IT IS REGISTERED
in Ministry of Justice
On October 13, 2010 No. 18704
of August 31, 2010 No. 416/489
About approval of Requirements about the information protection containing in information systems public
According to Item 3 of the order of the Government of the Russian Federation of May 18, 2009 N 424 * we order:
1. Approve the enclosed Requirements about the information protection containing in information systems public.
2. To impose control of execution of this order on the head of Scientific and technical service of Federal Security Service of the Russian Federation and the first deputy director of the Federal Service for Technical and Export Control.
safety of the Russian Federation
The Federal Service on
to engineering and export supervision
* Russian Federation Code, 2009, N 21, Art. 2573.
to the order of FSB of the Russian Federation and the Federal Service for Technical and Export Control of August 31, 2010 No. 416/489
1. These Requirements extend to the federal state information systems created or used for the purpose of realization of powers of federal executive bodies and containing the data on activities of the Government of the Russian Federation and federal executive bodies obligatory for placement on the information and telecommunication Internet determined by the Government of the Russian Federation * (daleeinformatsionny systems public) and are obligatory for operators of information systems of general use in case of development and operation of information systems public.
2. Information systems public shall provide:
safety and invariance of the processed information in attempts of unauthorized or accidental impacts on it in processing or storages (further - integrity of information);
easy access of users to information (information daleedostupnost) containing in information system public;
protection against actions of the users concerning information who are not provided by instructions for use information system public, bringing including to destruction, modification and blocking of information (further - wrongful acts).
3. Information systems public include computer aids, information complexes and networks, means and transmission systems, acceptance and information processing, means of production, replication of documents and other technical means of processing of speech, graphic, video and alphanumeric information, software (operating systems, database management systems, etc.), information security products applied in information systems.
4. Information containing in information system public is public.
5. Information systems public depending on the importance of information containing in them and requirements to its protection are divided into two classes.
5.1. Information systems public of the Government of the Russian Federation and other information systems public belong to the I class if violation of integrity and availability of information containing in them can lead to emergence of safety hazards of the Russian Federation. Reference of information systems public to the I class is carried out according to the decision of the head of the corresponding federal executive body.
5.2. The information systems public which are not specified in subitem 5.1 of this Item belong to the II class.
6. Information protection, containing in information systems public, is reached by exception of wrongful acts concerning the specified information.
7. Methods and methods of information protection in information systems public are determined by the operator of information system public and shall conform to these Requirements.
Sufficiency of the taken measures for information protection in information systems public is evaluated when holding actions for creation of these systems, and also during the actions for control of their functioning.
8. Works on information protection in information systems public are integral part of works on creation of these systems.
9. Placement of information systems public, the special equipment and protection of rooms in which there are technical means the organization of the mode of safety in these rooms shall ensure safety of information mediums and information security products, and also to exclude possibility of uncontrollable penetration or stay in these rooms of strangers.
10. Information protection in information systems public is provided by the operator of information system public.
11. In information systems public shall be provided:
maintenance of integrity and availability of information;
warning of possible adverse effects of violation of procedure for information access;
holding the actions directed to prevention of wrongful acts concerning information;
timely detection of the facts of wrongful acts concerning information;
non-admission of impact on technical means of information system public as a result of which their functioning can be broken;
possibility of operational recovery of the information modified or destroyed owing to wrongful acts;
holding actions for constant control behind ensuring their security;
recording capability and storages of network traffic.
12. Actions for ensuring information protection in information systems public include:
determination of safety hazards of information, forming on their basis of model of threats;
development on the basis of model of threats of the information security system providing neutralization of expected threats with use of the methods and methods of information protection provided for the corresponding class of information systems public;
check of readiness of information security products for use with creation of the conclusions about possibility of their operation;
installation and commissioning of information security products according to operational and technical documentation;
training of persons using the information security products applied in information system public, to rules of work with them;
accounting of the applied information security products, operational and technical documentation to them;
control of observance of conditions of use of the information security products provided by operational and technical documentation;
conducting trials and creation of the conclusions on the facts of non-compliance with conditions of use of information security products which can lead to the violation of safety of information or other violations reducing the level of security of information system public, development and taking measures to prevention of possible dangerous effects of similar violations;
description of system of their protection.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 40000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.