Not so long ago, the order of the Ministry of Internal Affairs of Russia "On Approving the Classifier of Programs for Electronic Computing Machines and Databases" was approved
Unlike the previous classifier, in which information security tools were selected by paragraph 02.13, and for IB control systems (SGRC, SOAR), incidents (IPR), threats (Ti) there was no place in a new classifier of information security tools. A whole section 03:
Class
Description of the class of programs for electronic computing machines and databases
The code
Remedies for unauthorized access to information
Programs that should prevent unauthorized access to information with non -ptographic methods and provide: identification and authentication, access control, integrity, audit (registration and account). Includes funds management programs (devices) of protection against unauthorized access to information
03.01.
Information Security Event Management Means
Programs that should ensure the identification and prevention of cyber at the expense of real-time events (data) in order to determine potential security threats.
02.02
Firewater screens
Programs that must monitor and filter network packets passing through it in accordance with the specified rules.
03.03
Negative Content Filtering Tools
Software that should allow you to manage access to various categories of websites to limit certain unwanted content, spam protection and unwanted correspondence
03.04
Tools for the protection of online payment services and remote banking services
Software that should allow to identify, analyze and prevent fraud
03.05
Anti-virus protection means
Software that should allow detecting, intercepting and neutralizing malware both in the device's memory and in incoming / outgoing traffic.
03.06
Tools to identify target attacks
Software that should detect attacks (including DDOS attacks) to a specific organization, country or industry to steal data, obtaining control over resources or blocking their work; should counteract such attacks
03.07
Means of guaranteed data destruction
Software that should use special multiple rewriting techniques with certain patterns to minimize the likelihood of recovery of information from carriers based on hard magnetic disks (HDD). It should be limited to solid-state drives (SSD)
08.08
Tools for detecting and preventing information leaks
Programs that must detect leaks and prevent the distribution of computer information protected by law
03.09
Cryptographic information and electronic signature
Programs that should prevent unauthorized access to information with cryptographic methods, as well as manage key information, including electronic signature keys, electronic signature check keys and information encryption keys; Software that is intended for the manufacture of public key certificates and control them (cancellation, suspension, resumption), including service functions (management of certificate lists, confirmation of public key certificate statuses, trusted services)
03.10
Data transfer channels, including cryptographic methods
Programs that should ensure the confidentiality of information transmitted through public communication channels
03.11
Information Resource Access Controls
A combination of software or software and hardware security tools that should limit and register access to information system resources
03.12.
Backup tools
Software that should ensure the creation of a copy of data on a carrier (hard disk, solid-state drives and other carriers) and which should provide their recovery in the original or new place in case of damage or loss
03.13
Detection and / or invasion prevention tools (attacks)
Systems that should allow detecting network invasions, node level
03.14
Tools for the detection of threats and investigation of network incidents
Software that should identify malicious activity, the presence of attackers, the misuse of resources, the negligence of administrators and should allow to investigate network information security incidents
03.15
Tools and management of key carrier life cycle
Software that must provide communication between user accounts, authentication tools, applications and information security regulations
03.16
Automation of information security processes
Means that must automate information security management and provision management processes, including information security incident management, IT-assets security, monitoring compliance with safety, and information security risk management, obtaining and analyzing data on current threats for predicting probable cyber and their prevention
03.17
All Russian developers will need to classify their decisions according to this, when incorporated into the Russian software register. Similar classes will need to be used in design and operational documentation.
On the one hand, it's good that such a fresh, a fairly volumetric classifier of IB facilities. On the other hand, it does not completely fit with the names of IB funds in other, earlier documents, such as the orders of FSTEC of Russia 17/21/31/239, the Order of the FSB of Russia No. 196, the recent projects of guests on monitoring IB and responding to incidents. For example, there is no security analysis tools.
Also, the question arises, whether all the means of providing IB (including SGRC, SOAR and other IB control systems) now fall under certification requirements from PP of the Russian Federation No. 1236 (subparagraph d) of paragraph 5)
DPPS: In order not to miss other reviews of CAP changes, standards and IB recommendations. Subscribe to your favorite channel.
Blog Sergei Borisova sborisov.blogspot.com
Source - Sergey Borisov's blog about IB.
More interesting material on cisoclub.ru. Subscribe to us: Facebook | Vk | Twitter | Instagram | Telegram | Zen | Messenger | Icq new | YouTube | Pulse.