Certification (licensing) of means of enciphering
The licensing of activity in the field of enciphering of information performed by FSB of Russia at the request of the Government of the Russian Federation began with Decree No. 334 in 1995 which strictly banned in the country any activity connected with cryptography without licenses and certificates of FAGCI. Obligatory certification of means of enciphering on the Internet is not required only if it is not the state secret. Certification will be required only for the means intended for protection of the data containing a state secret.
"Obligatory certification of means of coding (enciphering) at transmission of messages in an information and telecommunications network the Internet, the data in large quantities applied to protection which are not the state secret including in subscriber devices and base stations of mobile communication, computers, the information and telecommunications network equipment the Internet, on compliance to requirements for security of information is not required", says FSB.
Decree No. 334 of the Government of the Russian Federation of 1995 prohibited:
- use by the state organizations of not certified cryptomeans and also placement of state orders at the enterprises using not certified cryptomeans
- use by commercial banks of not certified cryptomeans in interaction with the Central Bank of the Russian Federation
- the activity of legal entities and physical persons connected with development, production, implementation and operation of cryptographic tools and also rendering any services in the field of enciphering of information
- import to the territory of the Russian Federation of cryptographic tools of foreign production without the permission of FAGCI
In other words, any activity in the field of enciphering and any cryptomeans which do not have the standard certificate were once and for all delivered in our country beyond the law.[1]
That who is keen on such occupation as downloading of free programs of type PGP, TrueCrypt and other encoders of information, or plays about programming in DES, AES style and to them in similar pieces, it is necessary to remember that this activity of the inquisitive student harmless at first sight is actually equated by our government to number of such occupations as production of weapons of mass destruction, drugs or, say, implementation of tests on penetration for the website Ministry of Defence. With respect thereto, for this activity quite specific criminal liability, at least, under the Article 171 of the Criminal Code of the Russian Federation is provided.
To conciliate so hard line of the state concerning cryptography with severe reality, additions and amendments were repeatedly made to the legislation on licensing of cryptographic activity. At the moment the Order of the Government of the Russian Federation of April 16, 2012 N 313 "About licensing of activities for development, production, distribution of cryptographic (cryptographic) tools, information systems and telecommunication systems works...".
Cryptomeans on which in practice not really to perform license actions, including are excluded from licensing:
- the cryptomeans used with cell phones and credit cards
- the cryptomeans used in the commercial television and radio equipment
- the cryptomeans applied in ATMs and cash registers
- the cryptomeans implementing symmetric algorithms of enciphering with key length no more than 56 bits
- the cryptomeans implementing asymmetric encryption algorithms with a length with the maximum key length of 122 or 512 bits (depending on a type of an algorithm)
- etc.
Just in case now carry to cryptographic tools as well means of data coding as use of the word "coding" instead of "enciphering" in technical documentation - a favourite method of a bypass of license restrictions domestic software developers and system integrators.
Licenses of FSB of Russia for cryptographic activity are granted now is termless, but not for 5 years as earlier, and licensing does not extend to the maintenance of cryptomeans executed for own needs now but requirements to qualification of personnel of the licensee became tougher.
For heads and engineering employees of the licensee (whom there have to be not less than 2 people) depending on a type of the licensed cryptographic activity requirements to preparation in the specialty in the "information security" direction in volume from 100 to 1000 classroom hours and to experience from 3 to 5 years are set.
These requirements serve as a stumbling block for many organizations which decided to legalize the activity in the field of cryptography. Not everyone is able to afford to send the employees to professional development course in the field of cybersecurity for a period of a month before half a year.
Notes
See Also
- Certification of conformity of means of communication (CCC)
- Certification (licensing) of means of enciphering
- Safety certificates
- Certification of fiber optic communication
- Certification of Uptime Institute Tier
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |