Document from CIS Legislation database © 2003-2025 SojuzPravoInform LLC

RESOLUTION OF THE CABINET OF MINISTERS OF THE KYRGYZ REPUBLIC

of October 15, 2024 No. 621

About approval of the Regulations on system of certification of means of information protection

According to article 16 of the Law of the Kyrgyz Republic "About cyber security of the Kyrgyz Republic", article 23 of the Law of the Kyrgyz Republic "About protection of the state secrets of the Kyrgyz Republic", articles 13, of the 17th constitutional Law of the Kyrgyz Republic "About the Cabinet of Ministers of the Kyrgyz Republic" the Cabinet of Ministers of the Kyrgyz Republic decides:

1. Approve Regulations on system of certification of means of information protection according to appendix.

2. To the state committee of homeland security of the Kyrgyz Republic to bring the acts into accord with this resolution in a month.

3. This resolution becomes effective after fifteen days from the date of official publication.

Chairman of the Cabinet of Ministers of the Kyrgyz Republic

A. Zhaparov

Appendix

to the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of October 15, 2024 No. 621

Regulations on system of certification of means of information protection

Chapter 1. General provisions

1. This Provision determines the organization and procedure for holding procedure of certification of the means of information protection used for the purpose of information security according to the legislation of the Kyrgyz Republic.

2. Certification of means of information protection is performed on compliance to the requirements for safety established by the legislation of the Kyrgyz Republic.

Chapter 2. Main terms

3. The concepts used for the purposes of this provision mean the following:

means of information protection (further - SZI) - the technical, cryptographic, program and other means intended for information security, means in which they are realized, and also control facilities of efficiency of information security;

certification of SZI (further - certification) - activities for confirmation of their compliance to requirements of the national standards or other regulating documents for information security established by the legislation of the Kyrgyz Republic;

authorized body - authorized state body in the sphere of ensuring national security of the Kyrgyz Republic;

the approving bodies - authorized state bodies in the sphere of personal data protection of the Kyrgyz Republic, in the field of digitalization of the Kyrgyz Republic and National Bank of the Kyrgyz Republic;

manufacturer - the legal entity or physical person registered as the individual entrepreneur, including the foreign manufacturer, enabling on its own behalf production and the realization of SZI and responsible for its compliance to requirements for safety;

person authorized by the manufacturer - the legal entity or physical person registered as the individual entrepreneur which based on the contract with the foreign manufacturer acts on behalf of this manufacturer in case of assessment of conformity and release of SZI in the territory of the Kyrgyz Republic and also bears responsibility for discrepancy of SZI to requirements for safety;

requirements for safety - the mandatory requirements in the field of technical regulation of SZI stated in national standards or other regulatory legal acts in the sphere of information security, established by the legislation of the Kyrgyz Republic;

task on safety - the document containing requirements for safety for the certified SZI;

testing - the testing/measurement of SZI taken for the purpose of establishment of compliance of characteristics of SZI properties to national and (or) international normative and technical documents;

the form (passport) - the document containing the data certifying manufacturer's guarantees, values of key parameters and properties of product.

Chapter 3. Main objectives and the subject certifications of means

4. The purposes of system of certification of SZI are:

- ensuring national security in the sphere of informatization;

- forming and implementation of single scientific and technical and industrial policy in the sphere of informatization taking into account requirements for safety;

- assistance to market grouping of the protected information technologies and means of their providing;

- regulation and control of development, and also subsequent production of SZI;

- assistance to consumers in the competent choice of SZI;

- consumer protection from bad faith of the manufacturer (the seller, the contractor).

5. Certifications are subject:

- means of technical information security, including means in which they are realized, and also control facilities of efficiency of technical information security;

- safety controls of information technologies, including the protected means of information processing.

The cryptographic (cryptographic) means intended for information security, which are not constituting the state secrets shall be executed on the basis of the cryptographic algorithms approved:

- the national and international standards existing in the territory of the Kyrgyz Republic;

- and other acts established in the legislation of the Kyrgyz Republic in the sphere of information security.

6. SZI intended for protection of the state secrets are subject to obligatory certification taking into account this Provision and according to the legislation of the Kyrgyz Republic on protection of the state secrets.

7. SZI intended for protection of non-state secrets shall undergo certification on the 4th level of credibility of KMS ISO/MEK 15408-3:2024.

Chapter 4. System of certification

8. The authorized body approves certification of SZI used for:

- personal data protection with authorized state body in the sphere of personal data protection of the Kyrgyz Republic;

- safety of the data which are bank secrecy with National Bank of the Kyrgyz Republic;

- protection of objects of information infrastructure of state bodies, local government bodies, state companies and organizations with authorized state body in the field of digitalization of the Kyrgyz Republic.

9. Participants of system of certification of the Kyrgyz Republic are:

- authorized body;

- the approving bodies;

- test laboratories;

- applicant.

10. The authorized body within the competence develops requirements for safety to SZI and will organize carrying out certification:

- carries out the analysis of the request and the submitted documents for certification;

- makes the decision on carrying out / on refusal in carrying out certification;

- carries out the analysis of materials of testing of SZI;

- makes the decision on issue/refusal in issue of the certificate of conformity;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.