Document from CIS Legislation database © 2003-2021 SojuzPravoInform LLC

ORDER OF THE GOVERNMENT OF THE REPUBLIC OF KAZAKHSTAN

of December 20, 2016 No. 832

About approval of single requirements in the field of information and communication technologies and information security support

(as amended on 18-01-2021)

According to the subitem 3) of article 6 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" the Government of the Republic of Kazakhstan DECIDES:

1. Approve the enclosed single requirements in the field of information and communication technologies and information security support (further – single requirements).

2. Recognize invalid some decisions of the Government of the Republic of Kazakhstan according to appendix to this resolution.

3. This resolution becomes effective after ten calendar days after day of its first official publication.

Item 140 of single requirements is effective till January 1, 2018.

Prime Minister of the Republic of Kazakhstan

B. Sagintayev

Approved by the Order of the Government of the Republic of Kazakhstan of December 20, 2016 No. 832

Single requirements in the field of information and communication technologies and information security support

Chapter 1. General provisions

1. Single requirements in the field of information and communication technologies and information security support (further – ET) are developed according to the subitem 3) of article 6 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" (further – the Law) and determine requirements in the field of information and communication technologies and information security support.

2. The provisions ET relating to the sphere of information security support are obligatory for application by state bodies, local executive bodies, the state legal entities, subjects of the quasi-public sector, owners and owners of the non-state information systems integrated with information systems of state bodies or intended for forming of the state electronic information resources and also owners and owners of crucial objects of information and communication infrastructure.

3. Provisions ET do not extend on:

1) the relations arising when implementing by National Bank of the Republic of Kazakhstan and the organizations incoming its structure, works on creation or development, operation of Internet resources, the information systems which are not integrated with objects of information and communication infrastructure of "the electronic government", local area networks and networks of telecommunications and also carrying out purchases of goods, works and services in the field of informatization;

2) the information systems in the protected execution carried to the state secrets according to the legislation of the Republic of Kazakhstan on the state secrets, and also network of telecommunications of special purpose and/or the presidential, governmental, secret, encoded and coded communication;

3) the relations arising when implementing by authorized body on regulation, control and supervision of the financial market and the financial organizations of works on creation or development of the information systems integrated with information systems of National Bank of the Republic of Kazakhstan which are not integrated with objects of information and communication infrastructure of "the electronic government";

4) the organizations in cases when execution of such provisions leads to violation of item 4 of article 50 of the Law of the Republic of Kazakhstan "About banks and banking activity in the Republic of Kazakhstan".

4. The purpose of ET is establishment of requirements, obligatory for execution, in the field of information and communication technologies and information security support by state bodies, local government bodies, the state legal entities, subjects of the quasi-public sector, owners and owners of the non-state information systems integrated with information systems of state bodies or intended for forming of the state electronic information resources and also owners and owners of crucial objects of information and communication infrastructure.

5. Tasks of ET are:

1) determination of the principles of the organization and management of informatization of state bodies for the solution of the current and strategic tasks of public administration;

2) determination of the single principles of providing and information security management of objects of informatization of "the electronic government";

3) establishment of requirements for unification of components of objects of information and communication infrastructure;

4) establishment of requirements for structurization of information and communication infrastructure and organization of server rooms;

5) establishment of obligation of application of recommendations of standards in the field of information and communication technologies and information security at all stages of lifecycle of objects of informatization;

6) increase in level of security of the state and non-state electronic information resources, the software, information systems and the information and communication infrastructure supporting them.

6. For the purposes of these ET in them the following determinations are used:

1) marking of the asset connected with means of information processing – drawing conventional signs, letters, digits, graphical signs or texts on asset, for the purpose of its further identification (recognition), specifying of its properties and characteristics;

2) means of cryptographic information protection (further – SKZI) – the software or the hardware and software realizing algorithms of cryptographic conversions, generation, forming, distribution or management of encrypting keys;

3) the assets connected with means of information processing (further – asset) – material or non-material object which is information or contains information or serves for processing, storage, information transfer and having value for the organization for the benefit of goal achievement and continuity of its activities;

4) technical documentation on information security (further – IB TD) – documentation establishing policy governed, the protective measures concerning processes of providing IB of objects of informatization and (or) the organization;

4-1) monitoring of events of information security (further - monitoring of events of IB) - permanent observation of object of informatization for the purpose of identification and identification of events of information security;

5) the program robot – the software of search engine or monitoring system which is carrying out automatically and/or according to the set schedule web browsing, reading out and indexing them content, following according to the references found in web pages;

6) not loaded (cold) reservation of the equipment – use of the additional server and telecommunication hardware prepared for work and being in the inactive mode, the software for the purpose of operational recovery of information system or electronic information resource;

7) the loaded (hot) reservation of the equipment – use of the additional (excessive) server and telecommunication hardware, the software and their maintenance in active mode for the purpose of flexible and operational increase in handling capacity, reliability and fault tolerance of information system, electronic information resource;

8) the workstation – the desktop computer as a part of local area network intended for the solution of applied tasks;

9) the system software – set of the software for ensuring operation of the computing equipment;

10) the coded communication – secure communication with use of documents and technology of coding;

11) multifactor authentication – method of check of authenticity of the user by means of combination of different parameters, including generation and input of passwords or authentication signs (digital certificates, tokens, smart cards, generators of one-time passwords and means of biometric identification);

11-1) cross room - the telecommunication room intended for placement of connecting, distribution points and devices;

12) application software (further – PPO) – software complex for the solution of applied task of certain class of data domain;

13) secret communication – secure communication with use of the coding equipment;

14) scalability – capability of object of informatization to provide possibility of increase in the performance in process of growth of amount of the processed information and (or) the number of at the same time working users;

14-1) server center of state bodies (further - the GO server center) - the server room (data-processing center), the owner or the owner of which are the operator of information and communication infrastructure of "the electronic government", intended for placement of objects of informatization of "the electronic government";

15) journalizing of events – process of data recording about the program or hardware events happening to object of informatization in the log of registration of events;

16) the server room (data-processing center) - the room intended for placement of the server, active and passive network (telecommunication) hardware and the equipment of the structured cable systems;

17) local area network of external circuit (further – LAN of external circuit) – the local area network of the subjects of informatization determined by authorized body, carried to external circuit of telecommunication network of subjects of informatization, having connection with the Internet, access to which for subjects of informatization is provided by telecom operators only via the single gateway of Internet access;

18) terminal system – the thin or zero client for work with appendices in the terminal circle or programs - thin clients in the client-server architecture;

19) time source infrastructure – hierarchically connected server hardware which is using the network protocol of time synchronization, carrying out task of synchronization of the internal clock of servers, workstations and the telecommunication equipment;

20) government communication – special secure communication for needs of public administration;

20-1) organization - the state legal entity, the subject of the quasi-public sector, the owner and the owner of the non-state information systems integrated with information systems of state bodies or intended for forming of the state electronic information resources and also the owner and the owner of crucial objects of information and communication infrastructure;

21) federal identification – the complex of technologies allowing to use single user name and the authentication identifier for access to electronic information resources in the systems and networks which established trusting relationships;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.