ORDER OF THE MINISTER OF DIGITAL DEVELOPMENT, INNOVATIONS AND AEROSPACE INDUSTRY OF THE REPUBLIC OF KAZAKHSTAN

of April 30, 2024 No. 257/Tax Code

About introduction of amendments to some orders

I ORDER:

1. Approve the enclosed list of some orders to which changes are made (further – the list).

2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan in the procedure established by the legislation:

1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan after its official publication;

3) within ten working days after state registration of this order submission to Legal department of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1) and 2) of this Item.

3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.

4. This order becomes effective after ten calendar days after day of its first official publication, except for the subitem 5) of Item 2 and parts two, the third and fourth Item 37 of Rules of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security of appendix 2 to the list which become effective since July 1, 2024.

It is approved Committee of homeland security of the Republic of Kazakhstan

Approved by the Order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of April 30, 2024, No. No. 257/Tax Code

The list of some orders to which changes are made

1. Bring in the order of the acting minister on investments and development of the Republic of Kazakhstan of January 28, 2016 No. 129 "About approval of Rules of creation, development, operation, acquisition of objects of informatization of "the electronic government", and also information and communication services" (it is registered in the Register of state registration of regulatory legal acts for No. 13282) the following change:

in Rules of creation, development, operation, acquisition of objects of informatization of "the electronic government", and also the information and communication services approved by the specified order:

in Item 9:

3) to state the subitem in the following edition:

"3) testing of object of informatization of "the electronic government" for compliance to requirements of information security (further – testing) according to article 49 of the Law.

Testing is performed in the terms and procedure determined by the Technique and rules of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security approved by the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code (it is registered in the Register of state registration of regulatory legal acts for No. 18795).".

2. Bring in the order of the Minister of information and communications of the Republic of Kazakhstan of January 29, 2018 No. 29 "About approval of Rules of forming of the list of the objects of information and communication infrastructure of "the electronic government" assigned to the operator of information and communication infrastructure of "the electronic government" (it is registered in the Register of state registration of regulatory legal acts for No. 16331) the following change:

in Rules of forming of the list of the objects of information and communication infrastructure of "the electronic government" assigned to the operator of information and communication infrastructure of "the electronic government", approved by the specified order:

1) of Item 5 to state the subitem in the following edition:

"1) in case of inclusion in the List of information system:

description of information system;

copy of technical documentation;

the document on delivery in commercial operation;

data on the number of the registered users of information system;

the number of the state bodies using information system and quantity of objects on which the information system is implemented (the state bodies subordinated to the organization, territorial subdivisions);

copies of test reports on compliance to requirements of information security (test reports which terms expired if the information system is at development stage).".

3. Bring in the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code "About Approval of Technique and Rules of Carrying Out Testing of Objects of Informatization of " the Electronic Government " and the Information Systems Carried to Crucial Objects of Information and Communication Infrastructure on Compliance to Requirements of Information Security" (it is registered in the Register of state registration of regulatory legal acts for No. 18795) the following changes:

to state heading of the order in the following edition:

"About approval of technique and rules of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security";

to state preamble of the order in the following edition:

"According to the subitem 5) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" I ORDER:";

state Item 1 in the following edition:

"1. Approve:

1) the Technique of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security according to appendix 1 to this order;

2) Rules of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security according to appendix 2 to this order.";

Technique of carrying out testing of objects of informatization of "the electronic government" and the information systems carried to crucial objects of information and communication infrastructure, on compliance to requirements of information security, approved by the specified order to be reworded as follows according to appendix 1 to this list;

Rules of carrying out testing of objects of informatization of "the electronic government" and information systems carried to crucial objects of information and communication infrastructure, on compliance to requirements of information security, approved by the specified order to be reworded as follows according to appendix 2 to this list.

4. Bring in the order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of July 25, 2019 No. 174/Tax Code "About approval of Rules of accounting of data on objects of informatization of "the electronic government" and placements of electronic copies of technical documentation of objects of informatization of "the electronic government" (it is registered in the Register of state registration of regulatory legal acts for No. 19104) the following change:

in Rules of accounting of data on objects of informatization of "the electronic government" and placements of electronic copies of technical documentation of the objects of informatization of "the electronic government" approved by the specified order:

2) appendices 1 to state the subitem in the following edition:

"2) the Data on carrying out conformity testings to requirements of information security of objects of informatization (test reports on compliance to requirements of information security) approved by the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code "About Approval of Technique and Rules of Carrying Out Testing of Objects of Informatization of " the Electronic Government " and Crucial Objects of Information and Communication Infrastructure on Compliance to Requirements of Information Security" (No. 18795) is registered in the Register of state registration of regulatory legal acts of the Republic of Kazakhstan;".

Appendix 1

to the List of some orders to which changes are made

Appendix 1

to the Order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code

Technique of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security

Chapter 1. General provisions

1. This Technique of carrying out testing of objects of informatization of "the electronic government" and crucial objects of information and communication infrastructure on compliance to requirements of information security (further – the Technique) is developed according to the subitem 5) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization".

2. In this Technique the following basic concepts and reducings are used:

1) program bookmark – it is reserved brought in the software (further – ON) the functional object providing unauthorized access and (or) impact to object of informatization;

2) backdoor – malicious software for receipt of unauthorized access to the software by authentication bypass, and also other standard methods and security technologies;

3) not declared opportunities (further – NDV) – the functionality ON which is not reflected or not corresponding described in technical documentation;

4) manual testing for penetration – legitimate assessment of security of objects of informatization using the safe and controlled attacks, detection of vulnerabilities and attempts of their operation without the actual damage of activities of the applicant;

5) the supplier – the public technical service or accredited test laboratory;

6) the public technical service – the joint-stock company created according to the decision of the Government of the Republic of Kazakhstan;

7) vulnerability – lack of object of informatization which use can lead to violation of integrity and (or) confidentiality, and (or) availability of object of informatization;

8) the applicant – the owner or the owner of object of testing, and also the physical person or legal entity authorized by the owner or the owner of object of testing who submitted the request for carrying out testing of object of informatization for compliance to requirements of information security;

9) the confidential channel – means of interaction between functions of safety of objects of testing (further – FBO) and remote confidential product of information technologies, providing necessary degree of confidence in maintenance of security policy of objects of testing;

10) confidential route – the means of interaction between the user and FBO providing confidence in maintenance of security policy of objects of testing;

11) object of testing – object of informatization concerning which works on conformity testing to requirements of information security are carried out;

12) segment of network (subnet) of object of testing – logically allocated segment of network of object of testing;

13) functional object – the element (the procedure, function, branch or other of component) ON performing operations on realization of the finished program algorithm fragment;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info