of June 22, 2026 No. 345/Tax Code
About introduction of amendments to the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code "About Approval of Technique and Rules of Carrying Out Testing of Objects of Informatization of " the Electronic Government " and Crucial Objects of Information and Communication Infrastructure on Compliance to Requirements of Information Security"
I ORDER:
1. Bring in the order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code "About Approval of Technique and Rules of Carrying Out Testing of Objects of Informatization of " the Electronic Government " and Crucial Objects of Information and Communication Infrastructure on Compliance to Requirements of Information Security" (it is registered in the Register of state registration of regulatory legal acts for No. 18795) the following changes:
state heading in the following edition:
"About approval of technique and rules of carrying out testing of digital objects of "the digital government" and crucial digital objects on compliance to requirements of cyber security";
state preamble in the following edition:
"According to the subitem 5) of article 7-1 of the Law of the Republic of Kazakhstan "About cyber security" and the subitem 52) of Item 15 of the Regulations on the Ministry of the artificial intelligence and digital development of the Republic of Kazakhstan approved by the order of the Government of the Republic of Kazakhstan of October 9, 2025 No. 846, I ORDER:";
state Item 1 in the following edition:
"1. Approve:
1) the Technique of carrying out testing of digital objects of "the digital government" and crucial digital objects on compliance to requirements of cyber security according to appendix 1 to this order;
2) Rules of carrying out testing of digital objects of "the digital government" and crucial digital objects on compliance to requirements of cyber security according to appendix 2 to this order.";
The technique of carrying out testing of digital objects of "the digital government" and crucial digital objects on compliance to requirements of cyber security approved by the specified order to be reworded as follows according to appendix 1 to this order;
The rules of carrying out testing of digital objects of "the digital government" and crucial digital objects on compliance to requirements of cyber security approved by the specified order to be reworded as follows according to appendix 2 to this order.
2. To provide to committee on information security of the Ministry of artificial intelligence and digital development of the Republic of Kazakhstan in the procedure established by the legislation of the Republic of Kazakhstan:
1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;
2) placement of this order on Internet resource of the Ministry of artificial intelligence and digital development of the Republic of Kazakhstan after its official publication;
3) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of artificial intelligence and digital development of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1) and 2) of this Item.
3. To impose control of execution of this order on the supervising vice-minister of artificial intelligence and digital development of the Republic of Kazakhstan.
4. This order becomes effective since July 12, 2026 and is subject to official publication.
Acting minister of artificial intelligence and digital development of the Republic of Kazakhstan
D. Musaliyev
|
It is approved Committee of homeland security of the Republic of Kazakhstan |
|
Appendix 1
to the Order of the acting minister of artificial intelligence and digital development of the Republic of Kazakhstan of June 22, 2026 No. 345/Tax Code
Appendix 1
to the Order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan of June 3, 2019 No. 111/Tax Code
1. This Technique of carrying out testing of digital objects of "the digital government" and crucial digital objects on compliance to requirements of cyber security (further – the Technique) is developed according to the subitem 5) of article 7-1 of the Law of the Republic of Kazakhstan "About cyber security" and the subitem 52) of Item 15 of the Regulations on the Ministry of the artificial intelligence and digital development of the Republic of Kazakhstan approved by the order of the Government of the Republic of Kazakhstan of October 9, 2025 No. 846.
2. In this Technique the following concepts and reducings are used:
1) program bookmark – it is reserved brought in the software (further – ON) the functional object providing unauthorized access and (or) impact to digital object;
2) backdoor – malicious software for receipt of unauthorized access to the software by authentication bypass, and also other standard methods and security technologies;
3) not declared opportunities (further – NDV) – the functionality ON which is not reflected or not corresponding described in the specifications and technical documentation;
4) manual testing for penetration – legitimate assessment of security of digital objects using the safe and controlled attacks, detection of vulnerabilities and attempts of their operation without the actual damage of activities of the applicant;
5) application software – software complex for the solution of applied task of certain class of subject domain;
6) the supplier – the public technical service or accredited test laboratory;
7) the public technical service – the state legal entity created according to the decision of the Government of the Republic of Kazakhstan;
8) vulnerability – the lack of digital object creating cyber security threat;
9) the applicant – the owner or the owner of object of testing, and also the physical person or legal entity authorized by the owner or the owner of object of testing who submitted the request for carrying out testing of digital object for compliance to requirements of cyber security;
10) the confidential channel – means of interaction between functions of safety of objects of testing (further – FBO) and remote confidential product of digital technologies, providing necessary degree of confidence in maintenance of security policy of objects of testing;
11) confidential route – the means of interaction between the user and FBO providing confidence in maintenance of security policy of objects of testing;
12) the SYNAQ Internet portal – the Internet portal of the public technical service intended for automation of process of rendering service in testing of digital objects for compliance to requirements of cyber security;
13) object of testing – digital object concerning which works on conformity testing to requirements of cyber security are carried out;
14) segment of network (subnet) of object of testing – logically allocated segment of network of object of testing;
15) functional object – the element (the procedure, function, branch or other of component) ON performing operations on realization of the finished program algorithm fragment;
16) route of accomplishment of functional objects – the sequence of the carried-out functional objects determined by algorithm;
17) the circle of regular operation – the target set of the server hardware, network infrastructure, the system software used at stage of trial operation (pilot project) and intended for application at stage of commercial operation of digital object.
3. Carrying out testing includes:
1) analysis of initial codes;
2) testing of functions of cyber security;
3) load testing;
4) inspection of network infrastructure;
5) inspection of processes of ensuring cyber security.
4. The analysis of initial codes of objects of testing is carried out for the purpose of detection of vulnerabilities ON according to the international classifications of vulnerabilities (Common Weakness Enumeration, Open Web Application Security Project Top 10, Open Web Application Security Project Mobile Top 10, Open Web Application Security Project Application Programming Interface Top 10), the international databases of vulnerabilities (Common Vulnerabilities and Exposures, National Institute of Standards and Technology) and the standard of the Republic of Kazakhstan 15408-3 "Information technologies. Methods and safety controls. Criteria for evaluation of safety of information technologies. Part 3. Requirements to ensuring protection".
The analysis of initial codes of objects of the testing referred to digital objects of "the digital government" is carried out for the purpose of identification of NDV and vulnerabilities ON according to the international classifications (Common Weakness Enumeration, Open Web Application Security Project Top 10, Open Web Application Security Project Mobile Top 10, Open Web Application Security Project Application Programming Interface Top 10), the international databases of vulnerabilities (Common Vulnerabilities and Exposures, National Institute of Standards and Technology) and the standard of the Republic of Kazakhstan 15408-3 "Information technologies. Methods and safety controls. Criteria for evaluation of safety of information technologies. Part 3. Requirements to ensuring protection".
5. The analysis of initial codes is carried out for ON, the subitem listed in tables 11) and the subitem 12) of Item 5 of the questionnaire questionnaire on characteristics of object of testing of appendix 2 to Rules of carrying out testing of digital objects of "the digital government" and crucial digital objects, on compliance to requirements of cyber security (further – Rules).
6. In case of detection of need of carrying out the repeated analysis of initial codes before the termination of term of testing, the applicant makes inquiry to the supplier and signs the supplementary agreement about carrying out the repeated analysis of initial codes according to Item 21 of Rules.
7. Detection of vulnerabilities ON is carried out with use of the software intended for the analysis of the source code based on the initial codes provided by the applicant.
Detection of vulnerabilities ON objects of the testing referred to digital objects of "the digital government" is carried out by manual method of the analysis of the source code and with use of the software intended for the analysis of the source code based on the initial codes provided by the applicant.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.