The state tender for development of the information system "National Certification Center" for ensuring steady functioning of Runet is announced

The information system of the National Certification Center, developed Research Institute "Sunrise" by a subordinate institution, Ministry of Digital Science of Russia is designed to maintain trouble-free operation of the Russian information resources. It ensures the release of TLS certificates using both Russian and other ones. cryptographic algorithms Any legal entity or state authority may obtain one or more TLS certificates free of charge and embed them in its information resources.

2022

Started issuing security certificates for transparency-enabled sites

The National Certification Center (NTC), created within the framework of the federal project "Information Security" of the national program "Digital Economy of Russia" on the basis of the Research Institute "VOSKHOD," began issuing security certificates for sites with support for transparency technology (certificate transparency). The Research Institute "VOSKHOD" announced this on May 23, 2022. This technology provides additional trust in security certificates for sites.

Based on the NTC, we have implemented a technology that allows us to make the issuance of security certificates or TLS certificates transparent to users and domain owners. In addition to ensuring the issuance of the certificates themselves, we additionally publish them in three independent logs - one public and two private. When interacting with the site, browsers "contact" these logs and check whether a certificate has really been issued to this site, "said Andrei Pyanchenko, deputy director of the VOSKHOD Research Institute.

The implementation of certificate transparency technology is based on the fact that all certificates issued by the National Certification Center are written to three independent logs (logs), from which information cannot be deleted after writing due to the use of specialized cryptographic methods. Russian browsers (Atom and Yandex.Browser), when establishing a connection with the site, check that the site certificate is recorded in such logs. If the site certificate does not have log labels, the user will see an unsafe connection warning in the browser and a recommendation not to use the site.

As of May 2022, the NTC is working to create convenient services through which any site owner can check for a certificate on his site in certificate transparency logs.

Work on the development of the National Certification Center continues. For example, in the future, using public journals, any site owner will be able to check the release of certificates for his domain in real time. A special service is created for this purpose. Public journals are one way to make the certification process transparent. This approach allows us to ensure the maximum level of trust in all participants in the process - both from the owner of the web resource and from the Certification Center, ensuring the impossibility of forgery by any of the participants, "said Maxim Rymar, director of the VOSKHOD Research Institute.

In the context of opposition to sanctions the policy, in March Ministry of Digital Science of Russia , on the basis of the National Certification Center, it organized, using, EPGU the issuance the Russian legal of security certificates (TLS certificates) for sites for persons. TLS certificates are required to confirm the legitimacy of sites enciphering and network traffic between the site browser and the user over the protocol. Any HTTPS legal entity or may public authority obtain one or more TLS certificates free of charge and embed them in its information resources. You can get a certificate online through the portal Gosuslug.​

Certificate of conformity of the FSTEC of Russia for the software of the IS "National Certification Center"

On August 4, 2022, the Voskhod Research Institute announced that it had received a certificate of conformity from the FSTEC of Russia for the software of the National Certification Center (NTC) information system, which it created as part of the execution of the instructions of the President of Russia to ensure sustainable interaction of devices in the Russian segment of the Internet.

The certificate issued by FSTEC confirms that the software of the National Certification Center is a software tool with built-in means of protection against unauthorized access to information that does not contain information constituting a state secret.

"The NTC software implements the functions identifications and, authentications the functions of access control and event registration by safety level 4 trust. The FSTEC certificate certifies that the functions information protection in its composition are implemented correctly, "said the director of the Voskhod Research Institute. Maxim Rymar

An information infrastructure has been created to maintain the uptime of Russian information resources

On March 28, 2022, information appeared that Russia an information infrastructure was developed to maintain the uptime of Russian information resources. The information system of the National Certification Center created for this purpose ensures the release TLS of certificates using both Russian and other ones. cryptographic algorithms

"On behalf of the Ministry of Digital Science of Russia, on the basis of the National Certification Center, the Voskhod Research Institute provides an opportunity for Russian site owners to receive security certificates without contacting foreign certification centers, which is relevant in the conditions of the sanctions policy. Any legal entity or public authority may obtain one or more TLS certificates free of charge and embed them in its information resources. You can get a certificate online through the portal of public services within 5 working days, "said Maxim Rymar, acting Director of the Federal State Autonomous Institution of Research Institute" Voskhod. "

TLS/SSL certificates are used to provide a secure HTTPS connection between the Internet resource and the user's browser in order to protect the transmitted data from interception and substitution. In the absence of such a certificate, web browsers block access to the Internet resource. As of March 2022, the work of Russian certificates was supported by the domestic browsers Yandex.brauser and Atom.

The National Certification Center of the Ministry of Digital Science of Russia was created as part of the execution of the order of the President of Russia to ensure sustainable interaction of devices in the Russian segment of the Internet.^[1]

Free TLS certificates will ensure the availability of sites

On March 4, 2022 Ministry of Digital Science of the Russian Federation , they announced that in the near future regulatory legal acts would be adopted regulating the work of the national of the certification center for the free issuance of TLS certificates Russian legal to persons. This will help users maintain safe access to sites that have had TLS revoked. More. here

2019: Tender for the creation of a specialized information system "National Certification Center"

On December 12, 2019, TAdviser became known that a tender for the creation of a specialized information system "National Certification Center" and research on information security requirements in the context of such a system was published on the portal of the Unified Information System in the field of procurement.

As indicated in the technical description, the purpose of the system is to ensure "the stability of the interaction of devices in the Russian segment of the Internet."

"The purpose of the IS NTC is to provide participants Russian in the network segment" Internet with the opportunity to obtain TLS certificates (trust certificates) for identifications information resources belonging to them during electronic interaction, as well as to ensure the possibility of implementing electronic interaction of citizens with information resources of bodies using state power secure protocols with the support of Russian, "the cryptographic algorithms description says.

The competition was announced by the FSBI Research Institute "Sunrise." The contract price will be 229.95 million rubles.

The information system "National Certification Center" will include a main portal and a software and hardware complex; the portal will also need to develop two separate software packages - specialized software for the portal itself and test client software.

The work will be carried out in two stages and in a very short time. The contractor will have to present a description of technical solutions for the IS NTC portal and its security system, as well as develop interactive prototypes of the portal user interfaces. All this is within 10 days of the conclusion of the contract.

At the second stage, work is carried out to directly develop the portal, as well as program and operational documentation, integration with external IEs and conduct case studies to assess the impact of the National Certification Center system software on the regular functioning of cryptographic protection tools information and conduct certification tests of the IS NUC software for compliance with the requirements. FSTEC Russia

No more than 70 calendar days shall pass from the start date of works on the second stage to their completion.

The document states that the IS NTC portal and the modules included in it should provide automation of such procedures as registration and authentication of IS NTC users; processing of requests of registered users for issuance and cancellation of trust certificates; publication of the register of issued trust certificates, as well as the root trust certificate of the IS NTC and the current list of canceled trust certificates.

Registration and authentication on the portal should be possible using the web interface on the Portal website using the Unified Identification and Authentication System (hereinafter - ESIA), in an automated mode, through SMEV.

Processing of requests of registered users of the IS NUC for issuance and cancellation of trust certificates shall include automated verification of the correctness of the request data and compliance of the format and content of the request with the requirements of the IS NUC; manual verification of the user's credentials and certification of verified requests when transmitting to the PAK TC IS NTC.

The publication of information on the trust certificates issued by the IS NUC, as well as the root trust certificate and the current list of canceled trust certificates, should be carried out on the Portal of the IS NUC in accordance with the schedule.

It is stipulated that the portal software should provide the functionality of interaction with external information systems through the data reception and transmission API.

As grounds for creating a system in the draft contract, the Agreement on the provision from the federal budget to the federal state budgetary institution "Research Institute "Sunrise" subsidies in accordance with paragraph 2 of paragraph 1 of Article 78.1 of the Budget Code of the Russian Federation No. 071-02-2019-008 and the Technical Assignment for the Implementation of the Result of the 1.47 "A national certification center has been created to ensure the stability of interaction between devices in the Russian segment of the Internet" event 05.02.001.005.008 "Creation of a national certification center, to ensure the stability of interaction between devices in the Russian segment of the Internet and Minutes of the meeting of the Government Commission on the Use of Information Technologies to Improve the Quality of Life and Business Conditions of December 18, 2017 No. 2.

The draft also stipulates that the contractor should be guided by such federal laws as No. 149-FZ "On Information, Information Technologies and Information Protection" from 27.07.2006; No. 152-FZ "On Personal Data" from 27.07.2006; as well as Decree of the Government of the Russian Federation of 06.07.2015 No. 676 "On Requirements to the Procedure for Creation, development, commissioning, operation and decommissioning of state information systems and further storage of information contained in their databases, " Order of the President of the Russian Federation dated 16.07.2016 No. Pr-1380, item 1 "On ensuring the development and implementation of a set of measures, necessary for the transition of authorities to the use of Russian cryptographic algorithms and encryption means "and order of the FSTEC of Russia of 11.02.2013 No. 17" On approval of requirements for the protection of information that is not a state secret contained in state information systems. "

The development will also have to comply with state standards describing software and design documentation (GOST 19 and 2 series, respectively, as well as GOSTs describing automated systems, cryptographic information protection and electronic digital signature.

The creation of such a system naturally stems from the need to ensure the stability of the Runet, regardless of what it can be violated in theory. This is a matter of national security. Such a system should comply with all approved standards and GOSTs related to information security, and be as resistant as possible to any attempts to illegitimate influence on it, indicates Dmitry Gvozdev, CEO of Information Technologies of the Future

The software components used in the development of the IS NTC Portal will have to comply with the requirements of the Decree of the Government of the Russian Federation No. 1236 of November 16, 2015 "On the establishment of bans on the admission of software originating from foreign countries for the purpose of procurement to meet state and municipal needs" - that is, all programs must be of Russian origin.

Applications are accepted until December 30; the winner must be determined on January 10, 2020. The deadline for the contract is April 30, 2020.

In early November 2019, it became known that from 2020, the Voskhod Research Institute will constantly open a stand for testing for compatibility of various software configurations for civil servants. Software from the Register of Domestic Software will be investigated. In the "iron" part of the stand, Russian processors still have a place only on computers - not on servers. Testing itself will begin in 2020.

Notes