ORDER OF THE MINISTER OF DIGITAL DEVELOPMENT, INNOVATIONS AND AEROSPACE INDUSTRY OF THE REPUBLIC OF KAZAKHSTAN

of April 1, 2020 No. 121/Tax Code

About modification and amendments in the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code "About Approval of Technique and Rules of Carrying Out Testing of Objects of Informatization of " the Electronic Government " and the Information Systems Carried to Crucial Objects of Information and Communication Infrastructure on Compliance to Requirements of Information Security"

I ORDER:

1. Bring in the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code "About Approval of Technique and Rules of Carrying Out Testing of Objects of Informatization of " the Electronic Government " and the Information Systems Carried to Crucial Objects of Information and Communication Infrastructure on Compliance to Requirements of Information Security" (it is registered in the Register of state registration of regulatory legal acts at No. 18795, it is published in Reference control bank of regulatory legal acts of the Republic of Kazakhstan in electronic form on June 7, 2019) the following changes and amendment:

state preamble in the following edition:

"In compliance with the subitem 5) of article 7-1 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" and the subitem 1) of article 10 of the Law of the Republic of Kazakhstan of April 15, 2013 "About the state services" I ORDER:";

in the Technique of carrying out testing of objects of informatization of "the electronic government" and the information systems carried to crucial objects of information and communication infrastructure on compliance to requirements of the information security approved by the specified order:

add Item 2 with the subitem 8) of the following content:

"8) the circle of regular operation – the target set of the server hardware, network infrastructure, the system software used at stage of trial operation (pilot project) and intended for application at stage of commercial operation of object of informatization.";

4) of Item 33 to state the subitem in the following edition:

"4) the analysis of the revealed vulnerabilities on availability of false operation and forming of recommendations about their elimination depending on degree of their criticality (if necessary).";

Rules of carrying out testing of objects of informatization of "the electronic government" and information systems carried to crucial objects of information and communication infrastructure on compliance to requirements of information security to be reworded as follows according to appendix to this order.

2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan in the procedure established by the legislation:

1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan after its official publication;

3) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1) and 2) of this Item.

3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.

4. This order becomes effective after ten calendar days after day of its first official publication.

Appendix

to the Order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of April 1, 2020 No. 121/Tax Code

Appendix 2

to the Order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code

Rules of carrying out testing of objects of informatization of "the electronic government" and information systems carried to crucial objects of information and communication infrastructure on compliance to requirements of information security

Chapter 1. General provisions

1. These rules of carrying out testing of objects of informatization of "the electronic government" and the information systems carried to crucial objects of information and communication infrastructure on compliance to requirements of information security (further – Rules) are developed according to the subitem 5) of article 7-1 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" (further – the Law) and the subitem 1) of article 10 of the Law of the Republic of Kazakhstan of April 15, 2013 "About the state services" (further – the Law "About the State Services") and determine procedure for carrying out testing of objects of informatization of "the electronic government" and the information systems carried to crucial objects of information and communication infrastructure on compliance to requirements of information security.

2. In these rules the following basic concepts and reducings are used:

1) information security in the field of informatization (further – IB) – condition of security of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

2) technical documentation on information security (further – TD on IB) – set of the documents developed according to the single requirements in the field of information and communication technologies and ensuring information security approved by the order of the Government of the Republic of Kazakhstan of December 20, 2016 No. 832 and regulating general requirements, the principles and rules on ensuring information security of object of testing;

3) information system – organizationally the arranged set of the information and communication technologies, service personnel and technical documentation realizing certain technological actions by means of information exchange and intended for the solution of specific functional objectives;

4) initial codes – initial codes of components and modules of object of testing with the libraries and files necessary for successful compilation of object of testing on compact disk;

5) the distributed object of testing – the object of testing consisting of set including uncertain set of the nodes constructed on identical architecture, intended for the identical purposes performing identical functions and using identical application software;

6) Internet resource – information (in text, graphical, audiovisual or other type) placed on the hardware and software having the unique network address and (or) domain name and functioning on the Internet;

7) the supplier – the public technical service or accredited test laboratory;

8) the public technical service – the republican state company on the right of economic maintaining created according to the decision of the Government of the Republic of Kazakhstan;

9) the applicant – the owner or the owner of object of testing, and also the physical person or legal entity authorized by the owner or the owner of object of testing who submitted the request for carrying out testing of object of informatization for compliance to requirements of information security;

10) service software product – the software product intended for realization of information and communication service;

11) test laboratory – the legal entity or structural division of the legal entity operating from his name, performing testing, accredited according to the legislation on technical regulation;

12) object of testing – object of informatization concerning which works on conformity testing to requirements of information security are carried out;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info