Solar: GOST VPN

The main articles are:

• VPN and privacy (anonymity)
• Cryptography

2024: Obtaining a certificate of compliance with the first level of personal data security (UZ-1)

The encryption service of communication channels GOST VPN, provided by the Solar Group, received a certificate of compliance with the highest, first level of personal data security (UZ-1) and first class of security of state information systems (K1). The document ensures that security The information processed by the service meets all the requirements of FSTEC. This was announced on October 18, 2024 by representatives of the Solar Group of Companies.

𝓲

"Solar"

The GOST VPN service protects information when transmitted over open communication channels, ensuring the confidentiality and integrity of data. To solve this problem, Solar specialists install special equipment at the customer's site - cryptoslush (as of October 2024, this is the equipment of three Russian vendors certified by the FSB of Russia). Service operation is implemented by service provider experts using a monitoring and management platform. Through it, you can monitor the operability of the equipment, perform its adjustment, update key information, etc.

The obtained certificate suggests that the service management platform itself has the necessary protection class. In particular, the GOST VPN service successfully passed the assessment of compliance with the Order of the FSTEC No17 from the 11.02.2013 on the approval of requirements for the protection of information that is not a state secret contained in state information systems (GIS). As well as the Order of the FSTEC of Russia dated 18.02.2013 No21 on the approval of the composition and content of organizational and technical measures to ensure the security of personal data (PD) when they are processed in information systems.

Usually, special attention is paid to crypto-locks that are installed in the infrastructure of the customer organization - they must be certified by the FSB of Russia for compliance with the requirements for cryptographic information protection tools. But monitoring and management are equally important components of the service. And the security of the platform on which the service is deployed must also be guaranteed. Therefore, we decided on her certification. explained Alexander Veselov, Head of the Network Security Services Development Group of Solar Group

The certified circuit includes monitoring and management system of products of InfoTeCS, Security Code and S-Terra. Customers could previously certify their information systems with the Solar service on the specified equipment, but each such task was accompanied by a large number of formal questions, clarifications, and approvals, which also required confirmation by many documents and certificates of conformity. Now the monitoring and management platform can be considered as a pre-certified segment, which will optimize the process of certification of information systems of clients whose data are protected by the GOST VPN service.

2022: Launch of the "GOST VPN" service

On November 8, 2022 integrated provider , Rostelecom to telecom operators the GOST service VPN for building and operating protected networks offered digital services and solutions. The service allows you to organize secure interaction between geographically distributed objects in any region and comply with the requirements of Russian the law.

The service of encryption of communication channels "GOST VPN" ensures the confidentiality and integrity of data when they are transmitted over open communication channels. To do this, the third class cryptographic information protection tools (CIPF) certified by the FSB of Russia are used, which guarantees a high level of protection and allows organizations to comply with the requirements of federal laws on personal data ( No. 152-FZ) and on the security of critical information infrastructure ( No. 187-FZ).

"GOST VPN" allows you to replenish the product line of telecom operators themselves. Now they can offer a service for building and operating secure networks to their own customers, for example, state bodies, operators, personal data enterprises, power industry companies or financial industries. medicine

The peculiarities of the service are a reduction in the cost of CIPF funds, optimization of the staff of the company's information security service, while Rostelecom assumes responsibility for fulfilling the requirements of regulators.

The company offers telecom operators an optimal solution for building and operating secure networks using when certified cryptographic protection tools information conventional encryption is not enough and it must be provided using crypto algorithms according to GOST. An important feature of the service is its provision according to a proven service model, which guarantees the minimum starting costs of the customer, regular controlled and transparent, payments as well as the absence of costs for the hardware and software part of CIPF, said Natalia Kryuchkova, vice president for work with Rostelecom telecom operators.

The developer of the service is the Russian company RTK-Solar, a national provider of services and technologies for protecting information assets, targeted monitoring and information security management.