Federal Service for Technical and Export Control of FSTEC of Russia
Since 2004
Russia
Central Federal District of the Russian Federation
Moscow
105175, st. Staraya Basmannaya, 17
Content |
The Federal Service for Technical and Export Control (FSTEKRossia) is the federal executive body of Russia that implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security.
FSTEC Certification
Main article: Certification of FSTEC
History
2023
FSTEC plans to develop requirements for protection against DDoS and defacements, as well as update the license policy
The Federal Service for Technical and Export Control (FSTEC of Russia) has published[1] the[2] from the plan for its rule-making activities in 2024. In particular, it provides for the development of two draft government resolutions - updates to Resolution No. 79 of February 3, 2012 "On Licensing Activities under TZKI"[3] and No. 171 of March 3, 2012 "On Licensing[4] of Protective[5] This work is scheduled for the third quarter of 2024.
In fact, the requirements for licensees both for the development of means of protecting confidential information (CIPF) and for the provision of services for the technical protection of confidential information (CIPF) have existed since 2012 and are regularly updated. The last significant update was adopted in November 2021, although in February of this year, minor changes were made to both regulations. It is not entirely clear in which direction these requirements will change, but it is already clear that the conditions for protecting information have changed a lot last year, which should be reflected in the regulations.
In addition, eight orders are planned for release, of which two are most interesting for the information security industry. They must approve the requirements for protection against DoS attacks and for the protection of state IPs owned by the Russian Federation, a constituent entity of the Russian Federation or a municipality. They should be developed in the 4th quarter of next year.
The planned order, which will approve the requirements for ensuring the protection of state information systems and significant objects of the CII of the Russian Federation from unauthorized exposure of the "denial of service" type, will most likely be devoted to the correct organization of protection both from attacks on the disabling of the state IS or CII, and from distributed DoS attacks (DDoS). It is quite difficult to protect yourself from the latter, since at least interaction with the telecom operator and receiving services from it to filter parasitic traffic are required, and better - with a specialized company that can filter out traffic as close as possible to its source.
The order approving the requirements for the protection of information contained in state and other information systems owned by the Russian Federation, a constituent entity of the Russian Federation, the municipality is most likely intended to stimulate the protection of the web resources of the authorities. The fact is that since last year, web resources and applications of government agencies have been actively attacked by hackers and change their main page (deface), but there are no requirements for their protection - they are rarely recognized as critical information infrastructure.
Yes, there are requirements for providing truthful and up-to-date information on government web resources, but there are no requirements for protecting published data and the systems where it is stored. This does not allow the authorities to purchase services and equipment to protect their resources, since for such spending from the budget there must be justification and requirements for organizing a tender. The impending order may solve this problem.
FSTEC will create a centralized database to control KII facilities - Putin's decree
The President Russia Vladimir Putin signed a decree that expanded the powers of the Federal Service for Technical and Export Control (FSTEC). The corresponding document was published in November 2023.
According to the decree, FSTEC will create a centralized database, with the help of which it will be easier to control the subjects and objects of the critical information infrastructure (CII). According to the document, the service will have the following powers:
- centralized accounting of information systems (IE) and other CII facilities in the economic sectors within its competence, as well as monitoring of the current state of technical protection of information and ensuring the security of significant CII facilities;
- prompt informing within its competence of the apparatus of federal state authorities (FNIV) and state authorities of the constituent entities of the Russian Federation, FNIV, executive authorities of the regions, local governments and organizations about threats to the security of information and vulnerabilities of IS and other CII facilities, as well as about measures for technical protection against these threats and vulnerabilities;
- development of the scope of its competence together with the devices of FNIV and state authorities of the constituent entities of the Russian Federation, FNIV, executive authorities of the regions, local self-government bodies and organizations processes for managing the technical protection of information and ensuring the security of significant objects of CII, taking into account the industry specifics of these objects (with the exception of processes for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation), and organizes the implementation of these processes;
- organization, within its competence, of interaction between FNIV devices and state authorities of the constituent entities of the Russian Federation, FNIV, executive authorities of regions, local governments and organizations when they implement measures to increase the level of technical security of information and ensure the safety of significant CII facilities;
- assessment of the efficiency of the FNIV devices and state authorities of the constituent entities of the Russian Federation, FNIV, executive authorities of the regions, local governments and organizations for the technical protection of information and ensuring the security of significant CII facilities.
Putin expanded the powers of the FSTEC in case of wartime
On May 22, 2023, President Vladimir Putin signed Decree No. 366 on amending the regulation on the Federal Service for Technical and Export Control. The document appeared on the portal of the official publication of legal[6] the Russian[7] and entered into force on the day of signing.
According to the presidential decree, paragraph 8 of the regulation on the FSTEC, which lists the powers of this organization, is supplemented by a new subparagraph - 65 (1) - as follows:
"forms a list of organizations that are accredited by the FSTEC of Russia or have licenses from the FSTEC of Russia, carry out activities to ensure information security of the Russian Federation and the termination of which in wartime will create prerequisites for disrupting the sustainable functioning of the information infrastructure of the Russian Federation."
According to the legal database "ConsultantPlus," in total the provision on FSTEC in the current current version contains more than 70 different powers of the department[8]. Other sub-paragraphs than the new one, which would mention wartime, are not among them at the moment.
2020: FSTEC recommended government agencies to transfer their systems from Windows 7 to newer versions
On January 22, 2020, TAdviser became aware that FSTEC published a special information message regarding the termination of support for the Windows 7 operating system; government agencies and other organizations that continue to use this system as of January 2020 are recommended to switch to more recent versions of Windows before June 1, 2020. Read more here.
2019: Publication of the current version of the requirements for information protection in state InformSystems
On September 17, 2019, it became known that Federal Service for Technical and Export Control it published changes to the Requirements for the Protection of Non-Secret Information state Contained in State Information Systems. More. here
Notes
- ↑ [https://fstec.ru/dokumenty/vse-dokumenty/plany/vypiska-iz-plana-razrabotki-fstek-rossii-normativnykh-pravovykh-aktov-na-2024-god an extract from
- ↑ plan for the development of regulatory legal acts for 2024 by the FSTEC of Russia]
- ↑ Decree of the Government of the Russian Federation dated February 3, 2012 No. 79 "On Licensing Activities for the Technical Protection of Confidential Information"
- ↑ [https://base.garant.ru/70146250/ Activities for the Development and Production
- ↑ Equipment for Confidential Information]."
- ↑ [http://publication.pravo.gov.ru/document/0001202305220010 acts Decree of the President of
- ↑ Federation of 22.05.2023 ] No. 366
- ↑ dst100082 II. Powers