of April 1, 2024 No. 185/Tax Code
About approval of Rules of functioning of the program of interaction with researchers of information security
According to subitem 20-4) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" PRIKAZYVAYU:
1. Approve the enclosed Rules of functioning of the program of interaction with researchers of information security.
2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan in the procedure established by the legislation:
1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;
2) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan;
3) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1) and 2) of this Item.
3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.
4. This order becomes effective after sixty calendar days from the date of its first official publication.
Minister of digital development, innovations and aerospace industry of the Republic of Kazakhstan
B. Musin
|
It is approved Committee of homeland security of the Republic of Kazakhstan |
|
Approved by the Order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of April 1, 2024 No. 185/Tax Code
1. These rules of functioning of the program of interaction with researchers of information security (further - Rules) are developed according to subitem 20-4) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" (further - the Law) and determine procedure for functioning of the program of interaction with researchers of information security by objects of informatization of state bodies (further - PV IIB on OI GO).
2. In these rules the following basic concepts are used:
1) objects of informatization (further - OI) - electronic information resources, the software, Internet resource and information and communication infrastructure;
2) the owner of objects of informatization - subject to which the owner of objects of informatization granted rights of possession and uses of objects of informatization in the limits determined by the law or the agreement and procedure;
3) the researcher of information security (further - the researcher of IB) - the specialist in the field of information security support and (or) information and communication technologies registered in the program of interaction with researchers of information security, researching the objects of informatization connected to the program of interaction with researchers of information security for detection of vulnerabilities;
4) the program of interaction with researchers of information security (further - PV IIB) - the object of informatization intended for registration of researchers of information security, registration of the revealed vulnerabilities, and also for ensuring interaction of researchers of information security with objects of informatization;
5) authorized body in the field of information security support (further - authorized body) - the central executive body performing management and cross-industry coordination in the field of information security support;
6) the public technical service - the joint-stock company created according to the decision of the Government of the Republic of Kazakhstan;
7) the operator of the program of interaction with researchers of information security on objects of informatization of state bodies (further - the operator) - the State operational Information Security Center providing functioning of the program of interaction for objects of informatization of state bodies (further - OI GO);
8) vulnerability - lack of object of informatization which use can lead to violation of integrity and (or) confidentiality, and (or) availability of object of informatization;
9) the report on vulnerability (further - the report) - data on IB of vulnerability in object of informatization revealed by the researcher;
10) token - unique line value.
3. Tasks and functions of the State operational Information Security Center as operator, according to the subitem 6) of Item 1 of Article 7-8, the subitem 3) of Item 1 of Article 7-4 and the subitem 15) of Item 1 of article 14 of the Law the public technical service (Public Technical Service joint-stock company, further - JSC GTS) providing functioning of PV IIB on OI GO on own information and communication infrastructure implements.
4. Ensuring functioning of PV IIB on OI GO is performed based on contractual relations between Committee of homeland security of the Republic of Kazakhstan (further - KNB RK) and JSC GTS.
5. The authorized body for forming of the OI GO list, subject to connection to PV IIB on OI GO, sends inquiry to owners or owners of OI GO for provision of data by OI GO having Internet access (further - request).
6. Owners or owners of OI GO send to authorized body of the data on OI GO having Internet access in the form of names OI GO and terms of search of vulnerabilities in it within 10 (ten) working days from the date of receipt of request.
7. The authorized body on the basis of the provided information from owners or owners of OI GO creates the OI GO list, subject to connection to PV IIB on OI GO, and terms of search of vulnerabilities in OI GO (further - the list) within 10 (ten) working days.
8. The authorized body sends the list to the operator within 3 (three) working days from the date of forming of the list.
9. The operator notifies owners or owners of OI GO according to the list on need of connection to PV IIB on OI GO (further - the notification on connection) within 3 (three) working days from the date of receipt of the list.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.