R-Vision CII

Main articles:

• Security Information and Event Management (SIEM)
• Critical infrastructure of Russia

2021: Announcement of R-Vision KII software complex

On March 19, 2021, R-Vision, a developer of cybersecurity systems, introduced the R-Vision KII software complex. The product helps entities of critical information infrastructure (CII) build a transparent process to ensure compliance with the requirements of the Federal Law "On Security of Critical Information Infrastructure of the Russian Federation" dated 26.07.2017 No. 187-FZ.

R-Vision CII

According to the company, the law 187-FZ No. defines the basic concepts and principles of providing safety the research and development institute for its sustainable work during, and computer attacks also prescribes the owners of the research and development institute facilities the need to connect to the system GOSSOPKA to inform about the detection, prevention and elimination of the consequences of computer attacks.

The implementation of the provisions of the law is gradually moving forward, but many subjects of the CII are experiencing difficulties. Among the main problems of the organization are the lack of staff and the labor intensity of the categorization process. The CII entities need to collect and process a huge amount of information. In most cases, this is done manually, which leads to errors that are difficult to find and fix. If the information is stored only on paper, there is a risk of data loss.

According to the Decree of the Government of the Russian Federation of April 13, 2019 "On Amending the Decree of the Government of the Russian Federation of February 8, 2018 N 127," the CII subjects had to approve the lists of CII objects to be classified by September 1, 2019. The maximum term for categorizing CII objects should not exceed one year from the date of approval of this list. According to the FSTEC of Russia, the categorization process was completed from 1.5% to 50-60% of the CII subjects, depending on the industry. At the same time, from the second half of this year, the regulator will begin to conduct inspections.

R-Vision CII

As you know, categorization is one of the important tasks, but the implementation of the requirements of the law does not end there. The CII entity must ensure the protection of its significant objects, in accordance with the category of significance, as well as connect to GoSOPKA for notification of computer incidents. noted Igor Smetanev, commercial director of R-Vision

R-Vision KII optimizes the categorization procedure, allowing you to approach it in stages and automate a number of tasks, from the formation of a categorization commission to the preparation of the necessary documents for submission to the FSTEC of Russia. The product has features that allow you to assess the relevance of threats, form a model of threats and violators. The significance category of CII objects is calculated automatically, based on the entered estimates for significance indicators. If a particular indicator is not applicable to the CII object, the expert can submit a justification to the system. Data and categorization results are maintained, allowing for a rapid revision of the category of significance that is required every five years.

If the categorization has already been done, you can import information from spreadsheets or databases into R-Vision CII in order to build further steps to ensure compliance with the requirements of 187-FZ.

Upon completion of the categorization, organizations need to assess the adequacy of existing security measures and improve them if necessary. For each KII object, the system will automatically generate a list of current requirements for it, according to FSTEK order No. 239. Thus, it is possible to conduct an audit to comply with these requirements, form a list of comments and a plan of measures to eliminate them and automatically prepare an Act of inspection of the CII object.

If earlier the ability to categorize, simulate threats and conduct audits for compliance with the requirements of FSTEC Order No. 239 could be purchased as an addition to the R-Vision SGRC platform, now the developer offers these functions as part of a separate R-Vision KII complex. Its capabilities also include asset management, IT infrastructure inventory, accounting for computer incidents and the possibility of bilateral interaction with NCCI, which involves sending information on selected incidents to the GosSOPKA system and receiving response messages, threat, attack and vulnerability data from NCCI.