ORDER OF THE GOVERNMENT OF THE REPUBLIC OF TAJIKISTAN

of June 23, 2025 No. 354

About Requirements imposed to certification centers

According to article 30 of the Law of the Republic of Tajikistan "About the electronic document and the digital signature" the Government of the Republic of Tajikistan decides:

Approve Requirements imposed to certification centers (are applied).

Appendix

to the Order of the Government of the Republic of Tajikistan of June 23, 2025 No. 354

Requirements imposed to certification centers

1. General provision

1. Requirements imposed to certification centers (further - these Requirements), determine requirements to certification centers, including the information security products used in certification centers and to digital signature facilities of certification centers.

2. Information systems and resources of certification centers shall be protected from illegal access (penetration) for the purpose of prevention of illegal distribution, plunder, loss, destruction, blocking and falsification of data in information systems and resources.

2. Requirements to certification centers and to their means

3. For the activities certification centers shall conform to the following requirements and conditions:

- availability of devices, technical supply and the software for preparation and verification of the protected digital signature certified in accordance with the established procedure;

- availability of possibility of regular creation of backup copies of data and their storage in safe places;

- availability of conditions for ensuring the round-the-clock access for users;

- availability of devices, technical supply and the software for preparation, accounting and storage of the certificate of the key of the protected digital signature certified in accordance with the established procedure;

- availability of the conditions providing protection of limited information against distribution;

- availability of the necessary rooms meeting the requirements of information security, technical safety and fire safety;

- availability of the appropriate financial, material, technical and social resources necessary for safety, reliability and continuity of rendering services in certification of keys of the protected digital signature, and also for covering of damage which can be caused in connection with provision of these services;

- availability of the certified signing key of the authorized person of certification center designated for certificates of key of the protected digital signature in the procedure established by the legislation;

- ensuring reliable and operational registration of information in the register of certificates of key, including timely provision of services on suspension of action and cancellation of certificates of key of the protected digital signature;

- possibility for determination of date and time of issue, suspension or cancellation of the certificate of key of the protected digital signature;

- availability of the personnel having the corresponding qualification including in the information security field necessary for provision of services on certification of key of the protected digital signature;

- safety of the protected digital signatures;

- storage of information on the certificate of key of the protected digital signature according to the procedure provided by the Law of the Republic of Tajikistan "About the electronic document and the digital signature";

- compliance to other special conditions established by authorized body in the field of the digital signature.

4. Certification centers shall store the following information:

- details of the main document confirming the certificate holder's personality – the physical person;

- data on the name, number and date of issue of the document which is certifying the rights of person acting on behalf of the applicant - the legal entity and submitted the application for receipt of the certificate;

- data on the name, number and date of issue of the documents confirming powers of the certificate holder to act on behalf of the third parties if the certificate includes data on powers of the certificate holder to act on behalf of the third parties.

5. The specified information shall be stored by certification centers during the activities period if other term is not provided by regulatory legal acts of the Republic of Tajikistan.

6. Information shall be stored in the form allowing to check its completeness and reliability.

7. Certification centers shall provide to the certificate holder information access, belonging to the certificate holder and stored in the center.

8. In case of the activities termination the certification center shall:

- inform on it all owners of the protected digital signatures serviced by it;

- report about it to authorized body in the field of the digital signature;

- in accordance with the established procedure to provide to authorized body in the field of the digital signature the list of certificates of keys of the digital signature;

- to provide in accordance with the established procedure to authorized body in the field of the digital signature of the data, stipulated in Item 4.

9. The means of certification centers used in certification centers shall counteract the threats consisting of purposeful actions with use of equipment rooms and (or) the software allocated for undermining technical and cryptographic safety of funds of certification centers or for the purpose of creation of conditions for this purpose (further - the attack).

10. Depending on capability to resist to the attacks of means of certification centers, used in certification centers, KC3, KB1, KB2 and KA are subdivided into the KC1, KC levels 2,. Necessary level of safety of means of the certification centers used in certification centers is established by authorized body in the field of the digital signature.

Note: Here:

- KA - the highest level;

- KB1, KB2 - the average level;

- KC1, KC2, KC3 - the bottom level.

11. Level of the protected digital signature facilities (the digital digital signature) used in means of certification centers shall not be below appropriate level of means of certification centers and shall be included in operational documents of means of certification centers. Level of means of the cryptographic information protection used in means of certification centers shall not be below appropriate level of means of certification centers and shall be reflected in operational documents of means of certification centers.

12. The software of means of certification centers, used in certification centers, means which can change or distort algorithm of work of the software and the equipment used in information system of certification centers shall not contain.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info