of December 30, 2009 No. 2280
About approval of Rules of carrying out certification of the state information systems and non-state information systems integrated with the state information systems on compliance to their requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan
According to article 5 of the Law of the Republic of Kazakhstan of January 11, 2007 "About informatization" the Government of the Republic of Kazakhstan DECIDES:
2. Declare invalid the order of the Government of the Republic of Kazakhstan of January 17, 2008 No. 24 "About approval of Rules of carrying out certification of the state information systems on compliance to requirements of information security" (SAPP of the Republic of Kazakhstan, 2008, No. 1, the Art. 13).
3. This resolution becomes effective from the date of the first official publication.
Prime Minister of the Republic of Kazakhstan
K. Masimov
Approved by the Order of the Government of the Republic of Kazakhstan of December 30, 2009 No. 2280
1. These rules of carrying out certification of the state information systems, including according to the list of the national electronic information resource and national information systems approved by the order of the Government of the Republic of Kazakhstan of October 1, 2007 No. 863, and the non-state information systems integrated with the state information systems on compliance to their requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan (further - Rules) are developed according to the Law of the Republic of Kazakhstan of January 11, 2007 "About informatization" and determine procedure for carrying out certification of the state information systems and non-state information systems integrated with the state information systems on compliance to requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan.
These rules do not extend to carrying out certification of the state information systems performing processing, storage, transfer of the data constituting the state secrets, and also in the protected execution (ST of PK 34.025-2006 created and accepted in operation according to requirements of state standard of the Republic of Kazakhstan Information protection. Procedure for creation of automated systems in the protected execution. General provisions).
2. The basic concepts used in Rules:
1) certifying commission (further - the Commission) advisory advisory body under authorized body which considers results of certification inspection and develops the corresponding recommendations;
2) the certificate of compliance of information system to requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan (further - the certificate) - the document confirming the fact of compliance of information system (further - the IC) to requirements of information security (further - IB) and to the standards accepted in the territory of the Republic of Kazakhstan;
3) authorized body - authorized body in the field of informatization;
4) the public technical service - the republican state company on the right of economic maintaining created according to the decision of the Government of the Republic of Kazakhstan;
5) the applicant - the owner of the IC, the physical person or legal entity authorized by the owner of the IC IB which submitted the application for carrying out certification of the IC for compliance to requirements and standards accepted in the territory of the Republic of Kazakhstan.
3. Certification of the IC on compliance to requirements of IB and to the standards accepted in the territory of the Republic of Kazakhstan is understood as complex of organizational and technical actions for determination of actual state of security of the IC and its compliance to requirements of IB and to the standards accepted in the territory of the Republic of Kazakhstan.
4. Operation and implementation of the state ICs, and also all non-state ICs integrated with them is allowed after their certification on compliance to requirements of IB and to the standards accepted in the territory of the Republic of Kazakhstan.
5. Certification of the IC on compliance to requirements of IB and to the standards accepted in the territory of the Republic of Kazakhstan is performed by authorized body based on certification inspection of the IC.
6. Certification inspection of the IC on compliance to requirements of IB and to the standards accepted in the territory of the Republic of Kazakhstan is carried out by the public technical service.
6-1. Certification inspection includes:
1) check of general structure on compliance to security policy and placements of components in structure;
2) check of configuration of the components which are the constituting ICs;
3) examination of organizational measures of information security of the operated IC;
4) instrumental inspection of the ICs components allowing users to get information access bypassing the existing protection mechanisms.
7. For consideration of the act of certification inspection (daleeakt) the Commission which provision and structure affirm the order of authorized body is created.
8. Representatives are part of the commission:
1) bodies of homeland security of the Republic of Kazakhstan;
2) authorized state body on protection of the state secrets and information security supports;
3) authorized body.
9. Data on the issued certificates are entered by authorized body in the register of certificates containing information on the owner of the IC and the IC developer, the name IC, details of the act of certification inspection and the certificate, date and the basis of renewal of the certificate, dates and results of additional inspections, dates and the bases of response/return of the certificate, date and the bases of cancellation of the certificate.
10. Certification is performed in the following procedure:
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.
The document ceased to be valid since June 15, 2016 according to Item 2 of the Order of the Government of the Republic of Kazakhstan of May 23, 2016 No. 298