GOST R Automated Management Systems for Accounts and Access Rights

Chronicle

2024: GOST approval

On October 31, 2024, it became known that the Federal Agency for Technical Regulation and Metrology approved the new national standard GOST R "Systems for Automated Management of Accounts and Access Rights." The document, developed with the participation of 27 leading information security companies, will enter into force on December 20, 2024.

According to Kommersant, the initiator of the development of the standard was the Solar group of companies. InfoWatch, Gazinformservice, Information Security Center and Sber Tech took part in the discussion of the project through the technical committee for standardization TK 362 "Information Protection." Experts made more than 300 recommendations that were taken into account in the final version of the document.

𝓲

Freepik

Dmitry Bondar, Director of the inRights Department of Solar Group, stressed that the national standard will make it possible to form uniform requirements for IdM systems at the stage of technical assignments, which will significantly reduce labor costs and reduce the implementation time.

The new GOST contains recommendations for unifying various access control systems, building and organizing role models of the organization, managing individual and group access. The document also includes provisions for a user access rights reference matrix for monitoring account changes.

The standard includes the practice of state regulation, recommendations for the formation of a cybersecurity strategy and requirements for existing IdM systems on the market. The practical part is supplemented with applications with typical business process diagrams for creating projects.

Experts note that most Russian IdM systems already comply with the provisions of the standard. The document is especially relevant for organizations managing personal data information systems, state information systems and automated process control systems.^[1]

Notes