ORDER OF ADMINISTRATION OF PUBLIC SERVICE OF SPECIAL COMMUNICATION AND INFORMATION PROTECTION OF UKRAINE

of July 4, 2008 No. 112

About approval of the Evaluation procedure of condition of security of the state information resources in information, telecommunication and information and telecommunication systems

According to Item 11 parts one of article 16 of the Law of Ukraine "About Public service of special communication and information protection of Ukraine" and the Regulations on Administration of Public service of special communication and information protection approved by the resolution of the Cabinet of Ministers of Ukraine of 24.06.2006 No. 868, ORDER:

1. Approve the Evaluation procedure of condition of security of the state information resources in information, telecommunication and information and telecommunication systems which is applied.

2. To provide to the head of the security department of information and telecommunication systems of Administration of Gosspetssvyaz provision of the order in accordance with the established procedure on state registration in the Ministry of Justice of Ukraine.

3. To impose control of execution of the order on the vice-chairman of Gosspetssvyaz Frolov O. V.

Approved by the Order of Administration of Public service of special communication and information protection of Ukraine of July 4, 2008, No. 112

Evaluation procedure of condition of security of the state information resources in information, telecommunication and information and telecommunication systems

1. This Procedure developed according to Item 11 parts one of article 16 of the Law of Ukraine "About Public service of special communication and information protection of Ukraine" determines legal and organizational basis of evaluating condition of security of the state information resources in information, telecommunication and information and telecommunication systems of public authorities, local government bodies, the military forming formed according to the laws of Ukraine (further - military forming), the companies, organizations and the organizations irrespective of patterns of ownership.

Action of this Procedure does not extend to systems of special communication.

2. Terms in this Procedure are used in the following value:

assessment (estimation) of condition of security of the state information resources in information, telecommunication and information and telecommunication systems (further - security condition assessment) - set of the actions directed to identification of threats to the state information resources from implementation of unauthorized actions in information, telecommunication and information and telecommunication systems (further - ITS);

assessment (estimation) of security of information in information, telecommunication and information and telecommunication system (further - security assessment) - actions concerning identification in information, telecommunication, information and telecommunication system of the technical solutions creating possibility of implementation of actions for violation of integrity, confidentiality and availability of information which in it circulates.

Other terms are used in the value given in the Laws of Ukraine "About information protection in information and telecommunication systems", "About Public service of special communication and information protection of Ukraine".

3. Object of assessment of condition of security is the condition of security of the state information resources which are processed in information, telecommunication and information and telecommunication systems, irrespective of availability of end-to-end system of information protection (further - KSZI).

4. Assessment of condition of security is performed for the purpose of identification of the existing threats to the state information resources in ITS and is component of actions for information protection.

5. In ITS where KSZI with the confirmed compliance is created, assessment of condition of security is performed for the purpose of identification of threats to the state information resources which arose in use KSZI owing to non-compliance with requirements of regulations in the field of information protection in ITS and which are not considered in KSZI.

6. In case of identification in ITS where KSZI with the confirmed compliance, additional threats to the state information resources which arose for the period operation of KSZI is created, information on such KSZI is provided to Gosspetssvyaz according to Regulations on the Register of information, telecommunication and information and telecommunication systems of executive bodies, and also the companies, organizations and the organizations which treat the sphere of their management, approved by the resolution of the Cabinet of Ministers of Ukraine of 03.08.2005 N 688.

7. Security condition assessment in public authority, local government body, military forming, the company, organization, the organization irrespective of pattern of ownership is performed Gosspetssvyaz.

8. By results of assessment of condition of security the appraisal report of condition of security of the state information resources in information, telecommunication and information and telecommunication systems (further - the Act) according to appendix where results of work of the commission and the recommendation concerning increase in level of security of the state information resources which affirms the Chairman of Gosspetssvyaz or his deputy for activity according to distribution of functional obligations are stated is drawn up.

9. For the purpose of implementation of assessment of condition of security:

State special communications:

creates the commission on security condition assessment (further the commission);

performs planning of evaluating condition of security in public authorities, local government bodies, military forming, the companies, organizations and the organizations irrespective of patterns of ownership;

develops the general program and technique of assessment of condition of security in public authorities, local government bodies, military forming, the companies, organizations and the organizations irrespective of patterns of ownership, and also separate programs and techniques of assessment of security depending on type of ITS and access mode to information which in them is processed;

determines the list of the documents concerning functioning of ITS and are subject to the analysis during evaluating condition of security;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info