After the entry into force on January 1, 2018 of the Federal Law 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation", organizations and specialists working in the field of information security of critical infrastructures faced the implementation of this law and all the many him bylaws.
The program and testing methodology is a document included in the design documentation set up for an automated system or program at the development stage. The test procedure program is designed to establish technical data that is subject to verification during testing of the entire system or its individual components.
The applied measures for the safety of CII facilities are determined in accordance with its category of importance. For not significant object KII should be ensured integration with the GOSPKA. The category of significance is determined on the basis of the “Rules for categorizing objects of the critical information infrastructure of the Russian Federation” approved by the relevant government decree of February 8, 2018 No. 127.
Certification is registered for state information systems, which are significant objects of CII, the basic document is the Order of the FSTEC of Russia dated February 11, 2013 N 17 “On approval of requirements for the protection of information that is not part of the state secret contained in state information systems”. At certification tests, an analysis of vulnerabilities of information protection means, hardware and software is carried out. If vulnerabilities are found, then they must be eliminated or their use reduced by adjusting the available protection.
1. Federal law of July 26, 2017 N 187-FZ "On the security of the critical information infrastructure of the Russian Federation".
2. Order of the FSTEC Russia of December 21, 2017 N 235 "On approval of requirements for the creation of security systems for significant objects of the critical information infrastructure of the Russian Federation and for their functioning".
3. Order of the FSTEC Russia of December 25, 2017 N 239 "On approval of the Security Requirements for the Important Objects of Critical Information Infrastructure of the Russian Federation".
4. Decree of the Government of the Russian Federation dated February 8, 2018 N 127 "On the approval of the Rules for categorizing objects of the critical information infrastructure of the Russian Federation, as well as a list of indicators of criteria for the significance of objects of critical information infrastructure of the Russian Federation and their values".
Ivanova V.A., Selifanov V.V. Analiz dokumentov po razrabotke programmy i metodik ispytanii znachimogo ob"ekta kriticheskoi infrastruktury RF GIS [Analysis of documents on development of the program and methodology of certification tests of a significant object of critical infrastructure of the RF GIS]. Sbornik nauchnykh trudov Novosibirskogo gosudarstvennogo tekhnicheskogo universiteta – Transaction of scientific papers of the Novosibirsk state technical university, 2019, no. 2 (95), pp. 66–74. DOI: 10.17212/2307-6879-2019-2-66-74.
