"Institute of Engineering Physics" uses Solar appScreener for expert and technical analysis of software for compliance with FSTEC requirements

2021: Applying Solar appScreener to Software Analysis to Meet FSTEC Requirements

The Testing and Certification Center of the Institute of Engineering Physics IOU chose Solar appScreener to conduct software analysis to fulfill the requirements of the FSTEC Russian Information Protection Certification System (SSI). This was announced on August 3, 2021 by Rostelecom-Solar.

The Licensee FSTEC , the Testing and Certification Center of the Institute of Engineering Physics, is responsible for conducting certification tests of information protection tools and issuing technical opinions and protocols containing an safety assessment of the SIS. Based on these documents, the specialized certification body decides to issue a license confirming the compliance of the SIS with all the regulatory requirements of the FSTEC. Russia

Laboratory specialists use Solar appScreener to analyze the security of the software under investigation in terms of identifying vulnerabilities and hidden functionality that can affect the security of the system.

"With the development of cyber threats and technologies for protecting against them, FSTEC strengthens security regulations for various software, including SIS. It is extremely difficult to assess compliance with the current requirements of the FSTEC for these classes of solutions without the use of specialized tools with effective algorithms that ensure high accuracy of vulnerability detection and NDV, "said Yevgeny Alekeslavovich Larionov, head of the analysis group of undeclared capabilities of the software certification laboratory of the testing center and certification of the Institute of Engineering Physics. - We always take a thorough approach to the selection of tools that help us to carry out software analysis, since as a testing laboratory we are responsible for the results of expert and technical opinion. In particular, when choosing a SAST solution (from the English Static Application Security Testing, approx. TAdviser edition), we focused primarily on such important criteria as the effectiveness of analysis algorithms, the wide coverage of supported programming languages ​ ​ and the visual and informative presentation of reported data. "

"Solar Code Analyzer appScreener is the result of many years of experience of a team of information security specialists. We have many projects behind us both as part of the provision of SAST service and various implementations into the customer infrastructure. The experience gained allows us to create a functional product that FSTEC licensees of Russia trust in the tasks of analyzing software security, "said Daniil Chernov, director of the Solar appScreener Center of Rostelecom-Solar.