of March 28, 2017 No. 201
About approval of the Minimum mandatory requirements of cybernetic safety
For the purpose of accomplishment of provisions of part (1) Article 10 and part (1) article 18 of the Law on informatization and the state information resources No. 467-XV of November 21, 2003 (The official monitor of the Republic of Moldova, 2004, Art. No. 6-12, 4), with subsequent changes, Items e) and f) parts (2) Article 11 and article 24 of the Law on registers No. 71-XVI of March 22, 2007 (The official monitor of the Republic of Moldova, 2007, Art. No. 70-73, 314), with subsequent changes, and the National program of cyber security of the Republic of Moldova for 2016-2020 approved by the Order of the Government No. 811 of October 29, 2015. (The official monitor of the Republic of Moldova, 2015, Art. No. 306-310, 905), the Government DECIDES:
1. Approve the Minimum mandatory requirements of cybernetic safety (are applied).
2. To the ministry of information technologies and in 6-month time from the date of entry into force of this resolution to provide communication completion of institutional base for implementation of the Minimum mandatory requirements of cybernetic safety, to develop model of domestic policy of cybernetic safety of organization and to concretize the list of the most important state automated information systems for application of requirements of the increased safety.
3. The state office, to the ministries and other central administrative authorities, and also the organizational structures subordinated to the Government which are in the field of their competence (subordinated administrative authorities, deconcentrated public services and subordinated services, public organizations in which the State office, the ministry or other central administrative authority acts as the founder), autonomous administrative authorities and the self-supporting companies till December 31, 2017 to provide implementation of the Minimum mandatory requirements of cybernetic safety.
4. To impose control over the implementation of this resolution on the Ministry of information technologies and bonds.
Prime Minister
Paweê Phillip
Appendix
to the Order of the Government of the Republic of Moldova of March 28, 2017 No. 201
1. The minimum mandatory requirements of cybernetic safety (further – the Minimum requirements) are applied in the State office, the ministries, other central administrative authorities subordinated to the Government, including in the organizational structures which are in the field of their competence (subordinate administrative authorities, deconcentrated public services and subordinated services, public organizations in which the State office, the ministry or other central administrative authority acts as the founder), autonomous administrative authorities and the self-supporting companies (further – organizations):
1) to the equipment (hardware) and the software (software) operating in each organization;
2) to the computer systems, information resources and systems existing in organization (further - systems), and also being in stage of development, testing and implementation.
2. The minimum requirements according to scope belong to two categories:
1) the 1st level – basic cybernetic safety (use of ICT in activities of organization);
2) the 2nd level – the increased cybernetic safety (use of ICT in activities of organization and provision of services based on ICT).
3. These requirements are not applied to the information systems and networks of special communication relating to the state secret.
4. In other cases provided by the current legislation special requirements of cybernetic safety are applied.
5. Within these Requirements the following basic concepts mean:
multifactorial authentication – authentication with use at least two independent factors of authentication;
the minimum mandatory requirements of cybernetic safety – system of management of cybernetic safety – all politicians, procedures, plans, processes, practicians, functions, obligations, resources and structures which are used for protection and preserving integrity of information;
the firewall (firewall) – the device or number of the devices configured so that to filter, cipher or exercise intermediate control of flow of information exchange between different spheres of safety based on the predetermined rules;
updating – method of change of some computer files and appendices or creation new;
protection against malicious applications (malware) – the technical security measure performed with use of anti-virus programs for the purpose of cybernetic safety;
the anti-espionage program (antispyware) – the technical security measure performed with use of programs for the purpose of prevention of cyberespionage;
the test for penetration – assessment of cybernetic protection of system against different attacks.
Other terms are used in the value determined in the Law No. 467-XV of November 21, 2003 on informatization and the state information resources in the Law No. 1069-XIV of June 22, 2000 on information science and in the Order of the Government No. 811 of October 29, 2015 "About the National program of cyber security of the Republic of Moldova for 2016-2020".
6. The head of governing body bears responsibility for ensuring cybernetic safety in organization.
7. The head of governing body of the administrative act designates person (division) responsible for implementation of system of management of cyber security in organization, and represents to the Ministry of information technologies and communication the relevant information within 5 working days from the date of its appointment.
8. The responsible person carries out the following obligations:
1) will organize system of management of cyber security in organization according to system of management of cybernetic safety;
2) participates at least once a year in the rates on cyber security organized by the Ministry of information technologies and bonds and respectively will organize rates for employees of organization;
3) provides development, implementation and observance of provisions of the following documents: the action plan on ensuring cyber security of organization, policy of cyber security of organization, the plan of preparation and increase in responsibility of personnel in the field of cyber security, internal regulations on cyber security, procedures for recovery.
9. The document package affirms the head of organization and shall be reviewed at least, than once a year if:
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.