of November 16, 2016 No. 821
Some questions of licensing of economic activity on provision of services in the field of cryptographic information security (except services of the digital signature) and technical information security according to the list which is determined by the Cabinet of Ministers of Ukraine
According to Item and part two of article 9 of the Law of Ukraine "About licensing of types of economic activity" the Cabinet of Ministers of Ukraine decides 8 parts one of Article 7:
1. Approve enclosed:
the resolution of the Cabinet of Ministers of Ukraine of May 18, 2011 No. 517 "About approval of the list of services in the field of technical information security which economic activity on provision is subject to licensing" (The Official Bulletin of Ukraine, 2011, No. 37, of the Art. 1529);
the resolution of the Cabinet of Ministers of Ukraine of May 25, 2011 No. 543 "About approval of lists of services in the field of cryptographic information security (except services of the digital signature) and cryptosystems and means of cryptographic information security concerning which economic activity is subject to licensing" (The Official Bulletin of Ukraine, 2011, No. 39, of the Art. 1611).
Prime Minister of Ukraine
V. Groysman
Approved by the Resolution of the Cabinet of Ministers of Ukraine of November 16, 2016 No. 821
General provisions
1. These Licensed conditions establish the exhaustive list of the documents enclosed to the application for receipt of the license, the personnel, organizational and production requirements obligatory for accomplishment when implementing economic activity on provision of services in the field of cryptographic information security (except services of the digital signature) and technical information security according to the list which is determined by the Cabinet of Ministers of Ukraine (further - the licensed activities).
2. In these Licensed conditions terms are used in such value:
certification of complex of technical information security - assessment of conformity of complex of technical information security to requirements of regulating documents in the field of technical information security;
production - process of the organization and production of cryptosystems and means of cryptographic information security;
the non-residential premise - the house or construction (part of the building or construction) which do not belong to housing stock separated by the building protecting constructions (walls, overlappings), have separate entrance, are not used at the same time by other legal entities and physical persons, belonging to the subject of managing on the property rights or other corporeal rights in which licensed activities in the field of cryptographic information security are made;
expert evaluations in the field of technical information security - the organization and carrying out expert works and/or expert testing for the purpose of check, the analysis and assessment of objects of examination regarding their compliance to requirements of regulating documents in the field of technical information security;
operational documentation - the textual, graphical design records of the developer (manufacturer) of cryptosystems and means of cryptographic information security developed according to rules and requirements of the corresponding standard system of documentation which determine necessary amounts, rules and methods of maintenance, installation (installation), setup, adjustment of cryptosystems and means of cryptographic information security, and also methods of their testing, testing, operation and repair;
means of technical information security - technical and software which basic functional purpose is information security from threats of leakage, violation of integrity and blocking; technical means in which in addition to basic purpose functions on information security are provided; the means intended, specially developed or adapted for search of mortgage devices or assessment of security of information;
the mortgage device - the technical tool of secret receipt of information placed on subject to information activities with concealment from detection by person which has no relation to use of the technical tool, the fact of its availability and/or application therefore the threat of information leakage from subject to information activities is created;
complex (system) of information security - set of the actions and means intended for ensuring technical information security in information system or on object;
installation (installation), setup of cryptosystems and means of cryptographic information security - transaction or complex of transactions on installation, creation, connection, setup, adjustment, testing of operating modes, checks of working capacity (functioning) of cryptosystems and means of cryptographic information security according to requirements of the operational and regulating documentation of the developer (manufacturer) concerning cryptosystems and means of cryptographic information security;
services in identification of mortgage devices - carrying out search actions for identification of the technical channels of information leakage which are formed due to use of mortgage devices;
services in assessment of security of information, subject to licensing, certification of complexes of technical information security and expert evaluations in the field of technical information security;
deliveries - any transactions performed according to purchase and sale agreements, exchanges, deliveries and to other civil agreements providing transfer of property on cryptosystems and means of cryptographic information security for compensation irrespective of terms of its provision, and also transaction with free delivery of cryptosystems and means of cryptographic information security and transaction on their transfer by the lessor (lessor) on balance of the lessee (leasing recipient) according to agreements of finance lease (leasing) or delivery of cryptosystems and means of cryptographic information security according to other agreements which conditions provide payment deferral and transfer of property no later than date of the last payment;
repair - complex of transactions for recovery of serviceable condition or working capacity or resource of cryptosystems and means of cryptographic information security or their components;
development and creation of design and other technical documentation creation according to rules and requirements of the corresponding standard system of documentation of the design and other technical documentation necessary for designing, developments, productions, using (operation), installation (installation), setup, testing, modification, upgrade, maintenance, repair of cryptosystems and means of cryptographic information security;
the office - the non-residential premise belonging to the subject of managing on the property rights or uses in which there is its executive body or persons who according to constituent documents of the legal entity or the legislation act from his name and has certain postal address;
maintenance (maintenance) of cryptosystems and means of cryptographic information security - transaction or complex of transactions on maintenance of cryptosystems and means of cryptographic information security in condition, operational and suitable for operation, in case of their proper use according to requirements of operational documentation of the developer (manufacturer) concerning cryptosystems and means of cryptographic information security and the regulating documentation concerning cryptosystems and means of cryptographic information security;
utilization - accomplishment of the organizational, scientific and technical, economic, ecological, sanitary, anti-epidemic and other works providing conversion of cryptosystems and means of cryptographic information security.
Terms "separate division", "expert researches", "electronic document", "means of cryptographic information security", "the information (automated) system", "complex of technical information security", "complex system of information security", "cryptographic information security", "cryptographic system (cryptosystem)", "subject to information activities", "services of the digital signature", "the safety mode", "the subject of system of technical information security", "case studies", "technical information security" are used in the value given in the Laws of Ukraine "About state registration of legal entities, physical persons entrepreneurs and public forming", "About the digital signature", "About electronic documents and electronic document management", "About information security in information and telecommunication systems" "About Public service of special communication and information security of Ukraine", Regulations on the procedure of cryptographic information security in Ukraine approved by the Presidential decree of Ukraine of May 22, 1998 No. 505, the Regulations on technical information security in Ukraine approved by the Presidential decree of Ukraine of September 27, 1999 No. 1229.
3. Action of these Licensed conditions extends to the subjects of managing performing licensed activities.
The subject of managing can perform licensed activities for provision of all or separate types of service determined by the list of services in the field of cryptographic information security (except services of the digital signature) and technical information security concerning which economic activity is subject to licensing, the approved Cabinet of Ministers of Ukraine (further - the list of services).
If the subject of managing performs licensed activities for provision of separate types of service, action of these Licensed conditions extends to it only in the part establishing requirements about provision of the type of service chosen by it.
4. According to the Section I of the list of services to licensing services in the field of cryptographic information security which belongs to the state information resources are subject, to information which requirement concerning protection is established by the law, the confidential information given by its owner to the state and it is processed in information and telecommunication systems of state bodies.
5. The license applicant submits the method provided by part one of article 10 of the Law of Ukraine "About licensing of types of economic activity" (further - the Law), to body of licensing the statement for receipt of the license (appendix 1) together with the documents specified in the Law.
Supporting documents are enclosed to the application for receipt of the license for implementation of the licensed activities with the signature of the license applicant (appendices 2-9) about availability:
the specialists necessary for provision of the corresponding type of service in the field of cryptographic information security (except services of the digital signature) and technical information security, with indication of their educational and qualification level and length of service, and also admissions to the state secret at the specialists involved (whose attraction is provided) to provision of services and data on employment contracts with hired employees;
means of the measuring equipment and control, supportive applications and the equipment, the information (automated) systems and/or technical means of information processing providing provision of the corresponding types of service in the field of cryptographic information security (except services of the digital signature) and technical information security, with indication of their name, type, serial number, data on confirmation of the property right to them or use of them, dates of the last checking;
the regulatory framework providing provision of the corresponding types of service in the field of cryptographic information security (except services of the digital signature) and technical information security;
the special operating authority, connected with the state secret, with indication of its registration number, category, date of issue and the termination of effective period, the name of body (division) which issued it, locations of regime and confidential body;
rooms, computer aids, information and telecommunication systems (complexes) necessary for provision of the corresponding types of service in the field of cryptographic information security, with indication of their name, data on certification (category of the room, means, system (complex) who and when carries out certification, license number) (in case of receipt of the license for implementation of economic activity on provision of services in the field of cryptographic information security (except services of the digital signature);
own or leased service, production premises necessary for provision of the corresponding types of service in the field of cryptographic information security, with indication of their number, the appointment, the area, the name of means of the measuring equipment, the equipment and the equipment installed and used in these rooms, details and the name of the document certifying the property right or uses of rooms and also nature of operation of the building to destination (in case of receipt of the license for implementation of economic activity on provision of services in the field of cryptographic information security (except services of the digital signature);
the information (automated) systems and/or the technical means of processing of the classified information necessary for provision of the corresponding types of service in the field of technical information security, with indication of the name of object of electronic computer facilities and/or subject to information activities (the room where the information (automated) system and/or technical means of processing of the classified information is located), the information (automated) system and/or technical means of processing of the classified information, category of object of electronic computer facilities and/or subject to information activities, numbers and registration dates of the certificate of compliance of complex system of information security of the information (automated) system and/or the act of certification of complex of technical information security (in case of receipt of the license for implementation of economic activity on provision of services in the field of technical information security regarding assessment of security of information which is not the state secret, or information of all types, including information which is the state secret);
subjects to information activities for holding confidential meetings, discussions and works on technical information security with indication of their name and category, number and registration date of the act of certification of complex of technical information security (in case of receipt of the license for implementation of economic activity on provision of services in the field of technical information security regarding assessment of security of information which is not the state secret, or information of all types, including information which is the state secret) (in case of need).
The statement for receipt of the license and documents attached to it are accepted according to the inventory (appendix 10).
6. In the presence at the license applicant of branches, other separate divisions which will perform licensed activities places of implementation of economic activity by them are specified in the statement for receipt of the license and supporting documents to the statement are filed on each branch, separate division.
7. For renewal of the license the licensee submits the application for renewal of the license to body of licensing (appendix 11).
8. For narrowing of implementation of licensed activities the licensee submits the application for narrowing of implementation of economic activity to body of licensing (appendix 12).
9. For expansion of implementation of licensed activities the licensee submits the application for expansion of production of economic activity to body of licensing (appendix 13).
Requirements concerning implementation of licensed activities in the field of cryptographic information security
Personnel requirements
10. The license applicant or the licensee in the field of cryptographic information security shall have:
the organizational structure approved by the director in which divisions and/or specialists who will provide accomplishment of the administrative leading, technological functions on the declared type of service are specified;
regulations on structural divisions and/or job descriptions of the workers involved to direct implementation of the declared type of activity, approved in accordance with the established procedure and constituted taking into account the staff list, distribution of obligations, powers of workers;
engineering employees and workers whose list, the profession and qualification corresponds to organizational structure of the company.
11. Contractors depending on the declared type of service shall have the appropriate educational and qualification level.
Heads of production and functional divisions shall have the higher education of appropriate level and degree (the master, the specialist) in knowledge domain "Information security" or the higher technical education of the professional direction according to the chosen type of service with additional preparation on rates of retraining and advanced training of specialists concerning cryptographic information security in the directions of preparation according to the chosen type of service or length of service in the field of cryptographic information security on the chosen type of service at least three years.
Professionals and specialists shall have the higher education of appropriate level and degree (the master, the specialist, the bachelor, the junior specialist).
12. To contractors on provision of services on development and creation of design and other technical documentation, production of cryptosystems and means of cryptographic information security (with provision of the right to implementation of activities in the field of the cryptographic information security which is the state secret, the rights to implementation of activities in the field of cryptographic protection of office information) are established such personnel requirements:
to the chief designer or the specialist to whom obligations of the chief designer - the higher education of appropriate level and degree are assigned (the master, the specialist), length of service as the head of the lowest level at least three years, specialization by training according to Sections (parts) of the specification and/or the project, and also experiment on creation of defense products (in case of accomplishment of functions of the general designer of cryptosystems and means of cryptographic information security according to the state defense order);
to the contractor - the higher education of appropriate level and degree (the master, the specialist, the bachelor, the junior specialist), length of service in at least three years, specialization by training according to Sections (parts) of the specification and/or the project;
to other professionals, specialists - according to organizational structure of the company, specialization by training according to Sections (parts) of the specification and/or the project.
13. To contractors on provision of services on delivery, installation (installation), setup, maintenance (maintenance), repair and/or utilization of cryptosystems and means of cryptographic information security (with provision of the right to implementation of activities in the field of the cryptographic information security which is the state secret, the rights to implementation of activities in the field of cryptographic protection of office information) such personnel requirements are established:
to the chief engineer or the specialist to whom obligations of the chief engineer are assigned, - the higher education of appropriate level and degree (the master, the specialist), length of service as the head of the lowest level at least three years, specialization by training according to types of service on delivery, installation and setup, maintenance (maintenance), repair and/or utilization of cryptosystems and means of cryptographic information security;
to the contractor - the higher education of appropriate level and degree (the master, the specialist, the bachelor, the junior specialist), length of service in at least three years, specialization by training according to types of service on delivery, installation, setup and maintenance (maintenance), repair and/or utilization of cryptosystems and means of cryptographic information security;
to other professionals, specialists - according to organizational structure of the company, specialization by training according to types of service on delivery, installation, setup and maintenance (maintenance), repair and/or utilization of cryptosystems and means of cryptographic information security.
14. To contractors on provision of services of rather case and expert studies of cryptosystems and means of cryptographic information security (with provision of the right to implementation of activities in the field of the cryptographic information security which is the state secret, the rights to implementation of activities in the field of cryptographic protection of office information) the following personnel requirements are established:
to the contractor - the higher education of appropriate level and degree (the master, the specialist, the bachelor, the junior specialist), length of service in at least three years, specialization by training according to types of service on carrying out case and expert studies of cryptosystems and means of cryptographic information security;
to other professionals, specialists - according to organizational structure of the company, specialization by training according to types of service on carrying out case and expert studies of cryptosystems and means of cryptographic information security.
In length of service in the field of cryptographic information security length of service and/or services on positions in subjects of system of cryptographic information security on which job responsibilities provide accomplishment of the tasks on cryptographic information security connected with the chosen types of service is set off.
15. Specialists according to the functional obligations shall be able:
use the available equipment providing provision of the chosen type of service;
perform processing of results of the services provided on the license, process reporting (final) documents.
16. The director and heads of production and functional divisions shall work for the subject of managing on principle place of employment according to the staff list.
Organizational requirements
17. The licensee in the field of cryptographic information security shall store:
documents which copies moved to body of licensing according to requirements of the Law, and documents (copies) confirming accuracy of the data which were noted by the license applicant in documents which were filed to body of licensing according to requirements of the Law and these Licensed conditions (during action of the license);
the documents confirming introduction of payment for licensing (during action of the license);
copies of the reporting (final) documents developed during provision according to the license of services (on papers or in the form of electronic documents during the term determined in the contract between him and the customer of services, but at least five years);
lease agreements of the equipment providing provision of the corresponding types of service in the field of cryptographic information security (within five years);
documents (copies) certifying checking own and leased (in case of lease of the equipment) means of the measuring equipment (within five years).
18. The licensee shall report to body of licensing about change of data (including expansion, narrowing of implementation of type of economic activity) which are specified in its documents enclosed to the application for receipt of the license, in time no later than one month from the date of approach of such changes.
19. On the written appeal of body of licensing the licensee informs on results of licensed activities in the field of cryptographic information security (appendix 14).
20. During licensing by body at the procedure for test of observance by the licensee established by the legislation in the field of cryptographic information security of requirements of these Licensed conditions there shall be head of the licensee either his deputy or other authorized person of the licensee.
21. In case of the planned or unplanned termination of the licensed activities in the field of cryptographic information security (in connection with impossibility of use (lack) of material and technical resources (means of the measuring equipment and control and the equipment, supportive applications, the information (automated) systems and/or technical means of the information processing) necessary for provision of the corresponding types of service in the field of cryptographic information security, emergence of force majeure circumstances, etc.) the licensee for recovery of such activities shall provide fulfillment of requirements of these Licensed conditions.
Production requirements
22. The license applicant or the licensee in the field of cryptographic information security shall have:
service and production premises which provide technological conditions of provision of the corresponding types of service in the field of cryptographic information security;
own or on right to use of means of the measuring equipment and control and the equipment, supportive applications, the information (automated) systems and/or technical means of information processing providing provision of the corresponding type of service in the field of cryptographic information security according to the established production requirements which underwent maintenance according to requirements of the regulating documentation and are in proper technical condition;
regulatory framework (regulatory legal acts and standards in the field of cryptographic information security, other standards and regulating documents in electronic form or on papers (the acts and documents having access restriction signature stamp only on papers) that provides provision of the corresponding type of service in the field of cryptographic information security. The list of such documents is determined by Administration of Gosspetssvyaz;
rooms for work with customers of services, storage of the equipment providing provision of the chosen type of service, processings and document storages developed during provision of services according to the license.
23. Program and other products which are objects of intellectual property right shall be used by the licensee based on the corresponding license agreement signed with the owner of such rights.
24. The license applicant or the licensee performs implementation of licensed activities in the field of cryptographic information security in case of:
completeness computer, multiplying and organizational facilities, corresponding software necessary for creation (creation) of design and other technical documentation;
availability of information support for creation (creation) of design and other technical documentation, possibility of operational modification and amendments in such documentation, conditions of its accounting, storage and effective control which provides completeness of design and other technical documentation and also regulates procedure for access to it;
ensuring implementation of incoming inspection behind the cryptosystems and means of cryptographic information security which are subject to installation and setup;
availability of system of maintenance and repair of cryptosystems and means of cryptographic information security;
availability of the gages, the corresponding techniques and instructions necessary for setup, check of the set parameters and product quality and technological transactions;
implementation of installation (installation), setup, maintenance (maintenance) of cryptosystems and means of cryptographic information security according to the working design, operational and regulating documentation concerning cryptosystems and means of cryptographic information security.
25. Availability at the licensee of the license for implementation of the licensed activities in the field of the cryptographic information security which is the state secret grants the right to implementation of the licensed activities in the field of cryptographic protection of the office information open for information relating to the state information resources, the confidential information given by its owner to the state and is processed in information and telecommunication systems of state bodies.
Availability at the licensee of the license for implementation of the licensed activities in the field of cryptographic protection of office information grants the right to implementation of the licensed activities in the field of cryptographic protection of the open information relating to the state information resources, the confidential information given by its owner to the state and is processed in information and telecommunication systems of state bodies.
26. For implementation of licensed activities in the field of the cryptographic information security which is the state secret, the license applicant or the licensee shall have:
the special operating authority, connected with the state secret. The category of the mode of privacy specified in special permission shall correspond to degree of privacy of data which use is provided on the corresponding type of service;
specialists whose activities are directly connected with the state secret, with the corresponding admissions to the state secret. The form of admissions shall correspond to degree of privacy of data to which such specialists are allowed (their admission is provided);
rooms with the complexes of technical information security created and certified on compliance to requirements of regulating documents for technical information security which are equipped according to requirements of regulatory legal acts for safety issues of special communication;
technical means of processing of the classified information and/or the information (automated) systems in which the complex system of information security with the confirmed compliance is created (in case of need).
27. Implementation of licensed activities in the field of the cryptographic information security which is the state secret is performed within effective period of the special operating authority, connected with the state secret, and admissions to the state secret of workers whose activities are directly connected with the state secret.
28. Implementation of licensed activities in the field of cryptographic information security is performed according to the mode of safety of the address with means of cryptographic protection of the office information and information which is the state secret, regulating and operational documentation to them.
Requirements concerning implementation of licensed activities in the field of technical information security
Personnel requirements
29. The license applicant or the licensee in the field of technical information security shall have regular or hired specialists on the agreement, quantitative structure and which education provides provision of the corresponding type of service.
All specialists of the company involved (whose involvement is provided) to rendering services in the field of technical information security, shall conform to the personnel requirements determined by these Licensed conditions.
30. For implementation of economic activity on provision of services according to security of information which is not the state secret, the license applicant or the licensee shall have the specialist (specialists) with the higher education in knowledge domain "Information security" or the higher technical education of the professional direction according to the chosen type of service with additional preparation on rates of retraining and advanced training of specialists concerning technical information security in the directions of preparation according to chosen type of service or length of service in the field of technical information security which accomplishment provided information security from unauthorized actions in the information (automated) systems, the organization and/or accomplishment of expert testing (works) on technical information security, at least three years.
31. For implementation of economic activity on provision of services according to security of information of all types, including information which is the state secret, the license applicant or the licensee shall have:
specialists with the higher education in knowledge domain "Information security" or the higher technical education of the professional direction according to the chosen type of service with additional preparation on rates of retraining and advanced training of specialists concerning technical information security in the directions of preparation according to the chosen type of service or length of service in the field of technical information security which accomplishment provided information security which carriers are acoustic or electromagnetic fields and electric signals, at least three years;
the specialist (specialists) who conform to the requirements determined in Item 30 of these Licensed conditions.
32. For implementation of economic activity on provision of services on identification of mortgage devices the license applicant or the licensee shall have specialists with the higher education in knowledge domain "Information security" or the higher technical education of the professional direction according to the chosen type of service with additional preparation on rates of retraining and advanced training of specialists concerning technical information security in the directions of preparation according to the chosen type of service or length of service in the field of technical information security which accomplishment provided information security which carriers are acoustic or electromagnetic fields and electric signals, and/or identifications of mortgage devices, at least three years.
33. In length of service in the field of technical information security length of service and/or services on positions in subjects of system of technical information security on which job responsibilities provide accomplishment of the tasks on technical information security connected with the chosen types of service is set off.
Organizational requirements
34. The licensee in the field of technical information security shall store:
documents which copies moved to body of licensing according to requirements of the Law, and documents (copies) confirming accuracy of the data which were noted by the license applicant in documents which were filed to body of licensing according to requirements of the Law and these Licensed conditions (during action of the license);
the documents confirming introduction of payment for licensing (during action of the license);
copies of the reporting (final) documents developed during provision according to the license of services, including copies of protocols with results of measurements, and also calculations which were carried out in case of measure definition of security of information from leakage on technical channels (on papers or in the form of electronic documents during the term determined in the contract between him and the customer of services, but at least five years);
lease agreements of the equipment providing provision of the corresponding types of service in the field of technical information security (within five years);
documents (copies) certifying checking of own and/or leased means of the measuring equipment (within five years).
35. During licensing by body at the procedure for test of observance by the licensee established by the legislation in the field of technical information security of requirements of these Licensed conditions there shall be head of the licensee either his deputy or other authorized person of the licensee.
36. On the written appeal of body of licensing the licensee informs on results of licensed activities in the field of technical information security (appendix 15).
37. The licensee in the field of technical information security shall report to body of licensing about change of data (including expansions, narrowings) which are specified in its documents enclosed to the application for receipt of the license for implementation of the licensed activities in the field of technical information security, in time no later than one month from the date of approach of such changes.
38. In case of the planned or unplanned termination of the licensed activities in the field of technical information security (in connection with impossibility of use (lack) of material and technical resources (means of the measuring equipment and control and the equipment, supportive applications, the information (automated) systems and/or technical means of the information processing) necessary for provision of the corresponding types of service in the field of technical information security, emergence of force majeure circumstances, etc.) the licensee for recovery of such activities shall provide fulfillment of requirements of these Licensed conditions.
39. Implementation of licensed activities in the field of technical information security is performed on subjects to information activities.
Production requirements
40. The license applicant or the licensee in the field of technical information security shall have:
regulatory framework (regulatory legal acts, regulating documents in the field of technical information security and internal documents in electronic form or on papers (the acts and documents having access restriction signature stamp, only on papers), providing provision of the corresponding type of service in the field of technical information security. The list of such documents is determined by Administration of Gosspetssvyaz;
own or leased according to long-term agreements (for the term of at least one year) means of the measuring equipment and control and the equipment according to the recommended list of types of the measuring instruments and control and the equipment necessary for provision of services in the field of technical information security which are subject to licensing (appendix 16), supportive applications, the information (automated) systems and/or technical means of information processing in the amount providing provision of the chosen type of service according to requirements of the nation-wide and/or approved with Administration of Gosspetssvyaz work methods of technical information security. Documents (copies) certifying their checking are attached to the lease of means of the measuring equipment;
the information (automated) systems and/or technical means of information processing (in case of receipt of the license for implementation of economic activity on provision of services in the field of technical information security regarding assessment of security of information which is not the state secret, or information of all types, including information which is the state secret - it is obligatory, in case of receipt of the license for implementation of economic activity on provision of services in the field of technical information security regarding identification of mortgage devices - in case of need);
subjects to information activities for holding confidential meetings, discussions and works on technical information security with the complexes of technical information security created and certified on compliance to requirements of regulating documents for technical information security (in case of need);
rooms for work with customers of services, storage of means of the measuring equipment and control, supportive applications and the equipment providing provision of the chosen type of service, processings and document storages developed during provision of services according to the license;
developed taking into account the available hardware providing and the technique of identification of mortgage devices approved with Administration of Gosspetssvyaz (in case of receipt of the license for implementation of economic activity on provision of services in the field of technical information security regarding identification of mortgage devices).
41. The licensee when implementing of the licensed activities in the field of technical information security shall observe requirements of the regulatory legal acts and regulating documents concerning technical information security regulating provision of the chosen types of service.
42. Availability at the licensee of the license for implementation of the licensed activities in the field of technical information security regarding provision of services according to security of information of all types, including information which is the state secret grants to it the right to work on certification of complexes of technical information security on subjects to information activities (objects of electronic computer facilities) and expert evaluations in the field of technical information security of the objects of examination intended for information security of all types including information which is the state secret.
Availability at the licensee of the license for implementation of economic activity in the field of technical information security on provision of services according to security of information which is not the state secret grants to it the right to carrying out only works rather expert estimates in the field of technical information security of the objects of examination intended for the information security which is not the state secret.
43. For implementation of activities in the field of the technical information security which is the state secret, the license applicant or the licensee in the field of technical information security shall have:
the special operating authority, connected with the state secret. The category of the mode of privacy specified in special permission shall correspond to degree of privacy of data which use is provided on the chosen types of service;
the specialists involved (whose attraction is provided) to rendering services in the technical information security which is the state secret with the corresponding admissions which are drawn up on them to the state secret. The form of the admission shall correspond to degree of privacy of data to which such specialists are allowed (their admission is provided);
subjects to information activities for holding confidential meetings, discussions and provision of services in the field of technical information security with the complexes of technical information security created and certified on compliance to requirements of regulating documents for technical information security (in case of need);
the information (automated) systems and/or technical means of processing of the classified information in which the complex system of information security with the confirmed compliance (the certified complex of technical information security) is created. At the same time the category of object of electronic computer facilities and/or subject to information activities where the information (automated) systems and/or technical means of information processing are located, shall correspond to privacy degree (access restriction) of data which use is provided on the chosen type of service in the field of technical information security.
44. Implementation of licensed activities in the field of the technical information security which is the state secret is performed within effective period of the special operating authority, connected with the state secret, and in the presence at the specialists involved to production of such activities, the corresponding admissions to the state secret.
to Licensed conditions
See Appendix 1 (12Kb In original language)
to Licensed conditions
See Appendix 2 (10Kb In original language)
to Licensed conditions
See Appendix 3 (9Kb In original language)
to Licensed conditions
See Appendix 4 (9Kb In original language)
to Licensed conditions
See Appendix 5 (9Kb In original language)
to Licensed conditions
See Appendix 6 (9Kb In original language)
to Licensed conditions
See Appendix 7 (9Kb In original language)
to Licensed conditions
See Appendix 8 (9Kb In original language)
to Licensed conditions
See Appendix 9 (8Kb In original language)
to Licensed conditions
See Appendix 10 (9Kb In original language)
to Licensed conditions
See Appendix 11 (10Kb In original language)
to Licensed conditions
See Appendix 12 (11Kb In original language)
to Licensed conditions
See Appendix 13 (12Kb In original language)
to Licensed conditions
See Appendix 14 (10Kb In original language)
to Licensed conditions
See Appendix 15 (11Kb In original language)
to Licensed conditions
The recommended list of means of the measuring equipment and the control and the equipment necessary for provision of services in the field of technical information security which are subject to licensing of the Measuring instrument and control and the equipment for assessment of security of information (certification of complexes of technical information security)
Measuring instrument and control and equipment for assessment of security of information (certification of complexes of technical information security)
Range analyzer
Generator of test signal, amplifier, screened loudspeaker
Measuring instrument of complete resistance
Acoustic radiator, type 3 (directed, the nondirectional)
The measuring instrument of noise and vibrations (with the microphone and the accelerometer)
Measuring instrument and control and equipment for detection of mortgage devices
The radio detector (panoramic, analyzing) or hardware and software system of detection and measurement of radio emissions, search of mortgage devices
Optical detector of video cameras
__________
Note.
Measuring instrument and control and the equipment shall have technical characteristics which provide provision of the chosen type of service according to requirements of the nation-wide and/or coordinated with Administration of Gosspetssvyaz of techniques of carrying out certain works on technical information security.
Approved by the resolution of the Cabinet of Ministers of Ukraine of November 16, 2016, No. 821
1. Development and creation of design and other technical documentation, production of cryptosystems and means of cryptographic information security (with provision of the right of implementation of activities in the field of the cryptographic information security which is the state secret with provision of the right of implementation of activities in the field of cryptographic protection of office information).
2. Delivery, installation (installation), setup, servicing (maintenance), repair and/or utilization of cryptosystems and means of cryptographic information security (with provision of the right of implementation of activities in the field of the cryptographic information security which is the state secret with provision of the right of implementation of activities in the field of cryptographic protection of office information).
3. Case and expert studies of cryptosystems and means of cryptographic information security (with provision of the right of implementation of activities in the field of the cryptographic information security which is the state secret with provision of the right of implementation of activities in the field of cryptographic protection of office information).
1. Assessment of security of information which is not the state secret.
2. Assessment of security of information of all types, including information which is the state secret.
3. Identification of mortgage devices.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.