It is registered
Ministry of Justice
Russian Federation
On October 26, 2023 No. 75743
of September 25, 2023 No. 6541-U
About the list of the safety hazards urgent in case of processing of biometric personal data, vectors of single biometric system, check and information transfer about degree of compliance of vectors of single biometric system to the provided biometric personal data of physical person in information systems of the organizations of the financial market performing authentication on the basis of biometric personal data of physical persons, except for single biometric system, and also information systems of the organizations of the financial market, other organizations, individual entrepreneurs, urgent in case of interaction, with the specified information systems
Based on Item 2 of part 4 of article 7 of the Federal Law of December 29, 2022 No. 572-FZ "About implementation of identification and (or) authentication of physical persons with use of biometric personal data, about modification of separate legal acts of the Russian Federation and recognition voided separate provisions of legal acts of the Russian Federation":
1. This Instruction determines the list of the safety hazards urgent in case of processing of biometric personal data, vectors of single biometric system, check and information transfer about degree of compliance of vectors of single biometric system to the provided biometric personal data of physical person in information systems of the organizations of the financial market specified regarding 1 article 3 of the Federal Law of December 29, 2022 to No. 572-FZ "About implementation of identification and (or) authentication of physical persons with use of biometric personal data, about modification of separate legal acts of the Russian Federation and recognition voided separate provisions of legal acts of the Russian Federation" (further respectively - the organizations of the financial market, the Federal Law of December 29, 2022 No. 572-FZ) and performing authentication on the basis of biometric personal data of physical persons, except for single biometric system, and also information systems of the organizations of the financial market, other organizations, individual entrepreneurs, urgent in case of interaction, with the specified information systems, taking into account assessment of possible harm which is carried out in accordance with the legislation of the Russian Federation about personal data:
1.1. Integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of biometric personal data urgent in case of processing of biometric personal data with use of the mobile (figurative) devices of computer facilities (including tablets and electronic terminals) belonging to the organizations of the financial market for the purpose of authentication of physical person according to parts 1 and 4 of article 16 of the Federal Law of December 29, 2022 No. 572-FZ, including by realization of purposeful actions with use of the opportunities specified in Item 10 of Structure and content of organizational and technical measures for safety of personal data in case of their processing in information systems of personal data with use of means of cryptographic information security the necessary for accomplishment requirements to personal data protection established by the Government of the Russian Federation for each of the levels of security approved by the order of Federal Security Service of the Russian Federation of July 10, 2014 No. 378 <1> (further - Structure and content of organizational and technical measures), in case of application of means (systems) of information security from unauthorized access which underwent assessment of conformity in the form of obligatory certification it is not lower than 4 levels of credibility according to the order of the Federal Service for Technical and Export Control of June 2, 2020 No. 76 <2>, or with use of the opportunities specified in Item 11 of Structure and content of organizational and technical measures.
--------------------------------
<1> Registration No. 33620 is registered by the Ministry of Justice of the Russian Federation on August 18, 2014.
<2> Registration No. 59772, with the changes made by the order of FSTEC of Russia of April 18, 2022 No. 68 is registered by the Ministry of Justice of the Russian Federation on September 11, 2020 (registration No. 69318) is registered by the Ministry of Justice of the Russian Federation on July 20, 2022.
1.2. Integrity violation threats (substitutions, removals), violations of confidentiality (compromise) of biometric personal data and information on degree of compliance of vectors of single biometric system to the provided biometric personal data of physical person in information systems of the organizations of the financial market performing authentication on the basis of biometric personal data of physical persons, except for single biometric system (further - information on compliance degree), urgent when processing biometric personal data and information on compliance degree with use of the stationary computer aids and ATMs belonging to the organizations of the financial market for the purpose of authentication of physical person according to parts 1 and 4 of article 16 of the Federal Law of December 29, 2022 No. 572-FZ, including by realization of purposeful actions with use of opportunities, specified in Item 11 of Structure and content of organizational and technical measures.
1.3. Integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of biometric personal data urgent in case of processing of biometric personal data with use of devices of physical person, terminals of the information systems providing functioning of check-points for the purpose of authentication of physical person according to part 3 of Article 13 and part 1 of article 16 of the Federal Law of December 29, 2022 No. 572-FZ, including by realization of purposeful actions with use of the opportunities specified in Item 10 of Structure and content of organizational and technical measures.
1.4. The safety hazards urgent in case of processing of the biometric personal data except for specified in subitem 1.5 of this Item and also when processing, including in case of receipt and storage, information on degree of compliance, vectors of single biometric system in information systems of the organizations of the financial market performing authentication on the basis of biometric personal data of physical persons for the purpose of authentication of physical person:
integrity violation threat (substitutions, removals) biometric personal data, information on degree of compliance, vectors of single biometric system, including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures;
threat of violation of confidentiality (compromise) of biometric personal data, information on degree of compliance, vectors of single biometric system (in case of their obtaining from single biometric system), including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures.
1.5. Integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of biometric personal data urgent in case of storage of the biometric personal data used for the purpose of authentication for consideration of the addresses of subjects of the personal data assuming illegal processing of their biometric personal data when carrying out authentication and (or) disputing results of carrying out authentication according to Item 3 of part 1 of article 15 of the Federal Law of December 29, 2022 No. 572-FZ, including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures.
1.6. Integrity violation threats (substitutions, removals), violations of confidentiality (compromise) of biometric personal data and information on compliance degree, except for the threats specified in subitems 1.1 and 1.2 of this Item, urgent in case of interaction of information systems of the organizations of the financial market, other organizations, individual entrepreneurs with information systems of the organizations of the financial market performing authentication on the basis of biometric personal data of physical persons for the purpose of authentication of physical person according to part 4 of article 16 of the Federal Law of December 29, 2022 to No. 572-FZ including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures.
1.7. Integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of personal data urgent in case of provision of the financial market by the organizations according to part 6 of article 16 of the Federal Law of December 29, 2022 No. 572-FZ in single system of identification and authentication <1> of information the about physical persons containing in information systems of the organizations of the financial market including identifiers of such data, before use of information systems of the organizations of the financial market performing authentication on the basis of biometric personal data of physical persons for authentication, including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures.
--------------------------------
<1> Item 5 of article 2 of the Federal Law of December 29, 2022 No. 572-FZ.
2. This Instruction becomes effective after 10 days after day of its official publication.
3. From the date of entry into force of this Instruction to declare invalid the Instruction of the Bank of Russia of December 16, 2021 No. 6018-U "About the list of the safety hazards urgent in case of processing of biometric personal data, their check and information transfer about degree of their compliance to the provided biometric personal data of physical person in information systems of the organizations of the financial market performing identification and (or) authentication with use of biometric personal data of physical persons, except for single biometric system, and also the organizations of the financial market, other organizations, individual entrepreneurs, urgent in case of interaction, with the specified information systems" <1>.
--------------------------------
<1> It is registered by the Ministry of Justice of the Russian Federation on December 30, 2021, registration No. 66716.
Chairman of the Central bank of the Russian Federation
E. S. Nabiullina
|
It is approved Director of the Federal Security Service of the Russian Federation |
A. V. Bortnikov |
|
Director of the Federal Service for Technical and Export Control |
V. V. Selin |
|
Minister of digital development, communication and mass communications of the Russian Federation |
M. I. Shadayev |
|
CEO of Center of Biometric Technologies joint-stock company |
V.Yu.Povolotsky |
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.