GOST R 56939-2024 Information Protection. Development of safe software

2026: Effective

In Russia, GOST R 56939-2024 "Information Protection. Development of secure software. General requirements. " TAdviser reviewed the document in early March 2026.

The development of FSTEC Kaspersky Lab V.P. Ivannikov Institute for System Programming of the Russian Academy of Sciences RAS InfoTeCS the standard was attended by Russia, "," (ICP), ",,", "," " Positive TechnologiesRusBITech-Astra Scientific Sber Tech and Technical Center," "" Phobos-NT"(" Information Security Center TsBI ") and" Scientific and Production Association. " Echelon The document introduced by the Technical Committee for Standardization TK 362 "Information Protection" replaced GOST R 56939-2016.

𝓲

Фото: Freepik

The new standard establishes general requirements for the content and procedure of work related to the creation of secure software and the elimination of identified shortcomings. The latter means any non-compliance of the product with the specified requirements or any error made during the design or implementation of the program, which, if it is defective, may cause the failure to fulfill the required functionality or vulnerability.

The adopted document is aimed at software developers and manufacturers, as well as at organizations that assess the compliance of software development processes with established recommendations and standards. The general requirements for developing secure software include: identifying deficiencies (including vulnerabilities) and reducing their number, reducing damage from undetected vulnerabilities, as well as promptly eliminating detected problems. The standard covers the planning of safe software development processes, employee training, formation and presentation of security requirements for software, software configuration management, etc.^[1]

Notes