Unofficial transfer (c) Soyuzpravoinform LLC
It is registered
Ministry of Justice of Ukraine
December 1, 2023
No. 2091/41147
of October 18, 2023 No. 899
About approval of the Regulations on allowing procedure for work on technical information security for own needs
According to Item 47 parts one of article 14 of the Law of Ukraine "About Public service of special communication and information security of Ukraine", the subitem 24 of item 4 of the Regulations on Administration of Public service of special communication and information security of Ukraine approved by the resolution of the Cabinet of Ministers of Ukraine of September 3, 2014 No. 411, and for the purpose of enhancement of procedure for issue of permissions to work on technical information security for own needs ORDER:
1. Approve Regulations on allowing procedure for work on technical protection of the enclosed information for own needs.
2. Declare invalid the order of Department of special telecommunication systems and information security of the Security Service of Ukraine of February 23, 2002 No. 9 "About approval of the Regulations on allowing procedure for work on technical information security for own needs", registered in the Ministry of Justice of Ukraine on March 13, 2002 at No. 245/6533.
3. To provide to department of information security of Administration of Public service of special communication and information security of Ukraine submission of this order in accordance with the established procedure on state registration in the Ministry of Justice of Ukraine.
4. This order becomes effective from the date of its official publication.
5. To impose control over the implementation of this order on the vice-chairman of Public service of special communication and information security of Ukraine according to distribution of obligations.
Head of Service brigade general
BB. Dandy
|
It is approved: First Deputy Minister of digital transformation of Ukraine |
O. Vyskub |
Approved by the Order of Administration of Public service of special communication of information security of Ukraine of October 18, 2023 No. 899
1. This Provision establishes conditions of carrying out and work types on technical information security (further - TZI) for own needs, procedure for issue by administration of Gosspetssvyaz of permissions to work with TZI for own needs (further - permission), procedure for control of observance of conditions of work with TZI for own needs.
2. Requirements of this provision extend to state bodies which carry out works with TZI for own needs according to the list determined by item 4 of this Section.
3. In this Provision terms are used in such value:
certification of the TZI-assessment of Conformity of the TZI Complex complex to requirements of regulating documents in the field of TZI;
the state body having permission - the state body which got permission to work with TZI for own needs according to this Provision;
allowing case - single set of documents of rather corresponding job seeker of permission or state body which has permission, the powers provided by state bodies in administration of Gosspetssvyaz or accepted by administration of Gosspetssvyaz as a result of realization according to this Provision;
The mortgage device - the technical tool of secret receipt of information placed on subject to information activities with concealment from identification by person who does not have relations to use of the technical tool, the fact of its availability and/or application owing to what the threat of information leakage from subject to information activities is created;
the job seeker of permission - state body which in the procedure established by administration of Gosspetssvyaz filed to Administration of Gosspetssvyaz petition for receipt of permission to work with TZI for own needs;
the TZI-set of Actions and Means complex, TZI intended for realization in information system or on object;
assessment of security of information organization and carrying out expert works and/or expert testing for the purpose of check, the analysis and assessment of objects of examination of their compliance to requirements of regulating documents in the field of TZI;
the instruction about elimination of violations - the written requirement of officials of Gosspetssvyaz, obligatory for accomplishment, to the head of the subject of check on elimination of the revealed violations in certain terms;
works on identification of mortgage devices carrying out of search actions for identification of the technical channels of information leakage which are formed due to use of mortgage devices.
Other terms used in this Provision are used in the values given in the Laws of Ukraine "About information security in information and communication systems", "About public service of special communication and information security of Ukraine", "About electronic communications", the Procedure for the organization and providing the mode of privacy in state bodies, local government bodies at the companies, in organizations and the organizations, No. 939 approved by the resolution of the Cabinet of Ministers of Ukraine of December 18, 2013.
4. Work types with TZI which are carried out on permission:
1) estimation of security of information which is not the state secret;
2) estimation of security of information of all types, including information which is the state secret;
3) detection of mortgage devices.
1. For receipt of permission the state body shall have:
the regulatory framework (regulatory legal acts, regulating documents in the field of TZI and internal documents) providing carrying out the corresponding work type on TZI;
own (or leased) the means of the measuring equipment and control and the equipment confided in accordance with the established procedure which are necessary for work on TZI for own needs which list is determined in appendix 1 to this provision and/or the work techniques specified in nation-wide or approved with Administration of Gosspetssvyaz by TZI;
the information (automated) system with complex system of information security with the confirmed compliance (in case of receipt of permission on identification of mortgage devices - if necessary);
subject to information activities for holding confidential meetings, discussions and works with TZI with the created and certified TZI complex (if necessary);
the special operating authority, connected with the state secret. The category of the mode of privacy in special permission shall correspond to degree of privacy of data which use is provided on the chosen work types (surely - in case of receipt of permission to work on TZI on estimation of security of information of all types, including information which is the state secret);
specialists, quantitative structure and which education provides carrying out the corresponding work type (in case of receipt of permission according to security of information of all types including information which is the state secret at specialists who are attracted (whose involvement is provided) to work in TZI which is the state secret admissions to the state secret shall be drawn up. The form of the admission shall correspond to degree of privacy of data to which such specialists are allowed (their admission is provided);
developed taking into account the available means of the measuring equipment, control and the equipment and the technique of detection of mortgage devices approved with Administration of Gosspetssvyaz (in case of receipt of permission on detection of mortgage devices).
2. Implementation of activities in the field of TZI which is the state secret is performed within effective period of the special operating authority, connected with the state secret, and in the presence at the specialists involved to implementation of such activities, the corresponding admissions to the state secret.
3. For work according to security of information which is not the state secret, the state body shall have the specialist (specialists) with the higher education in "Cyber security and information security" or the higher technical education of the professional direction according to the chosen work type with additional preparation on professional development course of specialists concerning TZI in the directions of preparation according to the chosen work type or length of service in the field of TZI which accomplishment provided information security from unauthorized actions in information, electronic communication and information and communication systems (further - X), the organization and/or accomplishment of expert testing (works) on technical information security, at least three years.
4. For work according to security of information of all types, including information which is the state secret, the state body shall have:
specialists with the higher education in "Cyber security and information security" or the higher technical education of the professional direction according to the chosen work type with additional preparation on professional development course of specialists concerning TZI in the directions of preparation according to the chosen work type or length of service in the field of TZI which accomplishment provided information security which carriers are acoustic or electromagnetic fields and electric signals, at least three years;
the specialist (specialists) meeting the requirements, certain Item 3 of this Section.
5. For work on identification of mortgage devices the state body shall have specialists with the higher education in "Cyber security and information security" or the higher technical education of the professional direction according to the chosen work type with additional preparation on professional development course of specialists concerning TZI in the directions of preparation according to the chosen work type or length of service in the field of TZI which accomplishment provided information security which carriers are acoustic or electromagnetic fields and electric signals, and/or detection of mortgage devices, at least three years.
6. In length of service in the field of TZI length of service and/or services on positions of subjects of the TZI system on which job responsibilities provide task performance on TZI, connected with the chosen work types is set off.
7. The state body during work on TZI shall observe requirements of the regulatory legal acts and regulating documents of the TZI system regulating carrying out the chosen work types.
notify administration of Gosspetssvyaz on change of data which are specified in the documents enclosed to the application for issue (renewal) of permission for work with TZI for own needs, in time no later than one month from the date of approach of such changes;
it is urgent to inform the Security Service of Ukraine on detection of mortgage devices (no later than the next day after detection);
report to Administration of Gosspetssvyaz about the entered measures concerning the revealed mortgage devices (with indication of when and what method informs the Security Service of Ukraine when are neutralized, the relevant channels of information leakage);
annually till January 10 to provide in administration of Gosspetssvyaz the information on works with TZI for own needs during previous year in form according to appendix 2 to this Provision.
1. For receipt of permission the state body submits to administration of Gosspetssvyaz the application for issue of permission in form according to appendix 3 to this Provision.
2. To the statement for issue of permission signed by the head or the deputy manager of the subject of check responsible for the TZI organization, supporting documents according to appendices 4-9 to this Provision are filed.
3. The administration of Gosspetssvyaz considers the submitted application for the purpose of establishment of absence or availability of the bases for refusal in issue of permission by the analysis of supporting documents, receipt of information from the state paper and electronic information resources and in case of receipt of permission according to security of information of all types, including information which is the state secret of conducting check of the conditions created for work on TZI and on result of their consideration makes the decision on issue of permission or refusal in issue of permission.
4. The basis for decision making about refusal in issue of permission is:
1) representation not in full the documents enclosed to the application for issue of permission;
2) establishment of discrepancy of the job seeker of permission to conditions which are determined by this Provision;
3) detection of unauthenticity of data in the supporting documents submitted by the job seeker of permission which influence work on permission.
5. After elimination of the reasons which formed the basis for decision making about refusal in issue of permission, the job seeker of permission can repeatedly submit the application for issue of permission.
6. For verification of the data containing in the provided materials the created conditions for work on TZI regarding estimation of security of information of all types, including information which is the state secret, the order of Administration of Gosspetssvyaz creates the commission on check of conditions of work on TZI for own needs and the instruction on the right of conducting check of conditions of work on TZI for own needs in form according to appendix 10 to this Provision signed by the chairman of Gosspetssvyaz or the vice-chairman of Gosspetssvyaz according to distribution of obligations is drawn up.
7. For conducting check the commission chairman shows to the head or the deputy manager of the subject of check responsible for the TZI organization, the instruction on the right of conducting check of conditions of work on TZI.
By results of check the commission draws up the inspection statement of conditions of work with TZI for own needs in form according to appendix 11, which is provided to the head or the deputy manager of the subject of check responsible for the TZI organization, for acquaintance.
8. The decision on issue of permission or on refusal in its issue is accepted in 30-days time from the date of receipt by Administration of Gosspetssvyaz of the statement for issue of permission.
9. Issue of permissions is performed gratuitously.
10. Permission is issued for unrestricted term.
11. Permission can be suspended fully or partially.
12. The basis for acceptance by administration of Gosspetssvyaz of the decision on suspension of action of permission fully or partially is:
1) the statement of the state body having permission for suspension of own permission fully or partially. The statement of the state body having the permission, for suspension of own permission fully or partially given after the edition Administration of Gosspetssvyaz of the administrative document on conducting check of observance by the state body having permission, the conditions determined by this Provision and before the termination of term is not the basis for suspension of action of permission:
check and elimination of violations of the conditions determined by this provision (in case of their availability);
within thirty working days after the termination of completion date by the state body having permission, the order about elimination of violations of the conditions determined by this Provision (except edition case during this term Administration of Gosspetssvyaz of the administrative document on carrying out unscheduled inspection of accomplishment by the state body having permission, instructions about elimination of violations of requirements of allowing procedure for work for TZI for own needs (further - the instruction about elimination of violations));
2) detection of unauthenticity of data in the documents filed by state body together with the statement for issue of permission which is specified in the inspection statement;
3) act of failure to carry out of the instruction of elimination of violations;
4) not admission of the commission to objects, documents and information on activities of the subject of check which are necessary for work of the commission, on condition of observance of requirements of this provision by the commission.
13. The decision on suspension of action of permission is made fully or partially by the chairman of Gosspetssvyaz or the vice-chairman of Gosspetssvyaz according to distribution of obligations according to the offer of structural division of Administration of Gosspetssvyaz to which the task of ensuring establishment by Administration of Gosspetssvyaz of allowing procedure for work on TZI for own needs is assigned.
14. The administration of Gosspetssvyaz in accordance with the established procedure informs the state body having permission on the decision on suspension of action of permission fully or partially.
15. Action of permission is resumed fully or partially in case of provision by the state body having permission, administrations of Gosspetssvyaz of the statement and data on elimination of the bases which became the reason for suspension of action of permission fully or partially.
16. The administration of Gosspetssvyaz within thirty calendar days from the date of receipt of the statement makes the decision on renewal of action of permission fully or partially.
17. Decisions of Administration of Gosspetssvyaz are drawn up by the organizational and administrative act of Administration of Gosspetssvyaz.
1. Control of work with TZI is exercised for the purpose of check of accomplishment by the state bodies having permission, requirements of regulating documents of the TZI system and requirements of this provision.
2. For conducting check the order of Administration of Gosspetssvyaz creates the commission.
The administration of Gosspetssvyaz warns the subject of check about conducting check by the letter at least in ten working days prior to its beginning with indication of foundations for conducting check and structure of the commission.
3. Scheduled inspections are carried out not more often than once in five years according to the annual plan of checks of carrying out by state bodies of works with TZI for own needs which develops structural division of Administration of Gosspetssvyaz to whom the task on ensuring establishment by Administration of Gosspetssvyaz of allowing procedure for work with TZI for own needs is assigned, and gives on approval to the Chairman of Gosspetssvyaz till December 10 every year.
4. Unscheduled inspections of carrying out by state bodies of works on TZI for own needs are carried out on the bases:
1) identification in the documents submitted by the state body having permission to administration of Gosspetssvyaz according to this Provision, information specifying non-compliance by it with work conditions on TZI;
2) the appeal of the state body having permission to Administration of Gosspetssvyaz about need of conducting check of observance of work conditions on TZI by it;
3) non receipt of information on elimination of the shortcomings revealed during scheduled inspection at the scheduled time;
4) availability in Administration of Gosspetssvyaz of documentary data on violations by state body of requirements of the regulatory legal acts and regulating documents of the TZI system received in the procedure established by the legislation;
5) non-presentation by the state body having permission, at the scheduled time of Administration of Gosspetssvyaz of the reporting which submission is provided by this Provision.
The decision on carrying out unscheduled inspection is made by the chairman of Gosspetssvyaz or the vice-chairman of Gosspetssvyaz according to distribution of obligations according to the offer of structural division of Administration of Gosspetssvyaz to whom the task of establishment of allowing procedure for work on TZI for own needs is assigned.
5. For conducting check the chairman and members of the commission show to the head or the deputy manager of the subject of check responsible for the TZI organization, instructions on task performance, official IDs and certificates of admission availability to the state secret in the established form (in case of need acquaintance of the commission with classified documents and information).
6. It shall be performed in the presence of person, the actionee of works, on permission of the subject of check. In case of lack of responsible (authorized) face it is performed in the presence of the head of the subject of check or the deputy manager of the subject of check responsible for the TZI organization.
7. In case of carrying out unscheduled inspection note of the head or the deputy manager of the subject of check responsible for the TZI organization, according to its requirement information concerning foundations for conducting such check and the decision of the Chairman of Gosspetssvyaz (person which is carrying out its obligations) on conducting check happens.
8. The admission to conducting check is provided by the head or the deputy manager of the subject of check responsible for the TZI organization, by imposing of the written resolution on the instruction face on task performance. The resolution is the basis for receipt of easy access of the commission to objects, documents and information on activities of the subject of check which are necessary for work of the commission.
9. The inspection statement is drawn up in duplicate which are signed by the chairman and members of the commission and provide to the head or the deputy manager of the subject of check responsible for the TZI organization, for acquaintance.
The first copy of the inspection statement goes to the subject of check, the second - joins allowing case of state body which has permission.
10. Based on the inspection statement during which violations of requirements of this provision are revealed for the purpose of forming of requirements for their elimination of Administration of Gosspetssvyaz by structural division to whom the task on ensuring establishment by Administration of Gosspetssvyaz of allowing procedure for work with TZI for own needs is assigned, the instruction about elimination of violations in form according to appendix 12 to this Provision in duplicate which is signed by the Chairman of Gosspetssvyaz or the vice-chairman of Gosspetssvyaz according to distribution of obligations is constituted.
The deadline of accomplishment of the instruction about elimination of violations is approved with the head or the deputy manager of the subject of check responsible for the TZI organization.
11. The first copy of the instruction about elimination of violations goes to the subject of check, the second - joins allowing case of state body which has permission. Requirements of the instruction about elimination of violations are obligatory for execution.
The state body having permission and which received the instruction about elimination of violations shall eliminate the specified violations in the time established on hand and to submit information on fulfillment of requirements of such order to Administration of Gosspetssvyaz.
12. Copies of the inspection statement and instruction about elimination of violations remain the subject of check before elimination of violations.
13. The notification on accomplishment of the instruction on elimination of violations goes to Administration of Gosspetssvyaz in the time determined in the instruction.
In case of impossibility to eliminate violations in certain time the subject of check addresses to Administration of Gosspetssvyaz for prolongation of term of elimination of violations with the corresponding reasons.
14. In case of elimination of the violations specified in the instruction about elimination of violations the head or the deputy manager of the subject of check responsible for the TZI organization, or person authorized by them opposite to each Item of the revealed violation does mark "is executed" with indication of completion date and details of the document confirming the execution fact.
Director of the department of information security of Administration of Gosspetssvyaz colonel
I. Stelnik
to Regulations on allowing procedure work on technical information security for own needs (Item 1 of the Section II)
The list of means of the measuring equipment and the control and the equipment necessary for work on TZI for own needs
1. Means of the measuring equipment and control and the equipment for work on estimation of security of information of all types, including information which is the state secret which carriers are acoustic or electromagnetic fields and electric signals:
range analyzer;
set of measuring antennas;
oscillograph;
slip ring;
tension sampler;
generator of test signal, amplifier, screened loudspeaker;
the selection nanovoltmeter;
generators measuring;
measuring instrument of complete resistance;
generator of signals (noise);
amplifier of capacity;
acoustic radiator, type 1;
acoustic radiator, type 2;
acoustic radiator, type 3 (directed, the nondirectional);
the measuring instrument of noise and vibrations (with the microphone and the accelerometer).
2. Means of the measuring equipment and control and equipment for detection of mortgage devices:
field detector;
radio radiator (panoramic, analyzing) or hardware and software system of detection and measurement of radio emissions, search of mortgage devices;
optical detector of video cameras;
the device for check of wire communications;
radar device of not linearities;
endoscopic equipment;
roentgenoscopic equipment;
thermal imager.
Note. Means of the measuring equipment and control and the equipment shall have technical characteristics which provide provision of the chosen work type according to requirements of the nation-wide and/or coordinated with Administration of Gosspetssvyaz of techniques of carrying out certain works on technical information security.
to Regulations on allowing procedure work on technical information security for own needs (Item 8 of the Section II)
Data on works on technical information security for own needs within year
See Appendix 2 (20Kb In original language)
to Regulations on allowing procedure work on technical information security for own needs (Item 1 of the Section III)
Statement for issue of permission
See Appendix 3 (19Kb In original language)
to Regulations on allowing procedure work on technical information security for own needs (Item 2 of the Section III)
Data on availability of the specialists necessary for carrying out work types on technical information security for own needs
|
Surname, name, |
Job title |
Diploma (series, number, educational and qualification level |
CERTIFICATE direction of preparation) |
Length of service in the field of technical information security (years, where and when it was acquired, the name of body, company, organization, organization, position and length of service, date of entering of record into registers of organizers of examination or experts in the field of technical information security) |
Form |
_________________________________ ___________ ______________________
name of position of the head (signature) (own name surname)
state body)
____ ____________ 20 ___ river.
to Regulations on allowing procedure work on technical information security for own needs (Item 2 of the Section III)
Data on availability of means of the measuring equipment, the control and the equipment providing carrying out the corresponding work types on technical information security for own needs
|
Name of product, equipment, system |
Type |
Serial number and/or accession number |
Details of the document, confirmatory |
Date of the last checking, details of the document confirming checking, the name of the organization which was carrying out it |
_________________________ _________ ________________
(name of position of the head (signature) (own name surname)
state body)
____ ____________ 20 ___ river.
to Regulations on allowing procedure work on technical information security for own needs (Item 2 of the Section III)
Data on availability of the regulatory framework providing carrying out the corresponding work types on technical information security for own needs
I confirm availability of the regulatory framework providing carrying out the corresponding work types in the field of technical information security.
_________________________ __________ __________
(name of position of the head (signature) (own name surname)
state body)
____ ____________ 20 ___ river.
to Regulations on allowing procedure work on technical information security for own needs (Item 2 of the Section III)
Data on availability of the special operating authority, connected with the state secret
|
The special operating authority, connected with the state secret |
Location | ||||
|
Registration number |
Date of issue |
Expiration date |
Category of the mode of privacy |
By whom it is issued | |
________________________ _________ ___________
(name of position of the head (signature) (own name surname)
state body)
____ ____________ 20 ___ river.
to Regulations on allowing procedure work on technical information security for own needs (Item 2 of the Section III)
Data on availability of the information (automated) system of the information processing necessary for carrying out the corresponding work types on technical information security for own needs
|
Name of object of electronic computer facilities and (or) object |
Category |
_____________________ ______________ ___________
(name of position of the head (signature) (own name surname)
state body)
____ ____________ 20 ___ river.
to Regulations on allowing procedure work on technical information security for own needs (Item 2 of the Section III)
Data on availability of subjects to information activities for holding confidential meetings, discussions and works on technical information security
|
Name of object |
Category of object, date and number of registration |
____________________ _______________ _____________________
(name of position of the head (signature) (own name surname)
state body)
____ ____________ 20 ___ river.
to Regulations on allowing procedure work on technical information security for own needs (Item 6 of the Section III)
The instruction on the right of conducting check
See Appendix 10 (19Kb In original language)
to Regulations on allowing procedure work on technical information security for own needs (Item 7 of the Section III)
Inspection statement of conditions of work on technical information security for own needs
See Appendix 11 (21Kb In original language)
to Regulations on allowing procedure work on technical information security for own needs (Item 10 of the Section IV)
The instruction about elimination of violations of requirements of allowing procedure for work for technical information security for own needs
See Appendix 12 (22Kb In original language)
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.