE SECURITY OF THE REPUBLIC OF UZBEKISTAN

of September 4, 2023 No. 91

About approval of the Regulations on evaluation procedure of level of ensuring cyber security of objects of cyber security and critical information infrastructure of the Republic of Uzbekistan

According to the Law of the Republic of Uzbekistan "About cyber security", the Presidential decree of the Republic of Uzbekistan of June 15, 2020 No. UP-6007 "About Measures for Implementation of the State System of Protection of Information Systems and Resources of the Republic of Uzbekistan", the resolution of the President of the Republic of Uzbekistan of June 15, 2020 "About measures for further enhancement of system of ensuring cyber security in the Republic of Uzbekistan" I ORDER to No. PP-4751:

1. Approve Regulations on evaluation procedure of level of ensuring cyber security of objects of cyber security and critical information infrastructure of the Republic of Uzbekistan according to appendix.

2. This order is approved with the Ministry of digital technologies of the Republic of Uzbekistan.

3. This order becomes effective from the date of its official publication.

Chairman

A. Azizov

 

Appendix

to the Order of the chairman of Service of state security of the Republic of Uzbekistan of September 4, 2023 No. 91

Regulations on evaluation procedure of level of ensuring cyber security of objects of cyber security and critical information infrastructure of the Republic of Uzbekistan

This Provision determines evaluation procedure of level of ensuring cyber security of objects of cyber security and critical information infrastructure of the Republic of Uzbekistan (further - assessment).

Chapter 1. General provisions

1. In this Provision the following concepts are used:

cyber security - condition of security of interests of the personality, society and state from external and internal threats in cyberspace;

cyber security object - complex of the information systems used in activities for ensuring cyberinformation security and cyber security of national information systems and resources including objects of critical information infrastructure;

cyberprotection - complex of legal, organizational, financial and economic, technical measures, and also the measures of cryptographic and technical data protection directed to prevention of incidents of cyber security, identification of cyber attacks and protection against them, elimination of effects of cyber attacks, recovery of stability and reliability of activities of telecommunication networks, information systems and resources;

cyber attack - the action posing cyber security threat, intentionally performed in cyberspace with use of equipment rooms, hardware-software and software;

critical information infrastructure - complex of automated control systems, information systems and resources of the networks and engineering procedures having important strategic and social and economic importance;

objects of critical information infrastructure - the systems of informatization applied in the field of public administration and rendering the state services, defense, ensuring state security, law and order, fuel and energy complex (nuclear power), chemical, petrochemical industries, metallurgy, water use and water supply, agricultural industry, health care, housing-and-municipal servicing, bank financial system, transport, information and communication technologies, ecology and environmental protection, production and conversion of minerals of strategic importance, the production sphere and also in other industries of economy and the social sphere.

2. Assessment is systematically performed in the course of implementation, use and/or development of objects of cyber security and critical information infrastructure.

Chapter 2. Procedure for evaluating

3. Assessment is carried out according to the address of heads of objects of cyber security and critical information infrastructure represented to Service of state security of the Republic of Uzbekistan (further - authorized state body). At the same time data on fulfillment of requirements, 3 this provision established by Chapter are attached to the address.

Assessment can be carried out directly at the initiative of authorized state body or based on its written order by working body of authorized state body - SUE Center of Cyber Security (further - working body).

At the same time assessment is carried out till three months, also, depending on the level of complexity of process of assessment of objects of cyber security and critical information infrastructure, this term can be extended by authorized state body or the head of working body the next three months.

4. In the course of assessment the authorized state body or working body studies availability of the threats exerting negative impact on cyber security of objects of cyber security and critical information infrastructure.

5. The works which are carried out in the course of assessment can be also carried out with use of the automated software.

Chapter 3. Evaluation methods

6. In the course of assessment the authorized state body or working body study the following factors of realization of cyber security:

system effectiveness of ensuring cyberprotection;

implementation of measures for prevention of unauthorized use of information and objects of its processing;

compliance of parameters of system of ensuring cyberprotection to requirements of technical regulations, implementation of the actions providing continued operation of object of cyber security and critical information infrastructure;

availability of possibility of operational system recovery of ensuring cyberprotection in case of cyber security incident;

implementation of monitoring system, audit and analysis, identification, taking measures and elimination of effects of cyber attacks;

availability of the documents providing cyber security and operation of object of cyber security and critical information infrastructure;

appointment of specialists to the positions connected with ensuring cyber security;

ensuring confidential data protection.

7. System effectiveness of ensuring cyberprotection is estimated on the basis:

compliance to requirements of cyber security of architecture and configuration of automated control system;

availability of the certificate of conformity to requirements of information security and cyber security of means of ensuring of cyber security;

availability of the conclusion about conducting complex examination of information system and resources on compliance to requirements of cyber security;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.