RESOLUTION OF THE CABINET OF MINISTERS OF THE KYRGYZ REPUBLIC

of April 14, 2026 No. 250

About approval of Requirements to ensuring cyber security of objects of critical information infrastructure of the Kyrgyz Republic

According to Item 6 parts of 1 Article 6, article 12 of the Law of the Kyrgyz Republic "About cyber security of the Kyrgyz Republic", articles 13, of the 17th constitutional Law of the Kyrgyz Republic "About the Cabinet of Ministers of the Kyrgyz Republic" the Cabinet of Ministers of the Kyrgyz Republic decides:

1. Approve Requirements to ensuring cyber security of objects of critical information infrastructure of the Kyrgyz Republic according to appendix.

2. Bring in the resolution of the Cabinet of Ministers of the Kyrgyz Republic "About approval of Requirements to creation of systems of cyber security of objects of critical information infrastructure of the Kyrgyz Republic and to ensuring their functioning" of December 9, 2024 No. 746 the following change:

- state Item 2 in the following edition:

"2. To subjects of critical information infrastructure to take the measures following from the Requirements approved by Item 1 of this resolution for the account:

- the provided means in the relevant budgets of budget system and other sources which are not prohibited by the legislation of the Kyrgyz Republic for the subjects which are budgetary institutions;

- own means and other sources which are not prohibited by the legislation of the Kyrgyz Republic (except for budgetary funds), for the subjects which are commercial and non-profit organizations, and also economic partnerships and societies.".

3. To subjects of critical information infrastructure to take the measures following from the Requirements approved by Item 1 of this resolution for the account:

- the provided means in the relevant budgets of budget system and other sources which are not prohibited by the legislation of the Kyrgyz Republic for the subjects which are budgetary institutions;

- own means and other sources which are not prohibited by the legislation of the Kyrgyz Republic (except for budgetary funds), for the subjects which are commercial and non-profit organizations, and also economic partnerships and societies.

4. To impose control of execution of this resolution on management of control of execution of decisions of the President and the Presidential Administration Cabinet of Ministers of the Kyrgyz Republic.

5. This resolution becomes effective after fifteen days from the date of official publication.

Appendix

to the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of April 14, 2026 No. 250

Requirements to ensuring cyber security of objects of critical information infrastructure of the Kyrgyz Republic

Chapter 1. General provisions

1. These Requirements for ensuring cyber security of objects of critical information infrastructure of the Kyrgyz Republic (further - Requirements) are developed according to article 12 of the Law of the Kyrgyz Republic "About cyber security of the Kyrgyz Republic" and are aimed at providing cyber security of objects of critical information infrastructure of the Kyrgyz Republic (further - CUES), and also the prevention, identification, monitoring, reaction and minimization of effects of cyber attacks and cyberincidents.

2. Action of these Requirements extends to information, information and telecommunication systems, telecommunication networks, databases, data-processing centers and automated control systems which are carried to objects CUES according to Regulations on procedure for categorization of objects of critical information infrastructure of the Kyrgyz Republic and the List of indicators of criteria of the importance of objects of critical information infrastructure of the Kyrgyz Republic approved by the resolution of the Cabinet of Ministers of the Kyrgyz Republic "About approval of the Regulations on procedure for categorization of objects of critical information infrastructure of the Kyrgyz Republic and the List of indicators of criteria of the importance of objects of critical information infrastructure of the Kyrgyz Republic" of November 29, 2024 No. 716.

3. For ensuring cyber security of objects CUES in which there is information processing to the subject protection according to the legislation of the Kyrgyz Republic, these Requirements are applied taking into account the legislation and standards in the field of ensuring cyber security, and also provisions of industry regulatory legal acts.

4. Cyber security of objects CUES is provided with subjects CUES according to the Requirements to creation of systems of cyber security of objects of critical information infrastructure and ensuring their functioning approved by the resolution of the Cabinet of Ministers of the Kyrgyz Republic "About approval of Requirements to creation of systems of cyber security of objects of critical information infrastructure of the Kyrgyz Republic and to ensuring their functioning" of December 9, 2024 No. 746, and also according to these Requirements.

5. The subsystem of cyber security of object CUES is the element of system of cyber security of the subject CUES intended for steady protection of information processes of objects CUES. The subsystem of cyber security of object CUES combines the technical means and organizational measures directed to prevention of threats, information security and maintenance of stability of its functioning. The subsystem of cyber security of object CUES is integrated into single contour of cyber security of the subject CUES and participates in the processes of ensuring cyber security, monitoring, reaction and management of cyberincidents organized at the level of the subject CUES that allows to reveal and eliminate cyberthreats quickly.

Chapter 2. Requirements to ensuring cyber security during creation, operation and conclusion from operation of objects CUES

6. Ensuring cyber security of objects CUES is component of works on creation (upgrade), commissioning, operation and conclusion from operation of objects CUES. Measures for ensuring cyber security of objects CUES are taken at all stages (stages) of their lifecycle.

7. At stages (stages) of lifecycle during creation (upgrade), commissioning, operation and conclusion from operation of object CUES the following events are held:

1) establishment of requirements to ensuring cyber security of object CUES;

2) development of organizational and technical measures for ensuring cyber security of object CUES;

3) implementation of organizational and technical measures for ensuring cyber security of object CUES and its input in operation;

4) ensuring cyber security of object CUES in case of its operation;

5) ensuring cyber security of object CUES in case of conclusion from operation.

8. Results of implementation of actions, carried out for ensuring cyber security of object CUES at stages (stages) of its lifecycle, are subject to documentation. The structure and document forms are determined by the subject CUES.

For the objects CUES which are in operation, these Requirements are subject to realization within upgrade of object CUES and (or) creations (upgrade) of subsystems of cyber security of the operated objects CUES. Creation (upgrade) of subsystems of cyber security of objects CUES is performed according to these Requirements taking into account the programs (plans) which are available for subjects CUES.

Chapter 3. Establishment of requirements to ensuring cyber security of object CUES

9. These Requirements are established taking into account indicators of criteria of the importance of object the CUE according to the procedure determined by the Cabinet of Ministers of the Kyrgyz Republic.

These Requirements join in specifications on creation (upgrade) of object CUES and (or) subsystems of cyber security of object CUES which shall contain:

1) purpose and tasks of ensuring cyber security of object CUES or subsystems of cyber security of object CUES;

2) category of the importance of object CUES;

3) the list of regulatory legal acts and standards of cyber security to which there shall correspond object CUES;

4) requirements to the organizational and technical measures taken for ensuring cyber security of object CUES.

10. The purpose of ensuring cyber security of object CUES is ensuring its steady functioning in the conditions of impact of cyber attacks and cyberincidents.

11. CUES are tasks of ensuring cyber security of object:

1) prevention of illegal information access, processed (transferred, stored) object CUES, destructions, modifyings, blockings, copyings, provisions and distribution, and also other wrongful acts concerning such information;

2) non-admission of impact on program and software and hardware as a result of which functioning of object CUES can be broken and stopped;

3) ensuring functioning of object CUES in the conditions of impact of cyberthreats;

4) possibility of recovery of functioning of object CUES.

12. In object CUES are subject to protection against cyberthreats:

- processed (transferred, stored) information, information on parameters of the managed object or process, and also other crucial information;

- program and software and hardware, telecommunication equipment;

- means of information protection;

- architecture and configuration of object CUES.

Chapter 4. Development of organizational and technical measures for ensuring cyber security of object CUES

13. Development of organizational and technical measures for ensuring cyber security of object CUES is performed by the subject CUES during creation (upgrade) of object CUES and (or) subsystems of cyber security of object CUES according to specifications.

Specifications on creation (upgrade) of object CUES and subsystems of cyber security of object shall include CUES:

1) development of model of cyberthreats;

2) designing of subsystem of cyber security of object CUES;

3) development of operational documentation on object CUES (regarding ensuring its cyber security).

In case of development of organizational and technical measures for ensuring cyber security of object CUES its information exchange with other objects CUES is considered.

14. The subject CUES can attract the organizations (person) to development, implementation, upgrade, operation, ensuring functioning and conclusion from operation of objects CUES and subsystems of cyber security of objects CUES according to the legislation of the Kyrgyz Republic only in coordination with authorized state body in the field of ensuring cyber security.

15. The purpose of development of model of cyberthreats is determination of possible methods and effects of their realization (origin) taking into account the list of users and their powers, program and software and hardware, interrelations of components of object CUES, interactions with other objects CUES (further - architecture of object CUES), and also features of functioning of object CUES.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info