Jet Infosystems conducted a comprehensive assessment of Novikombank's compliance with the requirements of the Central Bank of the Russian Federation and the PCI DSS standard

2024: Complete Comprehensive Security Analysis Project

On June 17, 2024, Jet Infosystems announced the completion of a comprehensive project to analyze the security of NOVIKOM and assess its compliance with the requirements of the Bank of Russia regulations, GOST 57580.1 and PCI DSS v.3.2.1. As a result of the project, Rostec's subsidiary bank confirmed compliance with information security standards in the financial sector.

As reported, the specialists of the IT company "Jet Infosystems" conducted a survey of business systems, IT infrastructure and information security processes, and also analyzed the security of the internal and external perimeter. Within 90 interviews were conducted on the project and more than 1,500 certificates of compliance were analyzed. Assessment of compliance with the regulatory requirements of the Central Bank of Russia is the responsibility of financial institutions and is carried out once every two years. However, in order to ensure an optimal level of security, NOVIKOM engages an external partner for the annual audit.

The provisions of the Central Bank of Russia No. 683-P, No. 719-P, No. 802-P define technological measures to ensure the safety of financial transactions. One of the requirements of the provisions is the implementation of technical and organizational measures of the national standard GOST 57580.1. For failure to comply with these requirements, the regulator has the right to impose sanctions up to the revocation of licenses.

Also, the specialists of the Jet Infosystems company confirmed that NOVIKOM complies with the international standard for payment card security. PCI DSS is an international security standard created specifically to protect payment card data.

The standard contains a complex of more than 250 different requirements. They should be adhered to by all organizations that store, process and transfer card data of the Mir payment system.

Only companies with QSA (Qualified Security Assessor) status can confirm compliance of the bank with the PCI DSS standard. Therefore, "Jet Infosystems" was chosen to implement the project. In addition, NOVIKOM received recommendations for PCI DSS v4.0 to prepare in advance for the next certification.

Every year we make dozens of similar projects for large Russian banks. We worked with NOVIKOM for the first time, the customer's specialists were interested in the project, promptly and responsibly finalized their IT infrastructure. The comprehensive check made it possible to save the customer's time and give a complete idea of ​ ​ the current state of information security in the organization. For June 2024, we keep in touch with bank employees and advise them on emerging issues comments Alexander Ghosn, Head of PCI DSS Audit Team at Jet Infosystems